stegololz commented on code in PR #61351:
URL: https://github.com/apache/airflow/pull/61351#discussion_r2804356632
##########
providers/keycloak/src/airflow/providers/keycloak/auth_manager/keycloak_auth_manager.py:
##########
@@ -368,9 +396,24 @@ def _is_authorized(
elif method == "GET":
method = "LIST"
+ is_multi_team = conf.getboolean("core", "multi_team", fallback=False)
+ is_team_scoped = resource_type in TEAM_SCOPED_RESOURCES
+ is_teamless = team_name is None
+
+ # Team-scoped resources require a team, except for LIST which uses
global permission.
+ if is_multi_team and is_team_scoped and is_teamless and method !=
"LIST":
+ raise ValueError("Missing team_name for team-scoped resource in
multi-team mode.")
Review Comment:
I tested removing the check and it behave as expected.
I also simplified the code accordingly. Since resource naming is now a small
conditional I removed _get_resource_name and inlined the logic directly in
_is_authorized for readability.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
