stegololz opened a new pull request, #62471:
URL: https://github.com/apache/airflow/pull/62471
Part of #62252
## Summary
`GET /ui/teams` returned HTTP 500 for all users when the Keycloak auth
manager was active. The base class `is_authorized_team()` raises
`NotImplementedError` and `KeycloakAuthManager` was missing an override.
This PR fixes the issue by introducing `Team` as a Keycloak
resource and implementing the missing `is_authorized_team()` method:
- `resources.py`: add `TEAM = "Team"` to `KeycloakResource`
- `keycloak_auth_manager.py`: add `TEAM` to `TEAM_SCOPED_RESOURCES`,
implement `is_authorized_team()` delegating to the Keycloak UMA endpoint
- `commands.py`: add `Team:{team}` to the `ReadOnly-{team}` scope-based
permission so all team members (Viewer, User, Op, Admin) receive
`Team:{team}#LIST` access; SuperAdmin gets it via the global `Admin`
permission
- `test_keycloak_auth_manager.py`: extend all existing parametrized test
groups to cover `is_authorized_team`
## Gen-AI
This PR was developed with assistance from Claude Code (Anthropic).
All generated code has been reviewed and tested locally before submission.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
