jedcunningham commented on code in PR #62737:
URL: https://github.com/apache/airflow/pull/62737#discussion_r2874804892
##########
providers/fab/tests/unit/fab/auth_manager/security_manager/test_override.py:
##########
@@ -32,6 +34,45 @@ def __init__(self):
class TestFabAirflowSecurityManagerOverride:
+
@mock.patch("airflow.providers.fab.auth_manager.security_manager.override.log")
+ def
test_add_permission_to_role_ignores_duplicate_from_concurrent_worker(self,
mock_log):
+ sm = EmptySecurityManager()
+ role = Mock(id=1, name="test_admin", permissions=[])
+ permission = Mock(id=2)
+
+ mock_session = Mock()
+ mock_session.merge.side_effect = IntegrityError("stmt", {},
Exception("Duplicate entry"))
Review Comment:
```suggestion
mock_session.commit.side_effect = IntegrityError("stmt", {},
Exception("Duplicate entry"))
```
commit is what will raise, not merge.
##########
providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py:
##########
@@ -1739,10 +1740,29 @@ def add_permission_to_role(self, role: Role,
permission: Permission | None) -> N
self.session.merge(role)
self.session.commit()
log.info(const.LOGMSG_INF_SEC_ADD_PERMROLE, permission,
role.name)
+ except IntegrityError:
+ self.session.rollback()
+ if self._is_permission_assigned_to_role(role_id=role.id,
permission_id=permission.id):
+ log.debug("Permission '%s' already assigned to role '%s'",
permission, role.name)
+ else:
+ log.error(const.LOGMSG_ERR_SEC_ADD_PERMROLE, "Failed to
assign permission after rollback")
Review Comment:
This log message is a bit misleading. It implies it wasnt able to set the
perm _after_ the rollback, but it doesn't try. It just observes the perm is
_not_ set after the rollback. And, the context here isn't obvious when you see
the log - why is it rolling back?
Also, might be nice to emit the perm/role here as well.
##########
providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py:
##########
@@ -1739,10 +1740,29 @@ def add_permission_to_role(self, role: Role,
permission: Permission | None) -> N
self.session.merge(role)
self.session.commit()
log.info(const.LOGMSG_INF_SEC_ADD_PERMROLE, permission,
role.name)
+ except IntegrityError:
+ self.session.rollback()
+ if self._is_permission_assigned_to_role(role_id=role.id,
permission_id=permission.id):
+ log.debug("Permission '%s' already assigned to role '%s'",
permission, role.name)
+ else:
+ log.error(const.LOGMSG_ERR_SEC_ADD_PERMROLE, "Failed to
assign permission after rollback")
except Exception as e:
log.error(const.LOGMSG_ERR_SEC_ADD_PERMROLE, e)
self.session.rollback()
+ def _is_permission_assigned_to_role(self, role_id: int | None,
permission_id: int | None) -> bool:
+ """Check if the permission is already assigned to the role."""
+ if role_id is None or permission_id is None:
+ return False
+ return bool(
+ self.session.scalar(
+ select(assoc_permission_role.c.id).where(
Review Comment:
Why not an `exists()`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
