1fanwang opened a new issue, #66793: URL: https://github.com/apache/airflow/issues/66793
### Description Airflow has a cluster-policy framework (`task_policy`, `dag_policy`, `task_instance_mutation_hook` in `airflow.policies`) that lets deployment managers enforce rules at DagBag load time — banned operator classes, required tags, required owners, etc. Violations raise `AirflowClusterPolicyViolation`, which the dag processor logs and surfaces as a DAG-import error. This is too late in the loop. By the time the violation shows up: 1. The author has already merged + pushed. 2. The dag is broken in the UI (import error banner). 3. Other authors are blocked if the dag-bundle's import errors compound. There is no CLI command to run the cluster policies *against a local DAG file* as a pre-merge / pre-push check. Authors who want to validate locally have to spin up a full Airflow environment with their policy package installed. ### Use case / motivation - CI pre-merge gate that fails the PR if a new DAG violates a cluster policy, before the policy violation lands in the deployed Dag bundle. - Local-loop validation: `airflow dags policy-check my_dag.py` returns exit 0 / 1 with violation messages. - Plugin authors writing new cluster policies can unit-test them against a fixture DAG file via the same CLI. ### Proposal Add `airflow dags policy-check <DAG_FILE>` to the CLI. The command: 1. Loads `airflow_local_settings` so user-registered policies are discovered. 2. Parses the DAG file via the same path the dag processor uses (`DagFileProcessor` factored to expose a "parse + apply policies" helper). 3. Captures `AirflowClusterPolicyViolation` per (dag_id, task_id) instead of bailing on first violation. 4. Prints a structured report (one violation per line, machine-readable via `--format json`) and exits non-zero if any violations exist. ### Related issues _No response_ ### Are you willing to submit a PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's Code of Conduct -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
