(airflow) branch main updated: Fix s3_tables system test: use CDK-provided ACCOUNT_ID for bucket policy (#66972)

Fri, 15 May 2026 08:42:04 -0700 

This is an automated email from the ASF dual-hosted git repository.

vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 171f6130247 Fix s3_tables system test: use CDK-provided ACCOUNT_ID for 
bucket policy (#66972)
171f6130247 is described below

commit 171f61302475c644773cd3207c4cb885bc0c814c
Author: Sean Ghaeli <[email protected]>
AuthorDate: Fri May 15 08:41:50 2026 -0700

    Fix s3_tables system test: use CDK-provided ACCOUNT_ID for bucket policy 
(#66972)
    
    The S3 Tables PutTableBucketPolicy API rejects empty Statement arrays
    and public policies. Use the ACCOUNT_ID from the CDK SSM parameter
    (standard SystemTestContextBuilder pattern) to build a valid policy.
---
 providers/amazon/tests/system/amazon/aws/example_s3_tables.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/providers/amazon/tests/system/amazon/aws/example_s3_tables.py 
b/providers/amazon/tests/system/amazon/aws/example_s3_tables.py
index 9c53da23087..ba71d496a0f 100644
--- a/providers/amazon/tests/system/amazon/aws/example_s3_tables.py
+++ b/providers/amazon/tests/system/amazon/aws/example_s3_tables.py
@@ -42,7 +42,9 @@ from system.amazon.aws.utils import ENV_ID_KEY, 
SystemTestContextBuilder
 
 DAG_ID = "example_s3_tables"
 
-sys_test_context_task = SystemTestContextBuilder().build()
+ACCOUNT_ID_KEY = "ACCOUNT_ID"
+
+sys_test_context_task = 
SystemTestContextBuilder().add_variable(ACCOUNT_ID_KEY).build()
 
 SCHEMA = {
     "iceberg": {
@@ -63,6 +65,7 @@ with DAG(
 ) as dag:
     test_context = sys_test_context_task()
     env_id = test_context[ENV_ID_KEY]
+    account_id = test_context[ACCOUNT_ID_KEY]
 
     bucket_name = f"{env_id}-s3tables"
     namespace = f"{env_id}_ns"
@@ -87,7 +90,7 @@ with DAG(
     put_policy = S3TablesPutTableBucketPolicyOperator(
         task_id="put_table_bucket_policy",
         table_bucket_arn=create_table_bucket.output,
-        resource_policy='{"Version":"2012-10-17","Statement":[]}',
+        
resource_policy=f'{{"Version":"2012-10-17","Statement":[{{"Sid":"TestPolicy","Effect":"Allow","Principal":{{"AWS":"arn:aws:iam::{account_id}:root"}},"Action":"s3tables:GetTable","Resource":"*"}}]}}',
     )
     # [END howto_operator_s3tables_put_table_bucket_policy]

Reply via email to