[PR] API: Return 400 instead of 500 from materialize_asset on invalid input [airflow]

Sun, 24 May 2026 15:03:00 -0700 


dkranchii opened a new pull request, #67445:
URL: https://github.com/apache/airflow/pull/67445

   The `POST /assets/{asset_id}/materialize` endpoint passed user input 
(`dag_run_id`, `logical_date` / `data_interval` pairing, `partition_key`) 
straight through to `MaterializeAssetBody.validate_context()` and 
`dag.create_dagrun()`. Those raise `ValueError` / `ParamValidationError` on 
invalid input — e.g. `dag_run_id` containing `..` (path-traversal guard in 
`DagRun.validate_run_id`), `logical_date` set with no `data_interval`, or a 
`partition_key` of the wrong type. The exceptions escaped uncaught and were 
returned as **500 Internal Server Error**, even though the route's OpenAPI spec 
already documents **400** for this case.
   
   This wraps the `validate_context` / `create_dagrun` calls in a `try/except 
(ParamValidationError, ValueError)` and re-raises as `HTTPException(400)` with 
the validator's message in the `detail`. Mirrors the established pattern in the 
sibling endpoint 
`airflow.api_fastapi.core_api.routes.public.dag_run.trigger_dag_run`.
   
   ### Reproduction (before)
   
       POST /assets/1/materialize
       {"dag_run_id": "bad..id"}
       → 500 Internal Server Error
   
   ### After
   
       POST /assets/1/materialize
       {"dag_run_id": "bad..id"}
       → 400 Bad Request
         {"detail": "The run_id 'bad..id' must not contain '..' to prevent path 
traversal"}
   
   ### Tests
   
   Adds 
`TestPostAssetMaterialize::test_should_respond_400_on_invalid_dag_run_id` 
asserting the endpoint returns 400 with the validator's message. The test fails 
(returns 500) on the unpatched code.
   
   ### Related
   
   - `AGENTS.md` rule added in #67221: *"Translate domain-layer exceptions to 
HTTPException at FastAPI route boundaries."*
   - Sibling pattern: 
`airflow.api_fastapi.core_api.routes.public.dag_run.trigger_dag_run`.
   
   ---
   
   ##### Was generative AI tooling used to co-author this PR?
   
   - [X] Yes — (Cursor) used to test the gap 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to