The GitHub Actions job "Tests" on airflow.git has failed. Run started by GitHub user ashb (triggered by ashb).
Head commit for run: 8082a2d4dd0713e74f9e77ae8ccac65a9e57a91e / Ash Berlin-Taylor <[email protected]> Add JWT validation and generation machinery for the Task Execution API to use Since requests to Task Execution API can originate out-of-"cluser" so to speak, this PR re-works the JWTSigner class so that it is possible to use public/private keys (vs just a simple pre-shared secret). This is useful in many cloud environments where many companies have security requirements that ingress gateways must validate the JWT tokens on the way in, and the only way of doing this is with public keys So that we don't have two different ways of generating JWT tokens I have totally replaced the old "JWTSigner" class (which it turns out didn't have any unit test of its own, it was only tested indirectly through test_serve_logs etc). As part of this change I have also changed the JWT that was generated by the SimpleAuthManager and the AwsAuthManager (the only two we have that use JWT) to use the offical `sub` (subject) clain to place the user identifer rather than a custom claim name. And although it might seem slightly strange at first, I have made the JWTValidator an async class internally. (Hence `avalidated_claims` -- the `a` prefix signifies async, much like `aclose` or `aread` on HTTPX async responses). This allows us to periodically refresh the JWK document if configured in the background, and using asgiref's async_to_sync means we only have one version. And also conviently, this is the same tech that FastAPI uses, which means when this is called from within a FastAPI app, rather than creating a new/nested event loop it will "bubble out" to the main async loop that FastAPI is using. Report URL: https://github.com/apache/airflow/actions/runs/13465252528 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
