The GitHub Actions job "Tests (AMD)" on airflow.git/f-008-collect-teams-fail-closed has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: f0d28ed81c4feb42e6759bb2c83f1a15bef20985 / Jarek Potiuk <[email protected]> Reject malformed bodies in core_api authz helpers with 400 Builds on the previous fail-closed change in _collect_teams_to_check. Two follow-ups from review: * On JSONDecodeError, raise HTTP 400 directly instead of falling through to a team=None auth call — clearer failure mode and removes any ambiguity about whether authz ran. * Reject non-string `team_name` (in _collect_teams_to_check) and non-string `dag_id` (in requires_access_backfill) from the raw body with HTTP 400 before any authz decision or DB lookup. Without this, a list / dict / int / bool would flow into Team.get_name_if_exists, requires_access_dag, or the existence lookup with undefined behaviour or type-confused authz decisions. Both helpers still read the raw body before Pydantic body validation runs on the endpoint handler, so this is defense-in-depth: every current POST/PUT route uses a Pydantic body model and FastAPI returns 422 before the auth dependency runs on a malformed body. Tests: existing parse-failure test renamed and updated to assert 400; new parametrised tests cover integer / list / dict / bool inputs for both team_name and dag_id. Report URL: https://github.com/apache/airflow/actions/runs/26089992030 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
