The GitHub Actions job "Tests (AMD)" on airflow.git/omkhar/edge3-bind-team-name-in-jwt has failed. Run started by GitHub user omkhar (triggered by omkhar).
Head commit for run: 4c23d36cb88ae0f650c1c73e634dbedf8d8acda4 / Omkhar Arasaratnam <[email protected]> edge3: bind team_name into worker JWT (defense-in-depth for experimental multi-team) Defense-in-depth for the experimental edge3 multi-team feature. Worker team_name is currently sent in request bodies only and trusted by the server. This change binds team_name into the JWT at issue time and rejects requests where the body's team_name disagrees with the JWT's. Legacy pre-team-claim workers (no team_name claim in the JWT) keep the current body-only path for backwards compatibility. The Execution API's team-isolation contract is unchanged. It is still documented as experimental and not enforced cross-team (see airflow-core/docs/security/workload.rst section 'No team-level isolation in Execution API'). This patch closes a specific JWT-vs-body-mismatch gap ahead of the future team-isolation work referenced in that document. Tests: 4-case validation (cross-team rejected with 403, JWT-team used when body omits team_name, legitimate match succeeds, legacy backcompat path). Signed-off-by: Omkhar Arasaratnam <[email protected]> Report URL: https://github.com/apache/airflow/actions/runs/26349756464 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
