Skip to content

Commit 3d958ad

Browse files
Lee-WLee-W
committed
feat(AIP-84): add auth to /execution/assets endpoints
1 parent 62969b6 commit 3d958ad

File tree

2 files changed

+33
-9
lines changed

2 files changed

+33
-9
lines changed

airflow/api_fastapi/execution_api/routes/assets.py

+3-1
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,12 @@
1919

2020
from typing import Annotated
2121

22-
from fastapi import HTTPException, Query, status
22+
from fastapi import Depends, HTTPException, Query, status
2323
from sqlalchemy import select
2424

2525
from airflow.api_fastapi.common.db.common import SessionDep
2626
from airflow.api_fastapi.common.router import AirflowRouter
27+
from airflow.api_fastapi.core_api.security import requires_access_asset
2728
from airflow.api_fastapi.execution_api.datamodels.asset import AssetResponse
2829
from airflow.models.asset import AssetModel
2930

@@ -33,6 +34,7 @@
3334
status.HTTP_404_NOT_FOUND: {"description": "Asset not found"},
3435
status.HTTP_401_UNAUTHORIZED: {"description": "Unauthorized"},
3536
},
37+
dependencies=[Depends(requires_access_asset("GET"))],
3638
)
3739

3840

tests/api_fastapi/execution_api/routes/test_assets.py

+30-8
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828

2929

3030
class TestGetAssetByName:
31-
def test_get_asset_by_name(self, client, session):
31+
def test_get_asset_by_name(self, test_client, session):
3232
asset = AssetModel(
3333
id=1,
3434
name="test_get_asset_by_name",
@@ -44,7 +44,7 @@ def test_get_asset_by_name(self, client, session):
4444
session.add_all([asset, asset_active])
4545
session.commit()
4646

47-
response = client.get("/execution/assets/by-name", params={"name": "test_get_asset_by_name"})
47+
response = test_client.get("/execution/assets/by-name", params={"name": "test_get_asset_by_name"})
4848

4949
assert response.status_code == 200
5050
assert response.json() == {
@@ -58,8 +58,8 @@ def test_get_asset_by_name(self, client, session):
5858
session.delete(asset_active)
5959
session.commit()
6060

61-
def test_asset_name_not_found(self, client):
62-
response = client.get("/execution/assets/by-name", params={"name": "non_existent"})
61+
def test_asset_name_not_found(self, test_client):
62+
response = test_client.get("/execution/assets/by-name", params={"name": "non_existent"})
6363

6464
assert response.status_code == 404
6565
assert response.json() == {
@@ -69,9 +69,21 @@ def test_asset_name_not_found(self, client):
6969
}
7070
}
7171

72+
def test_get_config_should_response_401(self, unauthenticated_test_client):
73+
response = unauthenticated_test_client.get(
74+
"/execution/assets/by-name", params={"name": "test_get_asset_by_name"}
75+
)
76+
assert response.status_code == 401
77+
78+
def test_get_config_should_response_403(self, unauthorized_test_client):
79+
response = unauthorized_test_client.get(
80+
"/execution/assets/by-name", params={"name": "test_get_asset_by_name"}
81+
)
82+
assert response.status_code == 403
83+
7284

7385
class TestGetAssetByUri:
74-
def test_get_asset_by_uri(self, client, session):
86+
def test_get_asset_by_uri(self, test_client, session):
7587
asset = AssetModel(
7688
name="test_get_asset_by_uri",
7789
uri="s3://bucket/key",
@@ -84,7 +96,7 @@ def test_get_asset_by_uri(self, client, session):
8496
session.add_all([asset, asset_active])
8597
session.commit()
8698

87-
response = client.get("/execution/assets/by-uri", params={"uri": "s3://bucket/key"})
99+
response = test_client.get("/execution/assets/by-uri", params={"uri": "s3://bucket/key"})
88100

89101
assert response.status_code == 200
90102
assert response.json() == {
@@ -98,8 +110,8 @@ def test_get_asset_by_uri(self, client, session):
98110
session.delete(asset_active)
99111
session.commit()
100112

101-
def test_asset_uri_not_found(self, client):
102-
response = client.get("/execution/assets/by-uri", params={"uri": "non_existent"})
113+
def test_asset_uri_not_found(self, test_client):
114+
response = test_client.get("/execution/assets/by-uri", params={"uri": "non_existent"})
103115

104116
assert response.status_code == 404
105117
assert response.json() == {
@@ -108,3 +120,13 @@ def test_asset_uri_not_found(self, client):
108120
"reason": "not_found",
109121
}
110122
}
123+
124+
def test_get_config_should_response_401(self, unauthenticated_test_client):
125+
response = unauthenticated_test_client.get(
126+
"/execution/assets/by-uri", params={"uri": "s3://bucket/key"}
127+
)
128+
assert response.status_code == 401
129+
130+
def test_get_config_should_response_403(self, unauthorized_test_client):
131+
response = unauthorized_test_client.get("/execution/assets/by-uri", params={"uri": "s3://bucket/key"})
132+
assert response.status_code == 403

0 commit comments

Comments
 (0)