Skip to content

[v3-2-test] Apply requires_access_event_log to GET /eventLogs list endpoint (#67185)#67211

Merged
vatsrahul1001 merged 2 commits into
v3-2-testfrom
backport-b28681f-v3-2-test
May 20, 2026
Merged

[v3-2-test] Apply requires_access_event_log to GET /eventLogs list endpoint (#67185)#67211
vatsrahul1001 merged 2 commits into
v3-2-testfrom
backport-b28681f-v3-2-test

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented May 19, 2026

  • Apply requires_access_event_log to GET /eventLogs list endpoint

  • Fail closed on non-integer event_log_id; fix list-endpoint test mock

requires_access_event_log silently swallowed ValueError on non-integer
event_log_id and fell through to the generic AUDIT_LOG check. Raise
HTTPException(400) instead — matches the fail-closed pattern used by
requires_access_backfill.

Also fix test_requires_access_event_log_no_path_param_uses_generic_check:
the test mocked request.path_params = {} but left request.query_params
as an auto-created Mock attribute, whose .get("dag_id") returned a Mock
(truthy non-None). requires_access_dag then resolved dag_id to that
Mock and called is_authorized_dag with the wrong DagDetails. Mock both
path_params and query_params as empty dicts.

(cherry picked from commit b28681f)

Co-authored-by: Pierre Jeambrun pierrejbrun@gmail.com
Co-authored-by: Rahul Vats 43964496+vatsrahul1001@users.noreply.github.com
Co-authored-by: vatsrahul1001 rah.sharma11@gmail.com

@pierrejeambrun @vatsrahul1001
[v3-2-test] Apply requires_access_event_log to GET /eventLogs list en…
2e0059d 
…dpoint (#67185)

* Apply requires_access_event_log to GET /eventLogs list endpoint

* Fail closed on non-integer event_log_id; fix list-endpoint test mock

requires_access_event_log silently swallowed ValueError on non-integer
event_log_id and fell through to the generic AUDIT_LOG check. Raise
HTTPException(400) instead — matches the fail-closed pattern used by
requires_access_backfill.

Also fix test_requires_access_event_log_no_path_param_uses_generic_check:
the test mocked request.path_params = {} but left request.query_params
as an auto-created Mock attribute, whose .get("dag_id") returned a Mock
(truthy non-None). requires_access_dag then resolved dag_id to that
Mock and called is_authorized_dag with the wrong DagDetails. Mock both
path_params and query_params as empty dicts.

---------
(cherry picked from commit b28681f)

Co-authored-by: Pierre Jeambrun <pierrejbrun@gmail.com>
Co-authored-by: Rahul Vats <43964496+vatsrahul1001@users.noreply.github.com>
Co-authored-by: vatsrahul1001 <rah.sharma11@gmail.com>
@github-actions github-actions Bot mentioned this pull request May 19, 2026
Merged
1 task
@boring-cyborg boring-cyborg Bot added the area:API Airflow's REST/HTTP API label May 19, 2026
@vatsrahul1001 vatsrahul1001 added this to the Airflow 3.2.2 milestone May 20, 2026
@vatsrahul1001 vatsrahul1001 added the type:bug-fix Changelog: Bug Fixes label May 20, 2026
@vatsrahul1001 vatsrahul1001 marked this pull request as ready for review May 20, 2026 04:03
@vatsrahul1001 vatsrahul1001 merged commit d555882 into v3-2-test May 20, 2026
135 of 142 checks passed
@vatsrahul1001 vatsrahul1001 deleted the backport-b28681f-v3-2-test branch May 20, 2026 05:18
vatsrahul1001 added a commit that referenced this pull request May 20, 2026
@github-actions @pierrejeambrun @vatsrahul1001
[v3-2-test] Apply requires_access_event_log to GET /eventLogs list en…
5148057 
…dpoint (#67185) (#67211)

* Apply requires_access_event_log to GET /eventLogs list endpoint

* Fail closed on non-integer event_log_id; fix list-endpoint test mock

requires_access_event_log silently swallowed ValueError on non-integer
event_log_id and fell through to the generic AUDIT_LOG check. Raise
HTTPException(400) instead — matches the fail-closed pattern used by
requires_access_backfill.

Also fix test_requires_access_event_log_no_path_param_uses_generic_check:
the test mocked request.path_params = {} but left request.query_params
as an auto-created Mock attribute, whose .get("dag_id") returned a Mock
(truthy non-None). requires_access_dag then resolved dag_id to that
Mock and called is_authorized_dag with the wrong DagDetails. Mock both
path_params and query_params as empty dicts.

---------
(cherry picked from commit b28681f)

Co-authored-by: Pierre Jeambrun <pierrejbrun@gmail.com>
Co-authored-by: Rahul Vats <43964496+vatsrahul1001@users.noreply.github.com>
Co-authored-by: vatsrahul1001 <rah.sharma11@gmail.com>
vatsrahul1001 added a commit that referenced this pull request May 20, 2026
@github-actions @pierrejeambrun @vatsrahul1001
[v3-2-test] Apply requires_access_event_log to GET /eventLogs list en…
bff7b55 
…dpoint (#67185) (#67211)

* Apply requires_access_event_log to GET /eventLogs list endpoint

* Fail closed on non-integer event_log_id; fix list-endpoint test mock

requires_access_event_log silently swallowed ValueError on non-integer
event_log_id and fell through to the generic AUDIT_LOG check. Raise
HTTPException(400) instead — matches the fail-closed pattern used by
requires_access_backfill.

Also fix test_requires_access_event_log_no_path_param_uses_generic_check:
the test mocked request.path_params = {} but left request.query_params
as an auto-created Mock attribute, whose .get("dag_id") returned a Mock
(truthy non-None). requires_access_dag then resolved dag_id to that
Mock and called is_authorized_dag with the wrong DagDetails. Mock both
path_params and query_params as empty dicts.

---------
(cherry picked from commit b28681f)

Co-authored-by: Pierre Jeambrun <pierrejbrun@gmail.com>
Co-authored-by: Rahul Vats <43964496+vatsrahul1001@users.noreply.github.com>
Co-authored-by: vatsrahul1001 <rah.sharma11@gmail.com>
vatsrahul1001 added a commit that referenced this pull request May 21, 2026
@github-actions @pierrejeambrun @vatsrahul1001
[v3-2-test] Apply requires_access_event_log to GET /eventLogs list en…
b691f95 
…dpoint (#67185) (#67211)

* Apply requires_access_event_log to GET /eventLogs list endpoint

* Fail closed on non-integer event_log_id; fix list-endpoint test mock

requires_access_event_log silently swallowed ValueError on non-integer
event_log_id and fell through to the generic AUDIT_LOG check. Raise
HTTPException(400) instead — matches the fail-closed pattern used by
requires_access_backfill.

Also fix test_requires_access_event_log_no_path_param_uses_generic_check:
the test mocked request.path_params = {} but left request.query_params
as an auto-created Mock attribute, whose .get("dag_id") returned a Mock
(truthy non-None). requires_access_dag then resolved dag_id to that
Mock and called is_authorized_dag with the wrong DagDetails. Mock both
path_params and query_params as empty dicts.

---------
(cherry picked from commit b28681f)

Co-authored-by: Pierre Jeambrun <pierrejbrun@gmail.com>
Co-authored-by: Rahul Vats <43964496+vatsrahul1001@users.noreply.github.com>
Co-authored-by: vatsrahul1001 <rah.sharma11@gmail.com>
@vatsrahul1001 vatsrahul1001 mentioned this pull request May 21, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ephraimbuddy ephraimbuddy Awaiting requested review from ephraimbuddy ephraimbuddy is a code owner

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun pierrejeambrun is a code owner

@rawwar rawwar Awaiting requested review from rawwar rawwar is a code owner

@jason810496 jason810496 Awaiting requested review from jason810496 jason810496 is a code owner

@bugraoz93 bugraoz93 Awaiting requested review from bugraoz93 bugraoz93 is a code owner

@shubhamraj-git shubhamraj-git Awaiting requested review from shubhamraj-git shubhamraj-git is a code owner

@choo121600 choo121600 Awaiting requested review from choo121600 choo121600 is a code owner

Assignees

No one assigned

Labels

area:API Airflow's REST/HTTP API type:bug-fix Changelog: Bug Fixes

Projects

None yet

Milestone

Airflow 3.2.2

Development

Successfully merging this pull request may close these issues.

2 participants

@vatsrahul1001 @pierrejeambrun