Reject invalid partition keys in the create asset events API#69453
Merged
Conversation
jason810496
reviewed
Jul 7, 2026
jason810496
left a comment
Member
There was a problem hiding this comment.
IIUC, introducing Field would be sufficient enough.
5adb78a to
6f1998e
Compare
jason810496
reviewed
Jul 7, 2026
POST /assets/events accepted any partition_key, silently storing empty/whitespace-only keys and letting keys over 250 characters hit a database column-length error as a 500. Validate the field the same way the Execution API already does, returning 422 instead.
Remove the now-dead-code max_length check in validate_partition_key, since Field(max_length=ID_LEN) already enforces it before the after-mode field_validator runs. Also regenerate the OpenAPI spec and downstream clients (UI, airflow-ctl) to reflect the maxLength constraint added in the prior fixup commit.
Use a pydantic pattern constraint that rejects empty/whitespace-only keys without altering valid ones, matching the Execution API's outlet-event validation so both paths store identical values for the same input.
6f1998e to
87b67b3
Compare
jason810496
approved these changes
Jul 8, 2026
Contributor
|
Hi maintainer, this PR was merged without a milestone set.
|
Contributor
Backport successfully created: v3-3-testNote: As of Merging PRs targeted for Airflow 3.X In matter of doubt please ask in #release-management Slack channel.
|
jason810496
added a commit
to jason810496/airflow
that referenced
this pull request
Jul 8, 2026
The wire schema gained an extra field on GetAssetEventByAsset and GetAssetEventByAssetAlias in apache#69453 without the ts-sdk types being regenerated. This PR's own changes to dev/breeze and the prek config force a full static-checks run, where no hook is skipped, so the check correctly surfaced that pre-existing drift and blocked CI.
1 task
jason810496
added a commit
that referenced
this pull request
Jul 8, 2026
…69583) * Make ts-sdk supervisor schema check a manual prek hook CI's static-checks job runs `prek --all-files`, which runs every default-stage hook against the whole repo tree regardless of what a given PR actually touched. Because check-ts-sdk-supervisor-schema lists task-sdk's schema.json as a trigger file, any task-sdk-only PR that changes the wire schema fails static checks over an unrelated, not-yet-regenerated ts-sdk file it never intended to touch. Move the hook to the manual stage, matching how other on-demand checks in this file (update-notice-year, upgrade-important-versions, update-docker-gpg-keys) are handled: it stops gating unrelated PRs and ts-sdk owners run it themselves (`prek run --hook-stage manual check-ts-sdk-supervisor-schema`) when they pick up a schema change. * Selectively skip ts-sdk supervisor schema check instead of manual stage The first attempt made check-ts-sdk-supervisor-schema a manual-stage hook, but review found that removes it from CI entirely (nothing invokes it at the manual stage), so schema drift would merge undetected. Reuse the existing selective-skip mechanism already used for ktlint and the mypy-* hooks instead: the hook keeps running in CI's default static-checks sweep, but is now skipped when neither ts-sdk/ nor the supervisor wire schema changed, so unrelated task-sdk-only PRs no longer fail on it while real drift is still caught. * Skip ts-sdk supervisor schema check unless ts-sdk itself changes A task-sdk PR that bumps the supervisor wire schema should not be responsible for regenerating the ts-sdk types - that is the ts-sdk follow-up PR's job. Trigger the hook only on ts-sdk/ changes, both in CI (selective skip) and locally (the hook's files pattern), so schema authors are never blocked on a file they do not own. Drift merged via a schema-only PR is still caught by full-tests runs (canary and structural-change PRs run every hook) and by the next ts-sdk PR. * Regenerate ts-sdk supervisor types for asset event extra fields The wire schema gained an extra field on GetAssetEventByAsset and GetAssetEventByAssetAlias in #69453 without the ts-sdk types being regenerated. This PR's own changes to dev/breeze and the prek config force a full static-checks run, where no hook is skipped, so the check correctly surfaced that pre-existing drift and blocked CI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
POST /assets/eventsaccepted anypartition_keywithout validation. Two bad cases slipped through:ID_LEN(250) chars hit the database column-length limit and surfaced as a500 Internal Server Error, leaking an internal failure instead of telling the client the input was invalid.The Execution API already validates this field; the public API should behave the same way.
What
field_validatoronCreateAssetEventsBody.partition_keythat rejects empty / whitespace-only values and values exceedingID_LEN, returning422instead of storing bad data or raising500.Noneremains valid (the field stays optional), so non-partitioned events are unaffected.Was generative AI tooling used to co-author this PR?
Generated-by: [Claude] following the guidelines
{pr_number}.significant.rst, in airflow-core/newsfragments. You can add this file in a follow-up commit after the PR is created so you know the PR number.