Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix the required access for get_variable endpoint #36396

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion airflow/api_connexion/endpoints/variable_endpoint.py
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ def delete_variable(*, variable_key: str) -> Response:
return Response(status=HTTPStatus.NO_CONTENT)


@security.requires_access_variable("DELETE")
@security.requires_access_variable("GET")
@provide_session
def get_variable(*, variable_key: str, session: Session = NEW_SESSION) -> Response:
"""Get a variable by key."""
Expand Down
36 changes: 32 additions & 4 deletions tests/api_connexion/endpoints/test_variable_endpoint.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,29 @@ def configured_app(minimal_app_for_api):
(permissions.ACTION_CAN_DELETE, permissions.RESOURCE_VARIABLE),
],
)
create_user(
app, # type: ignore
username="test_read_only",
role_name="TestReadOnly",
permissions=[
(permissions.ACTION_CAN_READ, permissions.RESOURCE_VARIABLE),
],
)
create_user(
app, # type: ignore
username="test_delete_only",
role_name="TestDeleteOnly",
permissions=[
(permissions.ACTION_CAN_DELETE, permissions.RESOURCE_VARIABLE),
],
)
create_user(app, username="test_no_permissions", role_name="TestNoPermissions") # type: ignore

yield app

delete_user(app, username="test") # type: ignore
delete_user(app, username="test_read_only") # type: ignore
delete_user(app, username="test_delete_only") # type: ignore
delete_user(app, username="test_no_permissions") # type: ignore


Expand Down Expand Up @@ -109,14 +127,24 @@ def test_should_raise_403_forbidden(self):


class TestGetVariable(TestVariableEndpoint):
def test_should_respond_200(self):
@pytest.mark.parametrize(
"user, expected_status_code",
[
("test", 200),
("test_read_only", 200),
("test_delete_only", 403),
("test_no_permissions", 403),
],
)
def test_read_variable(self, user, expected_status_code):
expected_value = '{"foo": 1}'
Variable.set("TEST_VARIABLE_KEY", expected_value)
response = self.client.get(
"/api/v1/variables/TEST_VARIABLE_KEY", environ_overrides={"REMOTE_USER": "test"}
"/api/v1/variables/TEST_VARIABLE_KEY", environ_overrides={"REMOTE_USER": user}
)
assert response.status_code == 200
assert response.json == {"key": "TEST_VARIABLE_KEY", "value": expected_value, "description": None}
assert response.status_code == expected_status_code
if expected_status_code == 200:
assert response.json == {"key": "TEST_VARIABLE_KEY", "value": expected_value, "description": None}

def test_should_respond_404_if_not_found(self):
response = self.client.get(
Expand Down