This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push: new e6f5d454b2 Move some FAB related tests to provider (#37549) e6f5d454b2 is described below commit e6f5d454b24cda6d347276cc148f07f3d223684a Author: Jarek Potiuk <ja...@potiuk.com> AuthorDate: Mon Feb 19 19:44:28 2024 +0100 Move some FAB related tests to provider (#37549) There are still some tests that are really FAB provider Auth Manager tests but they were left in the core (which is kind-of expected remnant of the past. We will eventually find and move all of them but for now let's just move some of them we are aware of. --- .../fab/auth_manager}/test_security.py | 64 +++++++++++++++++++++ tests/www/test_auth.py | 66 ---------------------- 2 files changed, 64 insertions(+), 66 deletions(-) diff --git a/tests/www/test_security.py b/tests/providers/fab/auth_manager/test_security.py similarity index 94% rename from tests/www/test_security.py rename to tests/providers/fab/auth_manager/test_security.py index fb24aae905..ea28de4a99 100644 --- a/tests/www/test_security.py +++ b/tests/providers/fab/auth_manager/test_security.py @@ -19,6 +19,7 @@ from __future__ import annotations import contextlib import datetime +import json import logging import os from unittest import mock @@ -1139,3 +1140,66 @@ def test_custom_access_denied_message(): ): initialize_config() assert get_access_denied_message() == "My custom access denied message" + + +@pytest.mark.db_test +class TestHasAccessDagDecorator: + @pytest.mark.parametrize( + "dag_id_args, dag_id_kwargs, dag_id_form, dag_id_json, fail", + [ + ("a", None, None, None, False), + (None, "b", None, None, False), + (None, None, "c", None, False), + (None, None, None, "d", False), + ("a", "a", None, None, False), + ("a", "a", "a", None, False), + ("a", "a", "a", "a", False), + (None, "a", "a", "a", False), + (None, None, "a", "a", False), + ("a", None, None, "a", False), + ("a", None, "a", None, False), + ("a", None, "c", None, True), + (None, "b", "c", None, True), + (None, None, "c", "d", True), + ("a", "b", "c", "d", True), + ], + ) + def test_dag_id_consistency( + self, + app, + dag_id_args: str | None, + dag_id_kwargs: str | None, + dag_id_form: str | None, + dag_id_json: str | None, + fail: bool, + ): + with app.test_request_context() as mock_context: + from airflow.www.auth import has_access_dag + + mock_context.request.args = {"dag_id": dag_id_args} if dag_id_args else {} + kwargs = {"dag_id": dag_id_kwargs} if dag_id_kwargs else {} + mock_context.request.form = {"dag_id": dag_id_form} if dag_id_form else {} + if dag_id_json: + mock_context.request._cached_data = json.dumps({"dag_id": dag_id_json}) + mock_context.request._parsed_content_type = ["application/json"] + + with create_user_scope( + app, + username="test-user", + role_name="limited-role", + permissions=[(permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG)], + ) as user: + with patch( + "airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager.get_user" + ) as mock_get_user: + mock_get_user.return_value = user + + @has_access_dag("GET") + def test_func(**kwargs): + return True + + result = test_func(**kwargs) + if fail: + assert result[1] == 403 + else: + assert result is True diff --git a/tests/www/test_auth.py b/tests/www/test_auth.py index 79c61b2f52..952c1be05b 100644 --- a/tests/www/test_auth.py +++ b/tests/www/test_auth.py @@ -25,10 +25,7 @@ import airflow.www.auth as auth from airflow.auth.managers.models.resource_details import DagAccessEntity from airflow.exceptions import RemovedInAirflow3Warning from airflow.models import Connection, Pool, Variable -from airflow.security import permissions -from airflow.settings import json from airflow.www.auth import has_access -from tests.test_utils.api_connexion_utils import create_user_scope mock_call = Mock() @@ -239,66 +236,3 @@ class TestHasAccessDagEntities: mock_call.assert_not_called() assert result.headers["Location"] == "login_url" - - -@pytest.mark.db_test -class TestHasAccessDagDecorator: - @pytest.mark.parametrize( - "dag_id_args, dag_id_kwargs, dag_id_form, dag_id_json, fail", - [ - ("a", None, None, None, False), - (None, "b", None, None, False), - (None, None, "c", None, False), - (None, None, None, "d", False), - ("a", "a", None, None, False), - ("a", "a", "a", None, False), - ("a", "a", "a", "a", False), - (None, "a", "a", "a", False), - (None, None, "a", "a", False), - ("a", None, None, "a", False), - ("a", None, "a", None, False), - ("a", None, "c", None, True), - (None, "b", "c", None, True), - (None, None, "c", "d", True), - ("a", "b", "c", "d", True), - ], - ) - def test_dag_id_consistency( - self, - app, - dag_id_args: str | None, - dag_id_kwargs: str | None, - dag_id_form: str | None, - dag_id_json: str | None, - fail: bool, - ): - with app.test_request_context() as mock_context: - from airflow.www.auth import has_access_dag - - mock_context.request.args = {"dag_id": dag_id_args} if dag_id_args else {} - kwargs = {"dag_id": dag_id_kwargs} if dag_id_kwargs else {} - mock_context.request.form = {"dag_id": dag_id_form} if dag_id_form else {} - if dag_id_json: - mock_context.request._cached_data = json.dumps({"dag_id": dag_id_json}) - mock_context.request._parsed_content_type = ["application/json"] - - with create_user_scope( - app, - username="test-user", - role_name="limited-role", - permissions=[(permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG)], - ) as user: - with patch( - "airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager.get_user" - ) as mock_get_user: - mock_get_user.return_value = user - - @has_access_dag("GET") - def test_func(**kwargs): - return True - - result = test_func(**kwargs) - if fail: - assert result[1] == 403 - else: - assert result is True