Re: [PR] Implement `batch_is_authorized_*` APIs in AWS auth manager [airflow]

[via GitHub]

o-nikolas commented on code in PR #37430:
URL: https://github.com/apache/airflow/pull/37430#discussion_r1498351268


##########
airflow/providers/amazon/aws/auth_manager/avp/facade.py:
##########
@@ -116,6 +125,63 @@ def is_authorized(
 
         return resp["decision"] == "ALLOW"
 
+    def batch_is_authorized(
+        self,
+        *,
+        requests: Sequence[IsAuthorizedRequest],
+        user: AwsAuthManagerUser | None,
+    ) -> bool:
+        """
+        Make a batch authorization decision against Amazon Verified 
Permissions.
+
+        Check whether the user has permissions to access given resources.
+
+        :param requests: the list of requests containing the method, the 
entity_type and the entity ID
+        :param user: the user
+        """
+        if user is None:
+            return False
+
+        entity_list = self._get_user_role_entities(user)
+
+        self.log.debug("Making batch authorization request for user=%s, 
requests=%s", user.get_id(), requests)
+
+        avp_requests = [
+            prune_dict(
+                {
+                    "principal": {"entityType": 
get_entity_type(AvpEntities.USER), "entityId": user.get_id()},
+                    "action": {
+                        "actionType": get_entity_type(AvpEntities.ACTION),
+                        "actionId": get_action_id(request["entity_type"], 
request["method"]),
+                    },
+                    "resource": {
+                        "entityType": get_entity_type(request["entity_type"]),
+                        "entityId": request.get("entity_id", "*"),
+                    },
+                    "context": self._build_context(request.get("context")),
+                }
+            )
+            for request in requests
+        ]
+
+        resp = self.avp_client.batch_is_authorized(
+            policyStoreId=self.avp_policy_store_id,
+            requests=avp_requests,
+            entities={"entityList": entity_list},
+        )
+
+        self.log.debug("Authorization response: %s", resp)
+
+        has_errors = any(len(result.get("errors", [])) > 0 for result in 
resp["results"])
+
+        if has_errors:
+            self.log.error(
+                "Error occurred while making a batch authorization decision. 
Result: %s", resp["results"]
+            )
+            raise AirflowException("Error occurred while making a batch 
authorization decision.")

Review Comment:
   That's fair, I'm happy either way :rocket: 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org