(airflow) branch main updated: fix: add SCC to dag processor (#51080)

Thu, 12 Jun 2025 05:33:51 -0700 

This is an automated email from the ASF dual-hosted git repository.

eladkal pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new bc1d51e5388 fix: add SCC to dag processor (#51080)
bc1d51e5388 is described below

commit bc1d51e5388eb9fa7b28c1b8a70c5b8311bca1c1
Author: kesem0811 <60566128+kesem0...@users.noreply.github.com>
AuthorDate: Thu Jun 12 15:33:39 2025 +0300

    fix: add SCC to dag processor (#51080)
    
    * fix: add SCC to dag processor
    
    * delete typing error
    
    * your message
    
    * change my test
    
    * change the value deffault
    
    * fix tests2
    
    * fix tests2
    
    * return values to original version
    
    * run ruff formater
    
    * change the SCC tests
    
    * change the SCC tests
    
    * fix formatting
---
 chart/templates/rbac/security-context-constraint-rolebinding.yaml | 5 +++++
 helm-tests/tests/helm_tests/security/test_scc_rolebinding.py      | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/chart/templates/rbac/security-context-constraint-rolebinding.yaml 
b/chart/templates/rbac/security-context-constraint-rolebinding.yaml
index fdccb036d1f..aa4cf05a73e 100644
--- a/chart/templates/rbac/security-context-constraint-rolebinding.yaml
+++ b/chart/templates/rbac/security-context-constraint-rolebinding.yaml
@@ -90,4 +90,9 @@ subjects:
     name: {{ include "cleanup.serviceAccountName" . }}
     namespace: "{{ .Release.Namespace }}"
   {{- end }}
+  {{- if .Values.dagProcessor.enabled }}
+  - kind: ServiceAccount
+    name: {{ include "dagProcessor.serviceAccountName" . }}
+    namespace: "{{ .Release.Namespace }}"
+  {{- end }}
 {{- end }}
diff --git a/helm-tests/tests/helm_tests/security/test_scc_rolebinding.py 
b/helm-tests/tests/helm_tests/security/test_scc_rolebinding.py
index d02355666ce..76e7b7d2183 100644
--- a/helm-tests/tests/helm_tests/security/test_scc_rolebinding.py
+++ b/helm-tests/tests/helm_tests/security/test_scc_rolebinding.py
@@ -41,6 +41,7 @@ class TestSCCActivation:
                 "cleanup": {"enabled": True},
                 "flower": {"enabled": True},
                 "rbac": {"create": rbac_enabled, "createSCCRoleBinding": 
scc_enabled},
+                "dagProcessor": {"enabled": True},
             },
             
show_only=["templates/rbac/security-context-constraint-rolebinding.yaml"],
         )
@@ -60,6 +61,7 @@ class TestSCCActivation:
             assert jmespath.search("subjects[6].name", docs[0]) == 
"release-name-airflow-migrate-database-job"
             assert jmespath.search("subjects[7].name", docs[0]) == 
"release-name-airflow-create-user-job"
             assert jmespath.search("subjects[8].name", docs[0]) == 
"release-name-airflow-cleanup"
+            assert jmespath.search("subjects[9].name", docs[0]) == 
"release-name-airflow-dag-processor"
 
     @pytest.mark.parametrize(
         "rbac_enabled,scc_enabled,created,namespace,expected_name",
@@ -118,3 +120,4 @@ class TestSCCActivation:
             assert jmespath.search("subjects[2].name", docs[0]) == 
"release-name-airflow-scheduler"
             assert jmespath.search("subjects[3].name", docs[0]) == 
"release-name-airflow-triggerer"
             assert jmespath.search("subjects[4].name", docs[0]) == 
"release-name-airflow-migrate-database-job"
+            assert len(docs[0]["subjects"]) == 5

Reply via email to