wjddn279 commented on code in PR #61646:
URL: https://github.com/apache/airflow/pull/61646#discussion_r2851739051
##########
providers/edge3/src/airflow/providers/edge3/models/edge_worker.py:
##########
@@ -357,12 +392,17 @@ def request_shutdown(worker_name: str, session: Session =
NEW_SESSION) -> None:
@provide_session
-def add_worker_queues(worker_name: str, queues: list[str], session: Session =
NEW_SESSION) -> None:
+def add_worker_queues(
+ worker_name: str, team_name: str | None, queues: list[str], session:
Session = NEW_SESSION
+) -> None:
"""Add queues to an edge worker."""
- query = select(EdgeWorkerModel).where(EdgeWorkerModel.worker_name ==
worker_name)
+ query = get_query_filter_by_team_and_worker_name(worker_name, team_name)
Review Comment:
@jscheffl
I've been thinking about this a bit.
Even if `worker_name` itself is unique, I think it would be better if
commands or API calls don't work correctly unless the `team_name` the worker
belongs to is explicitly specified.
As you suggested, if `team_name` is not required, anyone who knows the
`host_name` would be able to affect workers belonging to other teams. Of
course, the same is possible if the `team_name` is known, but I think it would
be worth providing at least a minimal level of isolation.
@o-nikolas WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
