o-nikolas commented on code in PR #66608:
URL: https://github.com/apache/airflow/pull/66608#discussion_r3461503804
##########
airflow-core/src/airflow/api_fastapi/execution_api/routes/connections.py:
##########
@@ -49,15 +54,19 @@ async def has_connection_access(
router = APIRouter(
+ route_class=ExecutionAPIRoute,
responses={status.HTTP_404_NOT_FOUND: {"description": "Connection not
found"}},
- dependencies=[Depends(has_connection_access)],
)
log = logging.getLogger(__name__)
@router.get(
"/{connection_id}",
+ dependencies=[
+ Security(require_auth, scopes=["token:execution", "token:workload"]),
Review Comment:
Do we need a new token for this kind of exchange @ashb? Also the
code/functionality that should invalidate the workload token after the first
use (since we're only intending for it to be used once for the exchange for the
short lived token) doesn't seem to be running, otherwise testing would have
caught that here? Any who, I think we should circle back on this one and
regroup a bit.
Shall we revert this one? @seanghaeli @ferruzzi?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
