ferruzzi opened a new pull request, #68918: URL: https://github.com/apache/airflow/pull/68918
Response to #66608, these tests would assert that no API token scopes are modified unintentionally. I ran these tests on main before the revert and they failed on the token-scope creep that @ashb found. There is a section in the module docstring explaining how to maintain the test. The policy would be "any new API route which doesn't use ONLY `token:execution` needs to be added to the constant". So the vast majority of existing (and future??) routes are unaffected. **To be clear:** Execution-only routes are the default by far, so their implementation is unaffected. Someone adding or removing an execution-only route does not have to worry about these tests at all. ### Usage/Test Cases Adding tokens: - A new token on an existing execution-only route (What happened here): `test_all_default_routes_are_execution_only` fails. - A new token to an existing multi-token route: `test_non_default_route_matches_policy` fails. Removing tokens: - A token removed from an execution-only route: `test_all_default_routes_are_execution_only` fails [1] - A token removed from an existing multi-token route: `test_non_default_route_matches_policy` fails. Adding Routes: - A new execution-only route is added: No action required; tests all pass - A new multi-token route is added (without adding it to the exception list): `test_all_default_routes_are_execution_only` fails. Removing Routes: - An existing multi-token route is removed without updating the policy: `test_non_default_route_still_registered` fails. - An existing execution-only route is removed: No action required; tests all pass [1]: Also of note, that leaves a route with no token which likely shouldn't happen... but it's covered. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
