stephen-bracken opened a new pull request, #68935: URL: https://github.com/apache/airflow/pull/68935
Don't raise an error on startup if the Auth Manager has additional teams --- In the case of the `KeycloakAuthManager`, defining additional teams in the Auth Manager should not interact with the airflow system in a negative way, as the Auth Manager will only issue auth requests to keycloak based on access of resources. These must be mapped to teams that actually exist in the database, as they are created in Airflow. Despite this, adding additional team resources to the keycloak client will cause the api server to crash on startup until the teams are added to the database as well. This makes the system more brittle by introducing an implicit order of actions which new teams must go through to be added. (i.e. 1. add to database, 2. add to auth manager 3. add to dags) Raising a warning at startup instead tells admins that they need to update their configuration without affecting the normal running of the api server. ##### Was generative AI tooling used to co-author this PR? <!-- If generative AI tooling has been used in the process of authoring this PR, please change below checkbox to `[X]` followed by the name of the tool, uncomment the "Generated-by". --> - [ ] Yes (please specify the tool below) - [X] No <!-- Generated-by: [Tool Name] following [the guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions) --> --- -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
