The GitHub Actions job "Tests" on airflow.git/f-008-collect-teams-fail-closed has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 96db2b29bd3ec9b62b8cf61a18ff3d9d494e5ed5 / Jarek Potiuk <[email protected]> Fail closed in _collect_teams_to_check on body parse failure For POST/PUT in multi-team mode, the helper used `with suppress(JSONDecodeError)` around `await request.json()`. If the body was unparseable, the suppress swallowed the exception, `teams.add(raw)` never ran, and the calling `requires_access_*` dependency iterated over an empty set — silently skipping the authorization callback entirely. Today this is unreachable because every POST/PUT route in core_api uses a Pydantic body model, so FastAPI returns 422 before the auth dependency runs. But the pattern would silently bypass team-scoped authz if a future route used a raw `Request` instead. Replace the bare suppress with an explicit try/except that adds `None` to `teams` on parse failure, so the auth callback always runs at least once. Report URL: https://github.com/apache/airflow/actions/runs/25472449802 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
