Skip to content

[v3-2-test] Return raw import-error stacktrace when file has no registered Dag (#67465)#67478

Merged
vatsrahul1001 merged 1 commit into
v3-2-testfrom
backport-93a078a-v3-2-test
May 25, 2026
Merged

[v3-2-test] Return raw import-error stacktrace when file has no registered Dag (#67465)#67478
vatsrahul1001 merged 1 commit into
v3-2-testfrom
backport-93a078a-v3-2-test

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

The Import Errors API used to fall back to a redaction message for files
that have no DagModel row yet (parse failed before any Dag was defined,
or all Dags removed). The fallback was a placeholder, not a real
authorization decision -- it left admins unable to read the actual
stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this
case until a proper admin-only path is in place. The dedicated
permission and multi-team scoping are tracked in
#67461.

The other changes from the per-file authorization work -- matching on
relative_fileloc + bundle_name and splitting the list-endpoint CTE so
the per-file authorization check sees the full Dag set -- stay in
place.
(cherry picked from commit 93a078a)

Co-authored-by: Jarek Potiuk jarek@potiuk.com
Co-authored-by: Rahul Vats 43964496+vatsrahul1001@users.noreply.github.com

…tered Dag (#67465)

The Import Errors API used to fall back to a redaction message for files
that have no `DagModel` row yet (parse failed before any Dag was defined,
or all Dags removed). The fallback was a placeholder, not a real
authorization decision -- it left admins unable to read the actual
stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this
case until a proper admin-only path is in place. The dedicated
permission and multi-team scoping are tracked in
#67461.

The other changes from the per-file authorization work -- matching on
`relative_fileloc + bundle_name` and splitting the list-endpoint CTE so
the per-file authorization check sees the full Dag set -- stay in
place.
(cherry picked from commit 93a078a)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Co-authored-by: Rahul Vats <43964496+vatsrahul1001@users.noreply.github.com>
@boring-cyborg boring-cyborg Bot added the area:API Airflow's REST/HTTP API label May 25, 2026
@vatsrahul1001 vatsrahul1001 marked this pull request as ready for review May 25, 2026 14:35
@vatsrahul1001 vatsrahul1001 added this to the Airflow 3.2.2 milestone May 25, 2026
@vatsrahul1001 vatsrahul1001 added the type:bug-fix Changelog: Bug Fixes label May 25, 2026
@vatsrahul1001 vatsrahul1001 merged commit 05d3284 into v3-2-test May 25, 2026
105 checks passed
@vatsrahul1001 vatsrahul1001 deleted the backport-93a078a-v3-2-test branch May 25, 2026 16:22
vatsrahul1001 added a commit that referenced this pull request May 25, 2026
…tered Dag (#67465) (#67478)

The Import Errors API used to fall back to a redaction message for files
that have no `DagModel` row yet (parse failed before any Dag was defined,
or all Dags removed). The fallback was a placeholder, not a real
authorization decision -- it left admins unable to read the actual
stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this
case until a proper admin-only path is in place. The dedicated
permission and multi-team scoping are tracked in
#67461.

The other changes from the per-file authorization work -- matching on
`relative_fileloc + bundle_name` and splitting the list-endpoint CTE so
the per-file authorization check sees the full Dag set -- stay in
place.
(cherry picked from commit 93a078a)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Co-authored-by: Rahul Vats <43964496+vatsrahul1001@users.noreply.github.com>
vatsrahul1001 added a commit that referenced this pull request May 25, 2026
…tered Dag (#67465) (#67478)

The Import Errors API used to fall back to a redaction message for files
that have no `DagModel` row yet (parse failed before any Dag was defined,
or all Dags removed). The fallback was a placeholder, not a real
authorization decision -- it left admins unable to read the actual
stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this
case until a proper admin-only path is in place. The dedicated
permission and multi-team scoping are tracked in
#67461.

The other changes from the per-file authorization work -- matching on
`relative_fileloc + bundle_name` and splitting the list-endpoint CTE so
the per-file authorization check sees the full Dag set -- stay in
place.
(cherry picked from commit 93a078a)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Co-authored-by: Rahul Vats <43964496+vatsrahul1001@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:API Airflow's REST/HTTP API type:bug-fix Changelog: Bug Fixes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants