Fix bulk operation permissions for connection, pool and variable #55278
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vincbeck
requested review from
bugraoz93,
ephraimbuddy,
jason810496,
rawwar and
shubhamraj-git
as code owners
o-nikolas
approved these changes
Sep 4, 2025
vincbeck
force-pushed
the
vincbeck/fix_bulk
branch
from
b19ad50 to
1ce1fd7
Compare
jason810496
reviewed
Sep 5, 2025
Member
jason810496
left a comment
jason810496
left a comment
There was a problem hiding this comment.
Nice! Thanks for the PR! LGTM overall.
vincbeck
force-pushed
the
vincbeck/fix_bulk
branch
from
1ce1fd7 to
77ccc5e
Compare
jason810496
approved these changes
Sep 5, 2025
mangal-vairalkar
pushed a commit
to mangal-vairalkar/airflow
that referenced
this pull request
Sep 7, 2025
RoyLee1224
pushed a commit
to RoyLee1224/airflow
that referenced
this pull request
Sep 8, 2025
78 tasks
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Sep 30, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 1, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 2, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 3, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 4, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 5, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 5, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 7, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 8, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 9, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 10, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 11, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 12, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 14, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 15, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 17, 2025
abdulrahman305 bot
pushed a commit
to abdulrahman305/airflow
that referenced
this pull request
Oct 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In Airflow, connections, pools and variables have bulk APIs. Through these APIs, you can create, edit and delete a same kind of resource (connection, pool or variable) within a same request.
However, these APIs have bad authorization checks. For example,
bulk_connectionshasrequires_access_connection(method="PUT")as access control. That means, anyone havingPUT(edit) access on connections, can create, edit or delete a connection using the bulk API. And this is true for pools and variables as well.Since these APIs are different from the others, I built specific access control decorators to check the user has access to all resources and operations they are trying to do within the request.
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named
{pr_number}.significant.rstor{issue_number}.significant.rst, in airflow-core/newsfragments.