Skip to content

Return raw import-error stacktrace when file has no registered Dag#67465

Merged
vatsrahul1001 merged 2 commits into
apache:mainfrom
potiuk:revert-import-error-no-dag-redact-fallback
May 25, 2026
Merged

Return raw import-error stacktrace when file has no registered Dag#67465
vatsrahul1001 merged 2 commits into
apache:mainfrom
potiuk:revert-import-error-no-dag-redact-fallback

Conversation

@potiuk

@potiuk potiuk commented May 25, 2026

Copy link
Copy Markdown
Member

The Import Errors API used to fall back to a redaction message for files that have no DagModel row yet (parse failed before any Dag was defined, or all Dags removed). The fallback was a placeholder, not a real authorization decision -- it left admins unable to read the actual stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this case until a proper admin-only path is in place. The dedicated permission and multi-team scoping are tracked in
#67461.

The other changes from the per-file authorization work -- matching on relative_fileloc + bundle_name and splitting the list-endpoint CTE so the per-file authorization check sees the full Dag set -- stay in place.


Was generative AI tooling used to co-author this PR?
  • Yes (please specify the tool below)

  • Read the Pull Request Guidelines for more information. Note: commit author/co-author name and email in commits become permanently public when merged.
  • For fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
  • When adding dependency, check compliance with the ASF 3rd Party License Policy.
  • For significant user-facing changes create newsfragment: {pr_number}.significant.rst, in airflow-core/newsfragments. You can add this file in a follow-up commit after the PR is created so you know the PR number.

The Import Errors API used to fall back to a redaction message for files
that have no `DagModel` row yet (parse failed before any Dag was defined,
or all Dags removed). The fallback was a placeholder, not a real
authorization decision -- it left admins unable to read the actual
stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this
case until a proper admin-only path is in place. The dedicated
permission and multi-team scoping are tracked in
apache#67461.

The other changes from the per-file authorization work -- matching on
`relative_fileloc + bundle_name` and splitting the list-endpoint CTE so
the per-file authorization check sees the full Dag set -- stay in
place.
@vatsrahul1001 vatsrahul1001 merged commit 93a078a into apache:main May 25, 2026
143 checks passed
@github-actions

Copy link
Copy Markdown
Contributor

Backport successfully created: v3-2-test

Note: As of Merging PRs targeted for Airflow 3.X
the committer who merges the PR is responsible for backporting the PRs that are bug fixes (generally speaking) to the maintenance branches.

In matter of doubt please ask in #release-management Slack channel.

Status Branch Result
v3-2-test PR Link

vatsrahul1001 added a commit that referenced this pull request May 25, 2026
…tered Dag (#67465) (#67478)

The Import Errors API used to fall back to a redaction message for files
that have no `DagModel` row yet (parse failed before any Dag was defined,
or all Dags removed). The fallback was a placeholder, not a real
authorization decision -- it left admins unable to read the actual
stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this
case until a proper admin-only path is in place. The dedicated
permission and multi-team scoping are tracked in
#67461.

The other changes from the per-file authorization work -- matching on
`relative_fileloc + bundle_name` and splitting the list-endpoint CTE so
the per-file authorization check sees the full Dag set -- stay in
place.
(cherry picked from commit 93a078a)

Co-authored-by: Jarek Potiuk <[email protected]>
Co-authored-by: Rahul Vats <[email protected]>
vatsrahul1001 added a commit that referenced this pull request May 25, 2026
…tered Dag (#67465) (#67478)

The Import Errors API used to fall back to a redaction message for files
that have no `DagModel` row yet (parse failed before any Dag was defined,
or all Dags removed). The fallback was a placeholder, not a real
authorization decision -- it left admins unable to read the actual
stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this
case until a proper admin-only path is in place. The dedicated
permission and multi-team scoping are tracked in
#67461.

The other changes from the per-file authorization work -- matching on
`relative_fileloc + bundle_name` and splitting the list-endpoint CTE so
the per-file authorization check sees the full Dag set -- stay in
place.
(cherry picked from commit 93a078a)

Co-authored-by: Jarek Potiuk <[email protected]>
Co-authored-by: Rahul Vats <[email protected]>
vatsrahul1001 added a commit that referenced this pull request May 25, 2026
…tered Dag (#67465) (#67478)

The Import Errors API used to fall back to a redaction message for files
that have no `DagModel` row yet (parse failed before any Dag was defined,
or all Dags removed). The fallback was a placeholder, not a real
authorization decision -- it left admins unable to read the actual
stacktrace, and it did not respect multi-team isolation.

Restore the previous behavior of returning the raw stacktrace in this
case until a proper admin-only path is in place. The dedicated
permission and multi-team scoping are tracked in
#67461.

The other changes from the per-file authorization work -- matching on
`relative_fileloc + bundle_name` and splitting the list-endpoint CTE so
the per-file authorization check sees the full Dag set -- stay in
place.
(cherry picked from commit 93a078a)

Co-authored-by: Jarek Potiuk <[email protected]>
Co-authored-by: Rahul Vats <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:API Airflow's REST/HTTP API type:bug-fix Changelog: Bug Fixes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants