diff --git a/providers/src/airflow/providers/edge/CHANGELOG.rst b/providers/src/airflow/providers/edge/CHANGELOG.rst index 13a6b88c75029..9db03fbedf327 100644 --- a/providers/src/airflow/providers/edge/CHANGELOG.rst +++ b/providers/src/airflow/providers/edge/CHANGELOG.rst @@ -27,6 +27,14 @@ Changelog --------- +0.9.2pre0 +......... + +Misc +~~~~ + +* ``Fix check edge worker api call authentication with different base url. Authentication failed when Airflow is not installed in webserver root.`` + 0.9.1pre0 ......... diff --git a/providers/src/airflow/providers/edge/__init__.py b/providers/src/airflow/providers/edge/__init__.py index 066508a61c74f..4d6f15fb48da3 100644 --- a/providers/src/airflow/providers/edge/__init__.py +++ b/providers/src/airflow/providers/edge/__init__.py @@ -29,7 +29,7 @@ __all__ = ["__version__"] -__version__ = "0.9.1pre0" +__version__ = "0.9.2pre0" if packaging.version.parse(packaging.version.parse(airflow_version).base_version) < packaging.version.parse( "2.10.0" diff --git a/providers/src/airflow/providers/edge/cli/api_client.py b/providers/src/airflow/providers/edge/cli/api_client.py index 942577e86d25f..483c5ab3759e5 100644 --- a/providers/src/airflow/providers/edge/cli/api_client.py +++ b/providers/src/airflow/providers/edge/cli/api_client.py @@ -22,7 +22,7 @@ from http import HTTPStatus from pathlib import Path from typing import TYPE_CHECKING, Any -from urllib.parse import quote, urljoin, urlparse +from urllib.parse import quote, urljoin import requests import tenacity @@ -74,11 +74,10 @@ def _is_retryable_exception(exception: BaseException) -> bool: def _make_generic_request(method: str, rest_path: str, data: str | None = None) -> Any: signer = jwt_signer() api_url = conf.get("edge", "api_url") - path = urlparse(api_url).path.replace("/rpcapi", "") headers = { "Content-Type": "application/json", "Accept": "application/json", - "Authorization": signer.generate_signed_token({"method": str(Path(path, rest_path))}), + "Authorization": signer.generate_signed_token({"method": rest_path}), } api_endpoint = urljoin(api_url, rest_path) response = requests.request(method, url=api_endpoint, data=data, headers=headers) diff --git a/providers/src/airflow/providers/edge/provider.yaml b/providers/src/airflow/providers/edge/provider.yaml index 845bfa225ad77..4ce807be94640 100644 --- a/providers/src/airflow/providers/edge/provider.yaml +++ b/providers/src/airflow/providers/edge/provider.yaml @@ -27,7 +27,7 @@ source-date-epoch: 1729683247 # note that those versions are maintained by release manager - do not update them manually versions: - - 0.9.1pre0 + - 0.9.2pre0 dependencies: - apache-airflow>=2.10.0 diff --git a/providers/src/airflow/providers/edge/worker_api/auth.py b/providers/src/airflow/providers/edge/worker_api/auth.py index 5829e94732b52..c2b3fb56f7641 100644 --- a/providers/src/airflow/providers/edge/worker_api/auth.py +++ b/providers/src/airflow/providers/edge/worker_api/auth.py @@ -66,13 +66,18 @@ def _forbidden_response(message: str): def jwt_token_authorization(method: str, authorization: str): """Check if the JWT token is correct.""" try: + # worker sends method without api_url + api_url = conf.get("edge", "api_url") + base_url = conf.get("webserver", "base_url") + url_prefix = api_url.replace(base_url, "").replace("/rpcapi", "/") + pure_method = method.replace(url_prefix, "") payload = jwt_signer().verify_token(authorization) signed_method = payload.get("method") - if not signed_method or signed_method != method: + if not signed_method or signed_method != pure_method: _forbidden_response( "Invalid method in token authorization. " f"signed method='{signed_method}' " - f"called method='{method}'", + f"called method='{pure_method}'", ) except BadSignature: _forbidden_response("Bad Signature. Please use only the tokens provided by the API.")