Reject invalid partition keys in the create asset events API#69453
Open
Lee-W wants to merge 1 commit into
Open
Reject invalid partition keys in the create asset events API#69453Lee-W wants to merge 1 commit into
Lee-W wants to merge 1 commit into
Conversation
POST /assets/events accepted any partition_key, silently storing empty/whitespace-only keys and letting keys over 250 characters hit a database column-length error as a 500. Validate the field the same way the Execution API already does, returning 422 instead.
jason810496
reviewed
Jul 7, 2026
jason810496
left a comment
Member
There was a problem hiding this comment.
IIUC, introducing Field would be sufficient enough.
| """Create asset events request.""" | ||
|
|
||
| asset_id: int | ||
| partition_key: str | None = None |
Member
There was a problem hiding this comment.
Suggested change
| partition_key: str | None = Field(default=None, max_length=ID_LEN) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
POST /assets/eventsaccepted anypartition_keywithout validation. Two bad cases slipped through:ID_LEN(250) chars hit the database column-length limit and surfaced as a500 Internal Server Error, leaking an internal failure instead of telling the client the input was invalid.The Execution API already validates this field; the public API should behave the same way.
What
field_validatoronCreateAssetEventsBody.partition_keythat rejects empty / whitespace-only values and values exceedingID_LEN, returning422instead of storing bad data or raising500.Noneremains valid (the field stays optional), so non-partitioned events are unaffected.Was generative AI tooling used to co-author this PR?
Generated-by: [Claude] following the guidelines
{pr_number}.significant.rst, in airflow-core/newsfragments. You can add this file in a follow-up commit after the PR is created so you know the PR number.