Improve that secrets don't block from opening a flow and are only val…#490
Open
Edwardvaneechoud wants to merge 3 commits into
Open
Improve that secrets don't block from opening a flow and are only val…#490Edwardvaneechoud wants to merge 3 commits into
Edwardvaneechoud wants to merge 3 commits into
Conversation
…idated when running the flow.
✅ Deploy Preview for flowfile-wasm canceled.
|
- Remember the session owner on FlowGraph (captured in with_history_capture) and use it when undo restores nodes from an empty graph, so connection-backed nodes are never re-stamped with user_id=None - Lock the memoized credential / Kafka-settings getters: the schema callback runs on a background thread while _func runs on the execution thread - Drop echoed Kafka fields when topic/value_format/connection changes so the schema callback cannot serve stale columns after a programmatic update - Guard GA oauth_cfg against an unknown auth_method reaching the oauth branch - Raise a clear error instead of AttributeError when a referenced database connection is missing in _resolve_connection_string - Add tests pinning the deferred-resolution contract, cached-fields schema, run-time error surfacing, and the undo user_id re-stamp Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request improves how external connections (databases, Kafka, Google Analytics, REST APIs) are resolved and handled in the flow graph. The main goals are to defer connection/credential resolution until execution time (so opening or undoing a flow does not require access to the connection), ensure correct user ownership when restoring flows from snapshots, and improve security by never persisting plaintext secrets. The changes also add better error handling and make schema inference more robust.
Deferred and Secure Connection/Credential Resolution:
user_id(the flow owner), rather than at flow open/undo time. This avoids requiring the current session to have access to every connection referenced by a flow. [1] [2] [3] [4] [5]User Ownership and Flow Restoration:
user_idis re-stamped onto node settings, ensuring that connection-backed nodes can resolve credentials under the correct user context. This mirrors the behavior of opening flows and prevents failures due to missing user association. [1] [2]Improved Error Handling:
Schema Inference Improvements:
Refactoring and Code Quality:
These changes make the flow system more robust, secure, and user-friendly, especially in collaborative or multi-user environments.