github-actions[bot] commented on code in PR #63068:
URL: https://github.com/apache/doris/pull/63068#discussion_r3256923589
##########
fe/fe-core/src/main/java/org/apache/doris/datasource/ExternalDatabase.java:
##########
@@ -195,7 +195,7 @@ private List<Pair<String, String>> listTableNames() {
})
.collect(Collectors.toList());
} else {
- tableNames = extCatalog.listTableNames(null,
remoteName).stream().map(tableName -> {
+ tableNames = extCatalog.listTableNames(currentSessionContext(),
remoteName).stream().map(tableName -> {
String localTableName =
extCatalog.fromRemoteTableName(remoteName, tableName);
Review Comment:
This now loads table names with the current delegated `SessionContext`, but
`listTableNames()` is the loader for this `ExternalDatabase`'s shared
`metaCache` (`getTableNamesWithLock()` returns `metaCache.listNames()`, and
`getTableNullable()` uses the same cache). With `iceberg.rest.session=user`,
the first user to initialize/list a database can populate the global Doris
table-name cache with that user's REST authorization result. A later user can
then see tables they should not see, or miss tables they are allowed to see
until the cache is invalidated. This is a different cache path from the
view-object cache already discussed. For user-session REST catalogs, please
bypass this shared table-name cache or include the relevant session/user
identity in the cache key before loading names with delegated credentials.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
