Re: [PR] [#3733] feat(core): Unified authorization framework [gravitino]

Tue, 09 Jul 2024 00:27:46 -0700 


jerryshao commented on code in PR #3946:
URL: https://github.com/apache/gravitino/pull/3946#discussion_r1669873750


##########
core/src/main/java/com/datastrato/gravitino/connector/BaseCatalog.java:
##########
@@ -57,6 +65,13 @@ public abstract class BaseCatalog<T extends BaseCatalog>
   // The object you used is not stable, don't use it unless you know what you 
are doing.
   @VisibleForTesting public static final String CATALOG_OPERATION_IMPL = 
"ops-impl";
 
+  // Different catalogs may have different authorization provider, this 
variable is used as a
+  // key in properties of catalogs to inject custom authorization to Gravitino.
+  public static final String AUTHORIZATION_PROVIDER = "authorization-provider";

Review Comment:
   As I mentioned in the previous comment, it would be better to  move the 
definition to `Catalog.java` in API module, where all the catalog related 
common properties are defined.
   
   Also update the doc to mention about this property.



##########
core/src/main/java/com/datastrato/gravitino/connector/BaseCatalog.java:
##########
@@ -169,12 +184,57 @@ public CatalogOperations ops() {
     return ops;
   }
 
+  public AuthorizationPlugin getAuthorizationPlugin() {
+    if (authorization == null) {
+      synchronized (this) {
+        if (authorization == null) {
+          authorization = createAuthorizationPluginInstance();
+        }
+      }
+    }
+    return authorization.plugin();
+  }
+
+  private BaseAuthorization<?> createAuthorizationPluginInstance() {
+    String provider = entity.getProperties().get(AUTHORIZATION_PROVIDER);

Review Comment:
   Can we use `PropertiesMetadata::getOrDefault` here?



##########
core/src/main/java/com/datastrato/gravitino/connector/BaseCatalogPropertiesMetadata.java:
##########
@@ -48,6 +48,13 @@ public abstract class BaseCatalogPropertiesMetadata extends 
BasePropertiesMetada
                   null,
                   false,
                   false),
+              PropertyEntry.stringImmutablePropertyEntry(
+                  BaseCatalog.AUTHORIZATION_PROVIDER,
+                  "The classname of custom authorization provider",

Review Comment:
   I don't think it is a class name, it is a provider name, the description is 
not accurate.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to