yuqi1129 commented on code in PR #4651:
URL: https://github.com/apache/gravitino/pull/4651#discussion_r1730331792
##########
authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerITEnv.java:
##########
@@ -50,16 +54,25 @@ public class RangerITEnv {
protected static final String RANGER_HDFS_REPO_NAME = "hdfsDev";
private static final String RANGER_HDFS_TYPE = "hdfs";
protected static RangerClient rangerClient;
-
+ private static volatile Boolean initRangerService = Boolean.FALSE;
Review Comment:
Primitive type boolean is enough
##########
authorizations/authorization-ranger/build.gradle.kts:
##########
@@ -69,24 +75,34 @@ dependencies {
exclude("org.elasticsearch")
exclude("org.elasticsearch.client")
exclude("org.elasticsearch.plugin")
+ exclude("javax.ws.rs")
}
+ testImplementation(libs.javax.ws.rs.api)
Review Comment:
This line is repeated with L56.
##########
core/src/main/java/org/apache/gravitino/connector/BaseCatalog.java:
##########
@@ -181,53 +182,64 @@ public CatalogOperations ops() {
public AuthorizationPlugin getAuthorizationPlugin() {
if (authorization == null) {
- synchronized (this) {
- if (authorization == null) {
- BaseAuthorization<?> baseAuthorization =
createAuthorizationPluginInstance();
- if (baseAuthorization == null) {
- return null;
- }
- authorization = baseAuthorization;
- }
- }
+ return null;
}
return authorization.plugin(provider(), this.conf);
}
- private BaseAuthorization<?> createAuthorizationPluginInstance() {
+ public void initAuthorizationPluginInstance(IsolatedClassLoader classLoader)
{
+ if (authorization != null) {
+ return;
+ }
+
String authorizationProvider =
catalogPropertiesMetadata().containsProperty(AUTHORIZATION_PROVIDER)
? (String) catalogPropertiesMetadata().getOrDefault(conf,
AUTHORIZATION_PROVIDER)
: null;
if (authorizationProvider == null) {
LOG.info("Authorization provider is not set!");
- return null;
+ return;
Review Comment:
Do we only add logs if the authorization provider is not set?
##########
.github/workflows/authorization-integration-test.yml:
##########
@@ -0,0 +1,110 @@
+name: Authorization Integration Test
Review Comment:
Can you put authorization tests to the backend tests? I'm afraid the CI
pipeline is already too large.
##########
core/src/main/java/org/apache/gravitino/connector/BaseCatalog.java:
##########
@@ -181,53 +182,64 @@ public CatalogOperations ops() {
public AuthorizationPlugin getAuthorizationPlugin() {
if (authorization == null) {
- synchronized (this) {
- if (authorization == null) {
- BaseAuthorization<?> baseAuthorization =
createAuthorizationPluginInstance();
- if (baseAuthorization == null) {
- return null;
- }
- authorization = baseAuthorization;
- }
- }
+ return null;
}
return authorization.plugin(provider(), this.conf);
}
- private BaseAuthorization<?> createAuthorizationPluginInstance() {
+ public void initAuthorizationPluginInstance(IsolatedClassLoader classLoader)
{
+ if (authorization != null) {
+ return;
+ }
+
String authorizationProvider =
catalogPropertiesMetadata().containsProperty(AUTHORIZATION_PROVIDER)
? (String) catalogPropertiesMetadata().getOrDefault(conf,
AUTHORIZATION_PROVIDER)
: null;
if (authorizationProvider == null) {
LOG.info("Authorization provider is not set!");
- return null;
+ return;
}
- ServiceLoader<AuthorizationProvider> loader =
- ServiceLoader.load(
- AuthorizationProvider.class,
Thread.currentThread().getContextClassLoader());
-
- List<Class<? extends AuthorizationProvider>> providers =
- Streams.stream(loader.iterator())
- .filter(p -> p.shortName().equalsIgnoreCase(authorizationProvider))
- .map(AuthorizationProvider::getClass)
- .collect(Collectors.toList());
- if (providers.isEmpty()) {
- throw new IllegalArgumentException(
- "No authorization provider found for: " + authorizationProvider);
- } else if (providers.size() > 1) {
- throw new IllegalArgumentException(
- "Multiple authorization providers found for: " +
authorizationProvider);
- }
+ BaseAuthorization<?> baseAuthorization;
try {
- return (BaseAuthorization<?>)
-
Iterables.getOnlyElement(providers).getDeclaredConstructor().newInstance();
+ baseAuthorization =
+ classLoader.withClassLoader(
+ cl -> {
+ try {
+ ServiceLoader<AuthorizationProvider> loader =
+ ServiceLoader.load(AuthorizationProvider.class, cl);
+
+ List<Class<? extends AuthorizationProvider>> providers =
+ Streams.stream(loader.iterator())
+ .filter(p ->
p.shortName().equalsIgnoreCase(authorizationProvider))
+ .map(AuthorizationProvider::getClass)
+ .collect(Collectors.toList());
+ if (providers.isEmpty()) {
+ throw new IllegalArgumentException(
+ "No authorization provider found for: " +
authorizationProvider);
+ } else if (providers.size() > 1) {
+ throw new IllegalArgumentException(
+ "Multiple authorization providers found for: " +
authorizationProvider);
+ }
+ return (BaseAuthorization<?>)
+
Iterables.getOnlyElement(providers).getDeclaredConstructor().newInstance();
+ } catch (Exception e) {
+ LOG.error("Failed to create authorization instance", e);
+ throw new RuntimeException(e);
+ }
+ });
} catch (Exception e) {
- LOG.error("Failed to create authorization instance", e);
+ LOG.error("Failed to load authorization with class loader", e);
throw new RuntimeException(e);
}
+
+ if (baseAuthorization == null) {
Review Comment:
so it seems that if the code goes here, `baseAuthorization` is not null.
##########
core/src/main/java/org/apache/gravitino/utils/IsolatedClassLoader.java:
##########
@@ -39,6 +39,11 @@
* controlled loading of classes from specified jars and shared classes from
the base class loader.
*/
public class IsolatedClassLoader implements Closeable {
+ // Gravitino have two compound (catalog and authorization) types use
isolated class loader
Review Comment:
have two -> has two
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
