Re: [PR] [#6042] refactor: Delete the privilege of catalog after dropping the catalogs [gravitino]

Thu, 02 Jan 2025 00:08:54 -0800 


tengqm commented on code in PR #6045:
URL: https://github.com/apache/gravitino/pull/6045#discussion_r1900614870


##########
authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java:
##########
@@ -142,6 +142,8 @@ protected void cleanIT() {
               (schema -> {
                 catalog.asSchemas().dropSchema(schema, false);
               }));
+
+      // This code will call the catalog metadata object remove privileges

Review Comment:
   ```suggestion
         // The `dropCatalog` call will invoke the catalog metadata object to 
remove privileges
   ```



##########
core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java:
##########
@@ -255,15 +245,33 @@ public static void authorizationPluginRemovePrivileges(
     if (GravitinoEnv.getInstance().accessControlDispatcher() != null) {
       MetadataObject metadataObject = 
NameIdentifierUtil.toMetadataObject(ident, type);
       MetadataObjectChange removeObject = 
MetadataObjectChange.remove(metadataObject);
+
+      String metalake =
+          type == Entity.EntityType.METALAKE ? ident.name() : 
ident.namespace().level(0);
+
       callAuthorizationPluginForMetadataObject(
-          ident.namespace().level(0),
+          metalake,
           metadataObject,
           authorizationPlugin -> {
             authorizationPlugin.onMetadataUpdated(removeObject);
           });
     }
   }
 
+  public static void removeCatalogPrivileges(Catalog catalog) {

Review Comment:
   There seems no need to extract this logic as a method.
   Thoughts?



##########
core/src/main/java/org/apache/gravitino/hook/CatalogHookDispatcher.java:
##########
@@ -126,8 +126,19 @@ public boolean dropCatalog(NameIdentifier ident) {
   @Override
   public boolean dropCatalog(NameIdentifier ident, boolean force)
       throws NonEmptyEntityException, CatalogInUseException {
-    AuthorizationUtils.authorizationPluginRemovePrivileges(ident, 
Entity.EntityType.CATALOG);
-    return dispatcher.dropCatalog(ident, force);
+    // If we call the authorization plugin after dropping catalog, we can't 
load the plugin of the
+    // catalog
+    Catalog catalog = null;
+    if (dispatcher.catalogExists(ident)) {
+      catalog = dispatcher.loadCatalog(ident);
+    }

Review Comment:
   Should we return `true` directly here?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to