This is an automated email from the ASF dual-hosted git repository.
liuxun pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 6f54874e4 [#5966] improvment(authorization): Add path based securable
object and user group mapping interface (#5967)
6f54874e4 is described below
commit 6f54874e486e1898930f72b744986feeb54aa913
Author: Qi Yu <[email protected]>
AuthorDate: Fri Jan 3 10:16:41 2025 +0800
[#5966] improvment(authorization): Add path based securable object and user
group mapping interface (#5967)
### What changes were proposed in this pull request?
Add the following things:
- The interface for user-group mapping between Gravitino and underlying
user system.
### Why are the changes needed?
It's a need for path-based authorization
Fix: #5966
### Does this PR introduce _any_ user-facing change?
N/A.
### How was this patch tested?
Existing tests.
---
.../AuthorizationUserGroupMappingProvider.java | 64 ++++++++++++++++++++++
1 file changed, 64 insertions(+)
diff --git
a/authorizations/authorization-common/src/main/java/org/apache/gravitino/authorization/common/AuthorizationUserGroupMappingProvider.java
b/authorizations/authorization-common/src/main/java/org/apache/gravitino/authorization/common/AuthorizationUserGroupMappingProvider.java
new file mode 100644
index 000000000..08b48dc78
--- /dev/null
+++
b/authorizations/authorization-common/src/main/java/org/apache/gravitino/authorization/common/AuthorizationUserGroupMappingProvider.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.gravitino.authorization.common;
+
+import java.util.Map;
+
+/**
+ * The AuthorizationUserGroupMappingProvider interface defines the public API
for mapping Gravitino
+ * users and groups to the that in underlying data source system.
+ *
+ * <p>Typically, the users and group names in Gravitino are the same as the
underlying data source.
+ * However, in some cases, the user and group names in Gravitino may be
different from the
+ * underlying data source. For instance, in GCP IAM, the username is the email
address or the
+ * service account. So the user group mapping provider can be used to map the
Gravitino username to
+ * the email address or service account.
+ */
+public interface AuthorizationUserGroupMappingProvider {
+
+ /**
+ * Initialize the user group mapping provider with the configuration.
+ *
+ * @param config The configuration map for the user group mapping provider.
+ */
+ default void initialize(Map<String, String> config) {}
+
+ /**
+ * Get the username from the underlying data source based on the Gravitino
username For instance,
+ * in GCP IAM, the username is the email address or the service account.
+ *
+ * @param gravitinoUserName The Gravitino username.
+ * @return The username from the underlying data source.
+ */
+ default String getUserName(String gravitinoUserName) {
+ return gravitinoUserName;
+ }
+
+ /**
+ * Get the group name from the underlying data source based on the Gravitino
group name.
+ *
+ * @param gravitinoGroupName The Gravitino group name.
+ * @return The group name from the underlying data source.
+ */
+ default String getGroupName(String gravitinoGroupName) {
+ return gravitinoGroupName;
+ }
+}
