This is an automated email from the ASF dual-hosted git repository.
yuqi4733 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 32a7df410f [#6133] Improvement(core): Supports to get Fileset schema
location in the AuthorizationUtils (#6211)
32a7df410f is described below
commit 32a7df410f30b7ff773f5a8d9fe14469a986329d
Author: Lord of Abyss <[email protected]>
AuthorDate: Fri Mar 28 14:11:00 2025 +0800
[#6133] Improvement(core): Supports to get Fileset schema location in the
AuthorizationUtils (#6211)
### What changes were proposed in this pull request?
Supports get Fileset schema location in the AuthorizationUtils
A Fileset can be uniquely identified using
`metalake.catalog.schema.fileset`. The logic for retrieving the schema
is as follows:
Check the type of `catalogObj.type()`:
- If it is `RELATIONAL`, determine whether the `provider` is Hive. If it
is a Hive table, retrieve its `LOCATION` property.
- If it is `FILESET`, determine whether it implements
`HasPropertyMetadata`:
1. If it does, use the `schemaPropertiesMetadata()` method to retrieve
the path.
2. If it does not implement `HasPropertyMetadata`, check whether it
contains any Fileset objects:
1. If it does not, convert the catalog object to `FilesetCatalog` and
retrieve its `LOCATION` property.
2. If it does contain Filesets, retrieve all the Fileset instances and
add their respective Fileset paths.
### Why are the changes needed?
Fix: #6133
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
local test.
---------
Co-authored-by: Rory <[email protected]>
---
.../test/TestChainedAuthorizationIT.java | 6 +-
.../common/PathBasedMetadataObject.java | 7 ++
.../common/TestPathBasedMetadataObject.java | 45 ++------
.../ranger/RangerAuthorizationHDFSPlugin.java | 117 +++++++++++----------
.../test/RangerAuthorizationHDFSPluginIT.java | 21 ++--
.../authorization/AuthorizationUtils.java | 92 ++++++++--------
6 files changed, 138 insertions(+), 150 deletions(-)
diff --git
a/authorizations/authorization-chain/src/test/java/org/apache/gravitino/authorization/chain/integration/test/TestChainedAuthorizationIT.java
b/authorizations/authorization-chain/src/test/java/org/apache/gravitino/authorization/chain/integration/test/TestChainedAuthorizationIT.java
index a7e1dc465f..3301e28e03 100644
---
a/authorizations/authorization-chain/src/test/java/org/apache/gravitino/authorization/chain/integration/test/TestChainedAuthorizationIT.java
+++
b/authorizations/authorization-chain/src/test/java/org/apache/gravitino/authorization/chain/integration/test/TestChainedAuthorizationIT.java
@@ -170,10 +170,8 @@ public class TestChainedAuthorizationIT extends
RangerBaseE2EIT {
RangerITEnv.rangerClient.getPoliciesInService(RangerITEnv.RANGER_HDFS_REPO_NAME);
rangerHivePolicies.stream().forEach(policy -> LOG.info("Ranger Hive
policy: {}", policy));
rangerHdfsPolicies.stream().forEach(policy -> LOG.info("Ranger HDFS
policy: {}", policy));
- Preconditions.condition(
- rangerHivePolicies.size() == 0, "Ranger Hive policies should be
empty");
- Preconditions.condition(
- rangerHdfsPolicies.size() == 0, "Ranger HDFS policies should be
empty");
+ Preconditions.condition(rangerHivePolicies.isEmpty(), "Ranger Hive
policies should be empty");
+ Preconditions.condition(rangerHdfsPolicies.isEmpty(), "Ranger HDFS
policies should be empty");
} catch (RangerServiceException e) {
throw new RuntimeException(e);
}
diff --git
a/authorizations/authorization-common/src/main/java/org/apache/gravitino/authorization/common/PathBasedMetadataObject.java
b/authorizations/authorization-common/src/main/java/org/apache/gravitino/authorization/common/PathBasedMetadataObject.java
index 05b77755dc..7b65fbd56f 100644
---
a/authorizations/authorization-common/src/main/java/org/apache/gravitino/authorization/common/PathBasedMetadataObject.java
+++
b/authorizations/authorization-common/src/main/java/org/apache/gravitino/authorization/common/PathBasedMetadataObject.java
@@ -27,6 +27,13 @@ import org.apache.gravitino.MetadataObject;
import org.apache.gravitino.authorization.AuthorizationMetadataObject;
public class PathBasedMetadataObject implements AuthorizationMetadataObject {
+
+ public static final PathType METALAKE_PATH = new
PathType(MetadataObject.Type.METALAKE);
+ public static final PathType CATALOG_PATH = new
PathType(MetadataObject.Type.CATALOG);
+ public static final PathType SCHEMA_PATH = new
PathType(MetadataObject.Type.SCHEMA);
+ public static final PathType TABLE_PATH = new
PathType(MetadataObject.Type.TABLE);
+ public static final PathType FILESET_PATH = new
PathType(MetadataObject.Type.FILESET);
+
/**
* The type of metadata object in the underlying system. Every type will map
one kind of the
* entity of the Gravitino type system. When we store a Hive table, first,
we will store the
diff --git
a/authorizations/authorization-common/src/test/java/org/apache/gravitino/authorization/common/TestPathBasedMetadataObject.java
b/authorizations/authorization-common/src/test/java/org/apache/gravitino/authorization/common/TestPathBasedMetadataObject.java
index 7656dabdfa..0fd40a541e 100644
---
a/authorizations/authorization-common/src/test/java/org/apache/gravitino/authorization/common/TestPathBasedMetadataObject.java
+++
b/authorizations/authorization-common/src/test/java/org/apache/gravitino/authorization/common/TestPathBasedMetadataObject.java
@@ -18,7 +18,6 @@
*/
package org.apache.gravitino.authorization.common;
-import org.apache.gravitino.MetadataObject;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
@@ -26,19 +25,11 @@ public class TestPathBasedMetadataObject {
@Test
public void PathBasedMetadataObjectEquals() {
PathBasedMetadataObject pathBasedMetadataObject1 =
- new PathBasedMetadataObject(
- "parent",
- "name",
- "path",
- PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ new PathBasedMetadataObject("parent", "name", "path",
PathBasedMetadataObject.FILESET_PATH);
pathBasedMetadataObject1.validateAuthorizationMetadataObject();
PathBasedMetadataObject pathBasedMetadataObject2 =
- new PathBasedMetadataObject(
- "parent",
- "name",
- "path",
- PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ new PathBasedMetadataObject("parent", "name", "path",
PathBasedMetadataObject.FILESET_PATH);
pathBasedMetadataObject2.validateAuthorizationMetadataObject();
Assertions.assertEquals(pathBasedMetadataObject1,
pathBasedMetadataObject2);
@@ -47,19 +38,12 @@ public class TestPathBasedMetadataObject {
@Test
public void PathBasedMetadataObjectNotEquals() {
PathBasedMetadataObject pathBasedMetadataObject1 =
- new PathBasedMetadataObject(
- "parent",
- "name",
- "path",
- PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ new PathBasedMetadataObject("parent", "name", "path",
PathBasedMetadataObject.FILESET_PATH);
pathBasedMetadataObject1.validateAuthorizationMetadataObject();
PathBasedMetadataObject pathBasedMetadataObject2 =
new PathBasedMetadataObject(
- "parent",
- "name",
- "path1",
- PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ "parent", "name", "path1", PathBasedMetadataObject.FILESET_PATH);
pathBasedMetadataObject2.validateAuthorizationMetadataObject();
Assertions.assertNotEquals(pathBasedMetadataObject1,
pathBasedMetadataObject2);
@@ -68,38 +52,25 @@ public class TestPathBasedMetadataObject {
@Test
void testToString() {
PathBasedMetadataObject pathBasedMetadataObject1 =
- new PathBasedMetadataObject(
- "parent",
- "name",
- "path",
- PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ new PathBasedMetadataObject("parent", "name", "path",
PathBasedMetadataObject.FILESET_PATH);
Assertions.assertEquals(
"MetadataObject: [fullName=parent.name], [path=path], [type=PATH]",
pathBasedMetadataObject1.toString());
PathBasedMetadataObject pathBasedMetadataObject2 =
- new PathBasedMetadataObject(
- "parent",
- "name",
- null,
- PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ new PathBasedMetadataObject("parent", "name", null,
PathBasedMetadataObject.FILESET_PATH);
Assertions.assertEquals(
"MetadataObject: [fullName=parent.name], [path=null], [type=PATH]",
pathBasedMetadataObject2.toString());
PathBasedMetadataObject pathBasedMetadataObject3 =
- new PathBasedMetadataObject(
- null, "name", null,
PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ new PathBasedMetadataObject(null, "name", null,
PathBasedMetadataObject.FILESET_PATH);
Assertions.assertEquals(
"MetadataObject: [fullName=name], [path=null], [type=PATH]",
pathBasedMetadataObject3.toString());
PathBasedMetadataObject pathBasedMetadataObject4 =
- new PathBasedMetadataObject(
- null,
- "name",
- "path",
- PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ new PathBasedMetadataObject(null, "name", "path",
PathBasedMetadataObject.FILESET_PATH);
Assertions.assertEquals(
"MetadataObject: [fullName=name], [path=path], [type=PATH]",
pathBasedMetadataObject4.toString());
diff --git
a/authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHDFSPlugin.java
b/authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHDFSPlugin.java
index 6359344582..2406fe5581 100644
---
a/authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHDFSPlugin.java
+++
b/authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHDFSPlugin.java
@@ -251,17 +251,11 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
*/
@Override
protected void removeMetadataObject(AuthorizationMetadataObject
authzMetadataObject) {
- if (authzMetadataObject
- .type()
-
.equals(PathBasedMetadataObject.PathType.get(MetadataObject.Type.SCHEMA))) {
+ if
(authzMetadataObject.type().equals(PathBasedMetadataObject.SCHEMA_PATH)) {
removeSchemaMetadataObject(authzMetadataObject);
- } else if (authzMetadataObject
- .type()
-
.equals(PathBasedMetadataObject.PathType.get(MetadataObject.Type.TABLE))) {
+ } else if
(authzMetadataObject.type().equals(PathBasedMetadataObject.TABLE_PATH)) {
removeTableMetadataObject(authzMetadataObject);
- } else if (authzMetadataObject
- .type()
-
.equals(PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET))) {
+ } else if
(authzMetadataObject.type().equals(PathBasedMetadataObject.FILESET_PATH)) {
removePolicyByMetadataObject(authzMetadataObject);
} else {
throw new IllegalArgumentException(
@@ -278,8 +272,7 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
authzMetadataObject instanceof PathBasedMetadataObject,
"The metadata object must be a PathBasedMetadataObject");
Preconditions.checkArgument(
- authzMetadataObject.type()
- ==
PathBasedMetadataObject.PathType.get(MetadataObject.Type.SCHEMA),
+ authzMetadataObject.type().equals(PathBasedMetadataObject.SCHEMA_PATH),
"The metadata object type must be a schema");
Preconditions.checkArgument(
authzMetadataObject.names().size() == 1, "The metadata object's size
must be 1.");
@@ -305,7 +298,7 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
AuthorizationMetadataObject.getParentFullName(names),
AuthorizationMetadataObject.getLastName(names),
locationPath,
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.SCHEMA));
+ PathBasedMetadataObject.SCHEMA_PATH);
removeSchemaMetadataObject(schemaMetadataObject);
});
});
@@ -330,7 +323,7 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
authzMetadataObject.name(),
table.name(),
locationPath,
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.TABLE));
+ PathBasedMetadataObject.TABLE_PATH);
removeTableMetadataObject(tableMetadataObject);
});
});
@@ -349,7 +342,7 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
authzMetadataObject.name(),
schema.name(),
locationPath,
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.SCHEMA));
+ PathBasedMetadataObject.SCHEMA_PATH);
removePolicyByMetadataObject(schemaMetadataObject);
});
}
@@ -366,9 +359,7 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
Preconditions.checkArgument(
authzMetadataObject.names().size() == 3, "The metadata object's name
size must be 3");
Preconditions.checkArgument(
- authzMetadataObject
- .type()
-
.equals(PathBasedMetadataObject.PathType.get(MetadataObject.Type.SCHEMA)),
+ authzMetadataObject.type().equals(PathBasedMetadataObject.TABLE_PATH),
"The metadata object type must be a path");
removePolicyByMetadataObject(authzMetadataObject);
}
@@ -466,27 +457,20 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
case USE_SCHEMA:
switch (securableObject.type()) {
case METALAKE:
+ extractMetalakeLocations(
+ securableObject, identifier, rangerSecurableObjects,
rangerPrivileges);
+ break;
case CATALOG:
case SCHEMA:
AuthorizationUtils.getMetadataObjectLocation(
identifier,
MetadataObjectUtil.toEntityType(securableObject))
.forEach(
locationPath -> {
- PathBasedMetadataObject pathBaseMetadataObject
=
- new PathBasedMetadataObject(
- securableObject.parent(),
- securableObject.name(),
- locationPath,
- PathBasedMetadataObject.PathType.get(
- securableObject.type()));
-
pathBaseMetadataObject.validateAuthorizationMetadataObject();
- rangerSecurableObjects.add(
- generateAuthorizationSecurableObject(
- pathBaseMetadataObject.names(),
- locationPath,
- PathBasedMetadataObject.PathType.get(
- securableObject.type()),
- rangerPrivileges));
+ createPathBasedMetadataObject(
+ securableObject,
+ locationPath,
+ rangerSecurableObjects,
+ rangerPrivileges);
});
break;
default:
@@ -499,27 +483,19 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
case CREATE_SCHEMA:
switch (securableObject.type()) {
case METALAKE:
+ extractMetalakeLocations(
+ securableObject, identifier, rangerSecurableObjects,
rangerPrivileges);
+ break;
case CATALOG:
AuthorizationUtils.getMetadataObjectLocation(
identifier,
MetadataObjectUtil.toEntityType(securableObject))
.forEach(
- locationPath -> {
- PathBasedMetadataObject pathBaseMetadataObject
=
- new PathBasedMetadataObject(
- securableObject.parent(),
- securableObject.name(),
- locationPath,
- PathBasedMetadataObject.PathType.get(
- securableObject.type()));
-
pathBaseMetadataObject.validateAuthorizationMetadataObject();
- rangerSecurableObjects.add(
- generateAuthorizationSecurableObject(
- pathBaseMetadataObject.names(),
- locationPath,
- PathBasedMetadataObject.PathType.get(
- securableObject.type()),
- rangerPrivileges));
- });
+ locationPath ->
+ createPathBasedMetadataObject(
+ securableObject,
+ locationPath,
+ rangerSecurableObjects,
+ rangerPrivileges));
break;
default:
throw new AuthorizationPluginException(
@@ -556,8 +532,7 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
generateAuthorizationSecurableObject(
pathBasedMetadataObject.names(),
getAuthorizationPath(pathBasedMetadataObject),
- PathBasedMetadataObject.PathType.get(
- MetadataObject.Type.FILESET),
+ PathBasedMetadataObject.FILESET_PATH,
rangerPrivileges));
});
break;
@@ -579,6 +554,42 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
return rangerSecurableObjects;
}
+ private void extractMetalakeLocations(
+ SecurableObject securableObject,
+ NameIdentifier identifier,
+ List<AuthorizationSecurableObject> rangerSecurableObjects,
+ Set<AuthorizationPrivilege> rangerPrivileges) {
+ NameIdentifier[] catalogs =
+ GravitinoEnv.getInstance()
+ .catalogDispatcher()
+ .listCatalogs(Namespace.of(identifier.name()));
+ for (NameIdentifier catalog : catalogs) {
+ AuthorizationUtils.getMetadataObjectLocation(catalog,
Entity.EntityType.CATALOG)
+ .forEach(
+ locationPath ->
+ createPathBasedMetadataObject(
+ securableObject, locationPath, rangerSecurableObjects,
rangerPrivileges));
+ }
+ }
+
+ private void createPathBasedMetadataObject(
+ SecurableObject securableObject,
+ String locationPath,
+ List<AuthorizationSecurableObject> rangerSecurableObjects,
+ Set<AuthorizationPrivilege> rangerPrivileges) {
+ PathBasedMetadataObject pathBaseMetadataObject =
+ new PathBasedMetadataObject(
+ securableObject.parent(),
+ securableObject.name(),
+ locationPath,
+ PathBasedMetadataObject.PathType.get(securableObject.type()));
+ pathBaseMetadataObject.validateAuthorizationMetadataObject();
+ rangerSecurableObjects.add(
+ generateAuthorizationSecurableObject(
+ pathBaseMetadataObject.names(), locationPath,
+ PathBasedMetadataObject.PathType.get(securableObject.type()),
rangerPrivileges));
+ }
+
@Override
public List<AuthorizationSecurableObject> translateOwner(MetadataObject
gravitinoMetadataObject) {
List<AuthorizationSecurableObject> rangerSecurableObjects = new
ArrayList<>();
@@ -600,7 +611,7 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
generateAuthorizationSecurableObject(
pathBasedMetadataObject.names(),
getAuthorizationPath(pathBasedMetadataObject),
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET),
+ PathBasedMetadataObject.FILESET_PATH,
ownerMappingRule()));
});
break;
@@ -686,7 +697,7 @@ public class RangerAuthorizationHDFSPlugin extends
RangerAuthorizationPlugin {
changeMetadataObject.metadataObject().parent(),
changeMetadataObject.metadataObject().name(),
locationPath,
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET));
+ PathBasedMetadataObject.FILESET_PATH);
pathBaseMetadataObject.validateAuthorizationMetadataObject();
authzMetadataObjects.add(pathBaseMetadataObject);
});
diff --git
a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerAuthorizationHDFSPluginIT.java
b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerAuthorizationHDFSPluginIT.java
index b643948490..9b399eeabb 100644
---
a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerAuthorizationHDFSPluginIT.java
+++
b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerAuthorizationHDFSPluginIT.java
@@ -85,8 +85,7 @@ public class RangerAuthorizationHDFSPluginIT {
Assertions.assertEquals(
metalake.fullName(),
pathBasedMetadataObject.fullName());
Assertions.assertEquals(
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.METALAKE),
- pathBasedMetadataObject.type());
+ PathBasedMetadataObject.METALAKE_PATH,
pathBasedMetadataObject.type());
Assertions.assertEquals("/test",
pathBasedMetadataObject.path());
});
@@ -100,8 +99,7 @@ public class RangerAuthorizationHDFSPluginIT {
(PathBasedMetadataObject) securableObject;
Assertions.assertEquals(catalog.fullName(),
pathBasedMetadataObject.fullName());
Assertions.assertEquals(
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.CATALOG),
- pathBasedMetadataObject.type());
+ PathBasedMetadataObject.CATALOG_PATH,
pathBasedMetadataObject.type());
Assertions.assertEquals("/test",
pathBasedMetadataObject.path());
});
@@ -115,8 +113,7 @@ public class RangerAuthorizationHDFSPluginIT {
(PathBasedMetadataObject) securableObject;
Assertions.assertEquals(schema.fullName(),
pathBasedMetadataObject.fullName());
Assertions.assertEquals(
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.SCHEMA),
- pathBasedMetadataObject.type());
+ PathBasedMetadataObject.SCHEMA_PATH,
pathBasedMetadataObject.type());
Assertions.assertEquals("/test",
pathBasedMetadataObject.path());
});
@@ -131,8 +128,7 @@ public class RangerAuthorizationHDFSPluginIT {
(PathBasedMetadataObject) securableObject;
Assertions.assertEquals(table.fullName(),
pathBasedMetadataObject.fullName());
Assertions.assertEquals(
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.TABLE),
- securableObject.type());
+ PathBasedMetadataObject.TABLE_PATH,
securableObject.type());
Assertions.assertEquals("/test",
pathBasedMetadataObject.path());
});
@@ -147,8 +143,7 @@ public class RangerAuthorizationHDFSPluginIT {
(PathBasedMetadataObject) securableObject;
Assertions.assertEquals(fileset.fullName(),
pathBasedMetadataObject.fullName());
Assertions.assertEquals(
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET),
- securableObject.type());
+ PathBasedMetadataObject.FILESET_PATH,
securableObject.type());
Assertions.assertEquals("/test",
pathBasedMetadataObject.path());
});
});
@@ -211,8 +206,7 @@ public class RangerAuthorizationHDFSPluginIT {
PathBasedSecurableObject pathBasedSecurableObject =
(PathBasedSecurableObject) securableObject;
Assertions.assertEquals(
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET),
- pathBasedSecurableObject.type());
+ PathBasedMetadataObject.FILESET_PATH,
pathBasedSecurableObject.type());
Assertions.assertEquals("/test",
pathBasedSecurableObject.path());
Assertions.assertEquals(2,
pathBasedSecurableObject.privileges().size());
});
@@ -252,8 +246,7 @@ public class RangerAuthorizationHDFSPluginIT {
Assertions.assertEquals(1, filesetOwner.size());
Assertions.assertEquals("/test",
pathBasedSecurableObject.path());
Assertions.assertEquals(
-
PathBasedMetadataObject.PathType.get(MetadataObject.Type.FILESET),
- pathBasedSecurableObject.type());
+ PathBasedMetadataObject.FILESET_PATH,
pathBasedSecurableObject.type());
Assertions.assertEquals(3,
pathBasedSecurableObject.privileges().size());
});
});
diff --git
a/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java
b/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java
index cbae0a5c91..4df0270c6c 100644
---
a/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java
+++
b/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java
@@ -22,13 +22,11 @@ import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
-import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.gravitino.Catalog;
import org.apache.gravitino.Entity;
@@ -62,6 +60,9 @@ import org.slf4j.LoggerFactory;
/* The utilization class of authorization module*/
public class AuthorizationUtils {
private static final Logger LOG =
LoggerFactory.getLogger(AuthorizationUtils.class);
+ private static final String FILESET_CATALOG_LOCATION = "location";
+ private static final String FILESET_SCHEMA_LOCATION = "location";
+ private static final String HIVE_LOCATION = "location";
static final String USER_DOES_NOT_EXIST_MSG = "User %s does not exist in the
metalake %s";
static final String GROUP_DOES_NOT_EXIST_MSG = "Group %s does not exist in
the metalake %s";
static final String ROLE_DOES_NOT_EXIST_MSG = "Role %s does not exist in the
metalake %s";
@@ -427,30 +428,15 @@ public class AuthorizationUtils {
public static List<String> getMetadataObjectLocation(
NameIdentifier ident, Entity.EntityType type) {
List<String> locations = new ArrayList<>();
+
+ // If we don't enable authorization, the location should return empty
collection.
+ if (GravitinoEnv.getInstance().accessControlDispatcher() == null) {
+ return locations;
+ }
+
try {
switch (type) {
case METALAKE:
- {
- NameIdentifier[] identifiers =
- GravitinoEnv.getInstance()
- .catalogDispatcher()
- .listCatalogs(Namespace.of(ident.name()));
- Arrays.stream(identifiers)
- .collect(Collectors.toList())
- .forEach(
- identifier -> {
- Catalog catalogObj =
-
GravitinoEnv.getInstance().catalogDispatcher().loadCatalog(identifier);
- if (catalogObj.provider().equals("hive")) {
- // The Hive default schema location is Hive warehouse
directory
- String defaultSchemaLocation =
- getHiveDefaultLocation(ident.name(),
catalogObj.name());
- if (defaultSchemaLocation != null &&
!defaultSchemaLocation.isEmpty()) {
- locations.add(defaultSchemaLocation);
- }
- }
- });
- }
break;
case CATALOG:
{
@@ -466,30 +452,54 @@ public class AuthorizationUtils {
}
break;
case SCHEMA:
- {
- Catalog catalogObj =
- GravitinoEnv.getInstance()
- .catalogDispatcher()
- .loadCatalog(
- NameIdentifier.of(ident.namespace().level(0),
ident.namespace().level(1)));
- LOG.info("Catalog provider is %s", catalogObj.provider());
- if (catalogObj.provider().equals("hive")) {
- Schema schema =
GravitinoEnv.getInstance().schemaDispatcher().loadSchema(ident);
- if (schema.properties().containsKey(HiveConstants.LOCATION)) {
- String schemaLocation =
schema.properties().get(HiveConstants.LOCATION);
+ Catalog catalogObj =
+ GravitinoEnv.getInstance()
+ .catalogDispatcher()
+ .loadCatalog(
+ NameIdentifier.of(ident.namespace().level(0),
ident.namespace().level(1)));
+ Schema schema =
GravitinoEnv.getInstance().schemaDispatcher().loadSchema(ident);
+
+ switch (catalogObj.type()) {
+ case RELATIONAL:
+ if ("hive".equals(catalogObj.provider())
+ && schema.properties().containsKey(HIVE_LOCATION)) {
+ String schemaLocation = schema.properties().get(HIVE_LOCATION);
if (StringUtils.isNotBlank(schemaLocation)) {
locations.add(schemaLocation);
} else {
LOG.warn("Schema {} location is not found", ident);
}
}
- }
- // TODO: [#6133] Supports get Fileset schema location in the
AuthorizationUtils
+ break;
+
+ case FILESET:
+ if ("hadoop".equals(catalogObj.provider())) {
+ if (schema.properties().containsKey(FILESET_SCHEMA_LOCATION)) {
+ String schemaLocation =
schema.properties().get(FILESET_SCHEMA_LOCATION);
+ if (StringUtils.isNotBlank(schemaLocation)) {
+ locations.add(schemaLocation);
+ } else if
(catalogObj.properties().containsKey(FILESET_CATALOG_LOCATION)) {
+ String catalogLocation =
schema.properties().get(FILESET_CATALOG_LOCATION);
+ if (StringUtils.isNotBlank(catalogLocation)) {
+ schemaLocation = catalogLocation + "/" + schema.name();
+ locations.add(schemaLocation);
+ }
+ } else {
+ LOG.warn("Schema {} location is not found", ident);
+ }
+ }
+ }
+ break;
+
+ default:
+ LOG.warn("Unsupported catalog type {}", catalogObj.type());
+ break;
}
break;
+
case TABLE:
{
- Catalog catalogObj =
+ catalogObj =
GravitinoEnv.getInstance()
.catalogDispatcher()
.loadCatalog(
@@ -517,6 +527,9 @@ public class AuthorizationUtils {
filesetLocation != null, String.format("Fileset %s location is
not found", ident));
locations.add(filesetLocation);
break;
+ case TOPIC:
+ // Topic doesn't have locations now.
+ break;
default:
throw new AuthorizationPluginException(
"Failed to get location paths for metadata object %s type %s",
ident, type);
@@ -527,9 +540,4 @@ public class AuthorizationUtils {
return locations;
}
-
- private static NameIdentifier getObjectNameIdentifier(
- String metalake, MetadataObject metadataObject) {
- return NameIdentifier.parse(String.format("%s.%s", metalake,
metadataObject.fullName()));
- }
}
