This is an automated email from the ASF dual-hosted git repository.
fanng pushed a commit to branch branch-metadata-authz
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/branch-metadata-authz by this
push:
new 78637596b6 [#7557] get user from HTTP request for Iceberg REST server
(#7626)
78637596b6 is described below
commit 78637596b64bab178c48d320c7c9a9e13b249c21
Author: Yunchi Pang <[email protected]>
AuthorDate: Thu Jul 10 19:05:15 2025 -0700
[#7557] get user from HTTP request for Iceberg REST server (#7626)
### What changes were proposed in this pull request?
1. Wrapped business logic with `Utils.doAs(httpRequest, ...)` in methods
of `IcebergXXXOperations` to extract and establish user context.
2. Mocked `HttpServletRequest` with test user principal for tests in
`TestIcebergXXXOperations`.
- [x] `IcebergTableOperations`
- [x] `IcebergTableRenameOperations`
- [x] `IcebergNamespaceOperations`
- [x] `IcebergViewOperations`
- [x] `IcebergViewRenameOperations`
### Why are the changes needed?
To have all operations of Iceberg REST server to be executed under
authenticated user context.
Fix: #7557
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
`org.apache.gravitino.iceberg.service.rest.TestIcebergTableOperations`
`org.apache.gravitino.iceberg.service.rest.TestIcebergNamespaceOperations`
`org.apache.gravitino.iceberg.service.rest.TestIcebergViewOperations`
---
.../iceberg/service/IcebergExceptionMapper.java | 4 +
.../service/rest/IcebergNamespaceOperations.java | 129 +++++++++++++++-----
.../service/rest/IcebergTableOperations.java | 134 ++++++++++++++++-----
.../service/rest/IcebergTableRenameOperations.java | 17 ++-
.../service/rest/IcebergViewOperations.java | 114 +++++++++++++-----
.../service/rest/IcebergViewRenameOperations.java | 17 ++-
.../rest/TestIcebergNamespaceOperations.java | 15 +++
.../service/rest/TestIcebergTableOperations.java | 14 +++
.../service/rest/TestIcebergViewOperations.java | 14 +++
9 files changed, 358 insertions(+), 100 deletions(-)
diff --git
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/IcebergExceptionMapper.java
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/IcebergExceptionMapper.java
index ed7d0a2f98..cc26287ea9 100644
---
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/IcebergExceptionMapper.java
+++
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/IcebergExceptionMapper.java
@@ -71,6 +71,10 @@ public class IcebergExceptionMapper implements
ExceptionMapper<Exception> {
@Override
public Response toResponse(Exception ex) {
+ return toRESTResponse(ex);
+ }
+
+ public static Response toRESTResponse(Exception ex) {
int status =
EXCEPTION_ERROR_CODES.getOrDefault(
ex.getClass(), Status.INTERNAL_SERVER_ERROR.getStatusCode());
diff --git
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergNamespaceOperations.java
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergNamespaceOperations.java
index d1d4273869..aa77c4d48d 100644
---
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergNamespaceOperations.java
+++
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergNamespaceOperations.java
@@ -39,11 +39,13 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import org.apache.gravitino.iceberg.service.IcebergExceptionMapper;
import org.apache.gravitino.iceberg.service.IcebergObjectMapper;
import org.apache.gravitino.iceberg.service.IcebergRestUtils;
import
org.apache.gravitino.iceberg.service.dispatcher.IcebergNamespaceOperationDispatcher;
import org.apache.gravitino.listener.api.event.IcebergRequestContext;
import org.apache.gravitino.metrics.MetricNames;
+import org.apache.gravitino.server.web.Utils;
import org.apache.iceberg.catalog.Namespace;
import org.apache.iceberg.rest.RESTUtil;
import org.apache.iceberg.rest.requests.CreateNamespaceRequest;
@@ -88,10 +90,19 @@ public class IcebergNamespaceOperations {
parent.isEmpty() ? Namespace.empty() :
RESTUtil.decodeNamespace(parent);
LOG.info(
"List Iceberg namespaces, catalog: {}, parentNamespace: {}",
catalogName, parentNamespace);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- ListNamespacesResponse response =
- namespaceOperationDispatcher.listNamespaces(context, parentNamespace);
- return IcebergRestUtils.ok(response);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ ListNamespacesResponse response =
+ namespaceOperationDispatcher.listNamespaces(context,
parentNamespace);
+ return IcebergRestUtils.ok(response);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@GET
@@ -104,11 +115,19 @@ public class IcebergNamespaceOperations {
String catalogName = IcebergRestUtils.getCatalogName(prefix);
Namespace icebergNS = RESTUtil.decodeNamespace(namespace);
LOG.info("Load Iceberg namespace, catalog: {}, namespace: {}",
catalogName, icebergNS);
-
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- GetNamespaceResponse getNamespaceResponse =
- namespaceOperationDispatcher.loadNamespace(context, icebergNS);
- return IcebergRestUtils.ok(getNamespaceResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ GetNamespaceResponse getNamespaceResponse =
+ namespaceOperationDispatcher.loadNamespace(context, icebergNS);
+ return IcebergRestUtils.ok(getNamespaceResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@HEAD
@@ -121,13 +140,21 @@ public class IcebergNamespaceOperations {
String catalogName = IcebergRestUtils.getCatalogName(prefix);
Namespace icebergNS = RESTUtil.decodeNamespace(namespace);
LOG.info("Check Iceberg namespace exists, catalog: {}, namespace: {}",
catalogName, icebergNS);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
-
- boolean exists = namespaceOperationDispatcher.namespaceExists(context,
icebergNS);
- if (exists) {
- return IcebergRestUtils.noContent();
- } else {
- return IcebergRestUtils.notExists();
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ boolean exists =
namespaceOperationDispatcher.namespaceExists(context, icebergNS);
+ if (exists) {
+ return IcebergRestUtils.noContent();
+ } else {
+ return IcebergRestUtils.notExists();
+ }
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
}
}
@@ -142,9 +169,18 @@ public class IcebergNamespaceOperations {
String catalogName = IcebergRestUtils.getCatalogName(prefix);
Namespace icebergNS = RESTUtil.decodeNamespace(namespace);
LOG.info("Drop Iceberg namespace, catalog: {}, namespace: {}",
catalogName, icebergNS);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- namespaceOperationDispatcher.dropNamespace(context, icebergNS);
- return IcebergRestUtils.noContent();
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ namespaceOperationDispatcher.dropNamespace(context, icebergNS);
+ return IcebergRestUtils.noContent();
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@POST
@@ -158,10 +194,19 @@ public class IcebergNamespaceOperations {
"Create Iceberg namespace, catalog: {}, createNamespaceRequest: {}",
catalogName,
createNamespaceRequest);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- CreateNamespaceResponse createNamespaceResponse =
- namespaceOperationDispatcher.createNamespace(context,
createNamespaceRequest);
- return IcebergRestUtils.ok(createNamespaceResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ CreateNamespaceResponse createNamespaceResponse =
+ namespaceOperationDispatcher.createNamespace(context,
createNamespaceRequest);
+ return IcebergRestUtils.ok(createNamespaceResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@POST
@@ -180,11 +225,20 @@ public class IcebergNamespaceOperations {
catalogName,
icebergNS,
SerializeUpdateNamespacePropertiesRequest(updateNamespacePropertiesRequest));
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- UpdateNamespacePropertiesResponse updateNamespacePropertiesResponse =
- namespaceOperationDispatcher.updateNamespace(
- context, icebergNS, updateNamespacePropertiesRequest);
- return IcebergRestUtils.ok(updateNamespacePropertiesResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ UpdateNamespacePropertiesResponse
updateNamespacePropertiesResponse =
+ namespaceOperationDispatcher.updateNamespace(
+ context, icebergNS, updateNamespacePropertiesRequest);
+ return IcebergRestUtils.ok(updateNamespacePropertiesResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@POST
@@ -203,11 +257,20 @@ public class IcebergNamespaceOperations {
catalogName,
icebergNS,
registerTableRequest);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- LoadTableResponse loadTableResponse =
- namespaceOperationDispatcher.registerTable(context, icebergNS,
registerTableRequest);
-
- return IcebergRestUtils.ok(loadTableResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ LoadTableResponse loadTableResponse =
+ namespaceOperationDispatcher.registerTable(
+ context, icebergNS, registerTableRequest);
+ return IcebergRestUtils.ok(loadTableResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
// HTTP request is null in Jersey test, override with a mock request when
testing.
diff --git
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergTableOperations.java
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergTableOperations.java
index a8ad24d9e0..f6a9070100 100644
---
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergTableOperations.java
+++
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergTableOperations.java
@@ -41,12 +41,14 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
+import org.apache.gravitino.iceberg.service.IcebergExceptionMapper;
import org.apache.gravitino.iceberg.service.IcebergObjectMapper;
import org.apache.gravitino.iceberg.service.IcebergRestUtils;
import
org.apache.gravitino.iceberg.service.dispatcher.IcebergTableOperationDispatcher;
import org.apache.gravitino.iceberg.service.metrics.IcebergMetricsManager;
import org.apache.gravitino.listener.api.event.IcebergRequestContext;
import org.apache.gravitino.metrics.MetricNames;
+import org.apache.gravitino.server.web.Utils;
import org.apache.iceberg.catalog.Namespace;
import org.apache.iceberg.catalog.TableIdentifier;
import org.apache.iceberg.rest.RESTUtil;
@@ -93,9 +95,19 @@ public class IcebergTableOperations {
String catalogName = IcebergRestUtils.getCatalogName(prefix);
Namespace icebergNS = RESTUtil.decodeNamespace(namespace);
LOG.info("List Iceberg tables, catalog: {}, namespace: {}", catalogName,
icebergNS);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- ListTablesResponse listTablesResponse =
tableOperationDispatcher.listTable(context, icebergNS);
- return IcebergRestUtils.ok(listTablesResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ ListTablesResponse listTablesResponse =
+ tableOperationDispatcher.listTable(context, icebergNS);
+ return IcebergRestUtils.ok(listTablesResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@POST
@@ -118,11 +130,19 @@ public class IcebergTableOperations {
createTableRequest,
accessDelegation,
isCredentialVending);
- IcebergRequestContext context =
- new IcebergRequestContext(httpServletRequest(), catalogName,
isCredentialVending);
- LoadTableResponse loadTableResponse =
- tableOperationDispatcher.createTable(context, icebergNS,
createTableRequest);
- return IcebergRestUtils.ok(loadTableResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName,
isCredentialVending);
+ LoadTableResponse loadTableResponse =
+ tableOperationDispatcher.createTable(context, icebergNS,
createTableRequest);
+ return IcebergRestUtils.ok(loadTableResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@POST
@@ -145,11 +165,20 @@ public class IcebergTableOperations {
table,
SerializeUpdateTableRequest(updateTableRequest));
}
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- TableIdentifier tableIdentifier = TableIdentifier.of(icebergNS, table);
- LoadTableResponse loadTableResponse =
- tableOperationDispatcher.updateTable(context, tableIdentifier,
updateTableRequest);
- return IcebergRestUtils.ok(loadTableResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ TableIdentifier tableIdentifier = TableIdentifier.of(icebergNS,
table);
+ LoadTableResponse loadTableResponse =
+ tableOperationDispatcher.updateTable(context, tableIdentifier,
updateTableRequest);
+ return IcebergRestUtils.ok(loadTableResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@DELETE
@@ -170,10 +199,19 @@ public class IcebergTableOperations {
icebergNS,
table,
purgeRequested);
- TableIdentifier tableIdentifier = TableIdentifier.of(icebergNS, table);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- tableOperationDispatcher.dropTable(context, tableIdentifier,
purgeRequested);
- return IcebergRestUtils.noContent();
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ TableIdentifier tableIdentifier = TableIdentifier.of(icebergNS,
table);
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ tableOperationDispatcher.dropTable(context, tableIdentifier,
purgeRequested);
+ return IcebergRestUtils.noContent();
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@GET
@@ -199,12 +237,20 @@ public class IcebergTableOperations {
accessDelegation,
isCredentialVending);
// todo support snapshots
- TableIdentifier tableIdentifier = TableIdentifier.of(icebergNS, table);
- IcebergRequestContext context =
- new IcebergRequestContext(httpServletRequest(), catalogName,
isCredentialVending);
- LoadTableResponse loadTableResponse =
- tableOperationDispatcher.loadTable(context, tableIdentifier);
- return IcebergRestUtils.ok(loadTableResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ TableIdentifier tableIdentifier = TableIdentifier.of(icebergNS,
table);
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName,
isCredentialVending);
+ LoadTableResponse loadTableResponse =
+ tableOperationDispatcher.loadTable(context, tableIdentifier);
+ return IcebergRestUtils.ok(loadTableResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@HEAD
@@ -223,13 +269,22 @@ public class IcebergTableOperations {
catalogName,
icebergNS,
table);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- TableIdentifier tableIdentifier = TableIdentifier.of(icebergNS, table);
- boolean exists = tableOperationDispatcher.tableExists(context,
tableIdentifier);
- if (exists) {
- return IcebergRestUtils.noContent();
- } else {
- return IcebergRestUtils.notExists();
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ TableIdentifier tableIdentifier = TableIdentifier.of(icebergNS,
table);
+ boolean exists = tableOperationDispatcher.tableExists(context,
tableIdentifier);
+ if (exists) {
+ return IcebergRestUtils.noContent();
+ } else {
+ return IcebergRestUtils.notExists();
+ }
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
}
}
@@ -243,8 +298,23 @@ public class IcebergTableOperations {
@Encoded() @PathParam("namespace") String namespace,
@PathParam("table") String table,
ReportMetricsRequest request) {
- icebergMetricsManager.recordMetric(request.report());
- return IcebergRestUtils.noContent();
+ String catalogName = IcebergRestUtils.getCatalogName(prefix);
+ Namespace icebergNS = RESTUtil.decodeNamespace(namespace);
+ LOG.info(
+ "Report Iceberg table metrics, catalog: {}, namespace: {}, table: {}",
+ catalogName,
+ icebergNS,
+ table);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ icebergMetricsManager.recordMetric(request.report());
+ return IcebergRestUtils.noContent();
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
// HTTP request is null in Jersey test, override with a mock request when
testing.
diff --git
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergTableRenameOperations.java
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergTableRenameOperations.java
index f0f508dcb1..d1f079d1d6 100644
---
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergTableRenameOperations.java
+++
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergTableRenameOperations.java
@@ -31,10 +31,12 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import org.apache.gravitino.iceberg.service.IcebergExceptionMapper;
import org.apache.gravitino.iceberg.service.IcebergRestUtils;
import
org.apache.gravitino.iceberg.service.dispatcher.IcebergTableOperationDispatcher;
import org.apache.gravitino.listener.api.event.IcebergRequestContext;
import org.apache.gravitino.metrics.MetricNames;
+import org.apache.gravitino.server.web.Utils;
import org.apache.iceberg.rest.requests.RenameTableRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -66,9 +68,18 @@ public class IcebergTableRenameOperations {
catalogName,
renameTableRequest.source(),
renameTableRequest.destination());
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- tableOperationDispatcher.renameTable(context, renameTableRequest);
- return IcebergRestUtils.noContent();
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ tableOperationDispatcher.renameTable(context, renameTableRequest);
+ return IcebergRestUtils.noContent();
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
// HTTP request is null in Jersey test, override with a mock request when
testing.
diff --git
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergViewOperations.java
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergViewOperations.java
index 175ab8fbd5..2b3b2db2fc 100644
---
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergViewOperations.java
+++
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergViewOperations.java
@@ -37,11 +37,13 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import org.apache.gravitino.iceberg.service.IcebergExceptionMapper;
import org.apache.gravitino.iceberg.service.IcebergObjectMapper;
import org.apache.gravitino.iceberg.service.IcebergRestUtils;
import
org.apache.gravitino.iceberg.service.dispatcher.IcebergViewOperationDispatcher;
import org.apache.gravitino.listener.api.event.IcebergRequestContext;
import org.apache.gravitino.metrics.MetricNames;
+import org.apache.gravitino.server.web.Utils;
import org.apache.iceberg.catalog.Namespace;
import org.apache.iceberg.catalog.TableIdentifier;
import org.apache.iceberg.rest.RESTUtil;
@@ -79,9 +81,19 @@ public class IcebergViewOperations {
String catalogName = IcebergRestUtils.getCatalogName(prefix);
Namespace icebergNS = RESTUtil.decodeNamespace(namespace);
LOG.info("List Iceberg views, catalog: {}, namespace: {}", catalogName,
icebergNS);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- ListTablesResponse listTablesResponse =
viewOperationDispatcher.listView(context, icebergNS);
- return IcebergRestUtils.ok(listTablesResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ ListTablesResponse listTablesResponse =
+ viewOperationDispatcher.listView(context, icebergNS);
+ return IcebergRestUtils.ok(listTablesResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@POST
@@ -99,11 +111,19 @@ public class IcebergViewOperations {
catalogName,
icebergNS,
createViewRequest);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- LoadViewResponse loadViewResponse =
- viewOperationDispatcher.createView(context, icebergNS,
createViewRequest);
-
- return IcebergRestUtils.ok(loadViewResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ LoadViewResponse loadViewResponse =
+ viewOperationDispatcher.createView(context, icebergNS,
createViewRequest);
+ return IcebergRestUtils.ok(loadViewResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@GET
@@ -119,11 +139,20 @@ public class IcebergViewOperations {
Namespace icebergNS = RESTUtil.decodeNamespace(namespace);
LOG.info(
"Load Iceberg view, catalog: {}, namespace: {}, view: {}",
catalogName, icebergNS, view);
-
- TableIdentifier viewIdentifier = TableIdentifier.of(icebergNS, view);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- LoadViewResponse loadViewResponse =
viewOperationDispatcher.loadView(context, viewIdentifier);
- return IcebergRestUtils.ok(loadViewResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ TableIdentifier viewIdentifier = TableIdentifier.of(icebergNS,
view);
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ LoadViewResponse loadViewResponse =
+ viewOperationDispatcher.loadView(context, viewIdentifier);
+ return IcebergRestUtils.ok(loadViewResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@POST
@@ -144,11 +173,20 @@ public class IcebergViewOperations {
icebergNS,
view,
SerializeReplaceViewRequest(replaceViewRequest));
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- TableIdentifier viewIdentifier = TableIdentifier.of(icebergNS, view);
- LoadViewResponse loadViewResponse =
- viewOperationDispatcher.replaceView(context, viewIdentifier,
replaceViewRequest);
- return IcebergRestUtils.ok(loadViewResponse);
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ TableIdentifier viewIdentifier = TableIdentifier.of(icebergNS,
view);
+ LoadViewResponse loadViewResponse =
+ viewOperationDispatcher.replaceView(context, viewIdentifier,
replaceViewRequest);
+ return IcebergRestUtils.ok(loadViewResponse);
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@DELETE
@@ -164,10 +202,19 @@ public class IcebergViewOperations {
Namespace icebergNS = RESTUtil.decodeNamespace(namespace);
LOG.info(
"Drop Iceberg view, catalog: {}, namespace: {}, view: {}",
catalogName, icebergNS, view);
- TableIdentifier viewIdentifier = TableIdentifier.of(icebergNS, view);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- viewOperationDispatcher.dropView(context, viewIdentifier);
- return IcebergRestUtils.noContent();
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ TableIdentifier viewIdentifier = TableIdentifier.of(icebergNS,
view);
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ viewOperationDispatcher.dropView(context, viewIdentifier);
+ return IcebergRestUtils.noContent();
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
@HEAD
@@ -186,13 +233,22 @@ public class IcebergViewOperations {
catalogName,
icebergNS,
view);
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- TableIdentifier viewIdentifier = TableIdentifier.of(icebergNS, view);
- boolean exists = viewOperationDispatcher.viewExists(context,
viewIdentifier);
- if (exists) {
- return IcebergRestUtils.noContent();
- } else {
- return IcebergRestUtils.notExists();
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ TableIdentifier viewIdentifier = TableIdentifier.of(icebergNS,
view);
+ boolean exists = viewOperationDispatcher.viewExists(context,
viewIdentifier);
+ if (exists) {
+ return IcebergRestUtils.noContent();
+ } else {
+ return IcebergRestUtils.notExists();
+ }
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
}
}
diff --git
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergViewRenameOperations.java
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergViewRenameOperations.java
index 4c6f706086..cbdcb216eb 100644
---
a/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergViewRenameOperations.java
+++
b/iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/rest/IcebergViewRenameOperations.java
@@ -31,10 +31,12 @@ import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import org.apache.gravitino.iceberg.service.IcebergExceptionMapper;
import org.apache.gravitino.iceberg.service.IcebergRestUtils;
import
org.apache.gravitino.iceberg.service.dispatcher.IcebergViewOperationDispatcher;
import org.apache.gravitino.listener.api.event.IcebergRequestContext;
import org.apache.gravitino.metrics.MetricNames;
+import org.apache.gravitino.server.web.Utils;
import org.apache.iceberg.rest.requests.RenameTableRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -66,9 +68,18 @@ public class IcebergViewRenameOperations {
catalogName,
renameViewRequest.source(),
renameViewRequest.destination());
- IcebergRequestContext context = new
IcebergRequestContext(httpServletRequest(), catalogName);
- viewOperationDispatcher.renameView(context, renameViewRequest);
- return IcebergRestUtils.noContent();
+ try {
+ return Utils.doAs(
+ httpRequest,
+ () -> {
+ IcebergRequestContext context =
+ new IcebergRequestContext(httpServletRequest(), catalogName);
+ viewOperationDispatcher.renameView(context, renameViewRequest);
+ return IcebergRestUtils.noContent();
+ });
+ } catch (Exception e) {
+ return IcebergExceptionMapper.toRESTResponse(e);
+ }
}
// HTTP request is null in Jersey test, override with a mock request when
testing.
diff --git
a/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergNamespaceOperations.java
b/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergNamespaceOperations.java
index 220623b95b..1f07808687 100644
---
a/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergNamespaceOperations.java
+++
b/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergNamespaceOperations.java
@@ -20,6 +20,7 @@ package org.apache.gravitino.iceberg.service.rest;
import java.util.Arrays;
import java.util.Optional;
+import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Application;
import org.apache.gravitino.listener.api.event.Event;
import org.apache.gravitino.listener.api.event.IcebergCreateNamespaceEvent;
@@ -40,11 +41,13 @@ import
org.apache.gravitino.listener.api.event.IcebergUpdateNamespaceEvent;
import
org.apache.gravitino.listener.api.event.IcebergUpdateNamespaceFailureEvent;
import org.apache.gravitino.listener.api.event.IcebergUpdateNamespacePreEvent;
import org.apache.iceberg.catalog.Namespace;
+import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.glassfish.jersey.server.ResourceConfig;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;
+import org.mockito.Mockito;
public class TestIcebergNamespaceOperations extends IcebergNamespaceTestBase {
@@ -56,6 +59,18 @@ public class TestIcebergNamespaceOperations extends
IcebergNamespaceTestBase {
ResourceConfig resourceConfig =
IcebergRestTestUtil.getIcebergResourceConfig(
MockIcebergNamespaceOperations.class, true,
Arrays.asList(dummyEventListener));
+
+ // register a mock HttpServletRequest with user info
+ resourceConfig.register(
+ new AbstractBinder() {
+ @Override
+ protected void configure() {
+ HttpServletRequest mockRequest =
Mockito.mock(HttpServletRequest.class);
+ Mockito.when(mockRequest.getUserPrincipal()).thenReturn(() ->
"test-user");
+ bind(mockRequest).to(HttpServletRequest.class);
+ }
+ });
+
return resourceConfig;
}
diff --git
a/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergTableOperations.java
b/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergTableOperations.java
index d19d654224..cfa7d71a0d 100644
---
a/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergTableOperations.java
+++
b/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergTableOperations.java
@@ -25,6 +25,7 @@ import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.MediaType;
@@ -71,10 +72,12 @@ import org.apache.iceberg.rest.responses.ListTablesResponse;
import org.apache.iceberg.rest.responses.LoadTableResponse;
import org.apache.iceberg.types.Types.NestedField;
import org.apache.iceberg.types.Types.StringType;
+import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.glassfish.jersey.server.ResourceConfig;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
+import org.mockito.Mockito;
public class TestIcebergTableOperations extends IcebergNamespaceTestBase {
@@ -96,6 +99,17 @@ public class TestIcebergTableOperations extends
IcebergNamespaceTestBase {
resourceConfig.register(MockIcebergNamespaceOperations.class);
resourceConfig.register(MockIcebergTableRenameOperations.class);
+ // register a mock HttpServletRequest with user info
+ resourceConfig.register(
+ new AbstractBinder() {
+ @Override
+ protected void configure() {
+ HttpServletRequest mockRequest =
Mockito.mock(HttpServletRequest.class);
+ Mockito.when(mockRequest.getUserPrincipal()).thenReturn(() ->
"test-user");
+ bind(mockRequest).to(HttpServletRequest.class);
+ }
+ });
+
return resourceConfig;
}
diff --git
a/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergViewOperations.java
b/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergViewOperations.java
index 8a2a2e226f..85100e4e29 100644
---
a/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergViewOperations.java
+++
b/iceberg/iceberg-rest-server/src/test/java/org/apache/gravitino/iceberg/service/rest/TestIcebergViewOperations.java
@@ -24,6 +24,7 @@ import java.util.Arrays;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.MediaType;
@@ -63,10 +64,12 @@ import org.apache.iceberg.types.Types;
import org.apache.iceberg.view.ImmutableSQLViewRepresentation;
import org.apache.iceberg.view.ImmutableViewVersion;
import org.apache.iceberg.view.ViewMetadata;
+import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.glassfish.jersey.server.ResourceConfig;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
+import org.mockito.Mockito;
public class TestIcebergViewOperations extends IcebergNamespaceTestBase {
private static final Schema viewSchema =
@@ -89,6 +92,17 @@ public class TestIcebergViewOperations extends
IcebergNamespaceTestBase {
resourceConfig.register(MockIcebergNamespaceOperations.class);
resourceConfig.register(MockIcebergViewRenameOperations.class);
+ // register a mock HttpServletRequest with user info
+ resourceConfig.register(
+ new AbstractBinder() {
+ @Override
+ protected void configure() {
+ HttpServletRequest mockRequest =
Mockito.mock(HttpServletRequest.class);
+ Mockito.when(mockRequest.getUserPrincipal()).thenReturn(() ->
"test-user");
+ bind(mockRequest).to(HttpServletRequest.class);
+ }
+ });
+
return resourceConfig;
}
