This is an automated email from the ASF dual-hosted git repository.
jshao pushed a commit to branch branch-1.0
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/branch-1.0 by this push:
new e655f6e094 [#7823] feat(authz): Enable the test catalog connection
operation to support authorization. (#8826)
e655f6e094 is described below
commit e655f6e0946cf71e234a32445d9592a9cac32b1a
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Fri Oct 17 19:14:32 2025 +0800
[#7823] feat(authz): Enable the test catalog connection operation to
support authorization. (#8826)
### What changes were proposed in this pull request?
Enable the test catalog connection operation to support authorization.
### Why are the changes needed?
Fix: #7823
### Does this PR introduce _any_ user-facing change?
None
### How was this patch tested?
org.apache.gravitino.client.integration.test.authorization.CatalogAuthorizationIT#testCreateCatalog
Co-authored-by: yangyang zhong <[email protected]>
Co-authored-by: Jerry Shao <[email protected]>
---
.../test/authorization/CatalogAuthorizationIT.java | 16 +++++++++++++++-
.../gravitino/server/web/rest/CatalogOperations.java | 3 +++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CatalogAuthorizationIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CatalogAuthorizationIT.java
index 2e1a698386..3b62bbf229 100644
---
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CatalogAuthorizationIT.java
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CatalogAuthorizationIT.java
@@ -59,9 +59,17 @@ public class CatalogAuthorizationIT extends
BaseRestApiAuthorizationIT {
@Test
@Order(1)
- public void testCreateCatalog() {
+ public void testCreateCatalog() throws Exception {
Map<String, String> properties = Maps.newHashMap();
properties.put("metastore.uris", hmsUri);
+ assertThrows(
+ "Can not access metadata {" + catalog1 + "}.",
+ ForbiddenException.class,
+ () -> {
+ normalUserClient
+ .loadMetalake(METALAKE)
+ .testConnection(catalog1, Catalog.Type.RELATIONAL, "hive",
"comment", properties);
+ });
assertThrows(
"Can not access metadata {" + catalog1 + "}.",
ForbiddenException.class,
@@ -70,9 +78,15 @@ public class CatalogAuthorizationIT extends
BaseRestApiAuthorizationIT {
.loadMetalake(METALAKE)
.createCatalog(catalog1, Catalog.Type.RELATIONAL, "hive",
"comment", properties);
});
+ client
+ .loadMetalake(METALAKE)
+ .testConnection(catalog1, Catalog.Type.RELATIONAL, "hive", "comment",
properties);
client
.loadMetalake(METALAKE)
.createCatalog(catalog1, Catalog.Type.RELATIONAL, "hive", "comment",
properties);
+ client
+ .loadMetalake(METALAKE)
+ .testConnection(catalog2, Catalog.Type.RELATIONAL, "hive", "comment",
properties);
client
.loadMetalake(METALAKE)
.createCatalog(catalog2, Catalog.Type.RELATIONAL, "hive", "comment",
properties);
diff --git
a/server/src/main/java/org/apache/gravitino/server/web/rest/CatalogOperations.java
b/server/src/main/java/org/apache/gravitino/server/web/rest/CatalogOperations.java
index c1e36b8c09..093e17eff6 100644
---
a/server/src/main/java/org/apache/gravitino/server/web/rest/CatalogOperations.java
+++
b/server/src/main/java/org/apache/gravitino/server/web/rest/CatalogOperations.java
@@ -168,6 +168,9 @@ public class CatalogOperations {
@Path("testConnection")
@Produces("application/vnd.gravitino.v1+json")
@Timed(name = "test-connection." + MetricNames.HTTP_PROCESS_DURATION,
absolute = true)
+ @AuthorizationExpression(
+ expression = "METALAKE::CREATE_CATALOG || METALAKE::OWNER",
+ accessMetadataType = MetadataObject.Type.METALAKE)
@ResponseMetered(name = "test-connection", absolute = true)
public Response testConnection(
@PathParam("metalake") @AuthorizationMetadata(type =
Entity.EntityType.METALAKE)
