jerryshao opened a new pull request, #9271:
URL: https://github.com/apache/gravitino/pull/9271
### What changes were proposed in this pull request?
This PR fixes the inconsistent HTTP response codes for tag list operations
when the metalake doesn't exist or is not in use. Previously, `listTags()` and
`listMetadataObjectsForTag()` returned 404 (Not Found) while other tag
operations like `createTag()`, `getTag()`, `alterTag()`, and `deleteTag()`
returned 403 (Forbidden).
The fix adds `@AuthorizationExpression` annotations with empty expressions
to the list tag methods, which triggers the authorization interceptor to check
metalake existence and return 403 consistently across all tag operations.
### Why are the changes needed?
Fix: #9239
When authorization is enabled, all tag operations should return consistent
error responses when the metalake doesn't exist or is not in use. The current
inconsistency confuses users and makes error handling more complex for client
applications.
### Does this PR introduce _any_ user-facing change?
Yes. The HTTP response code for `listTags()` and
`listMetadataObjectsForTag()` operations changes from 404 to 403 when the
metalake doesn't exist or is not in use. This makes the behavior consistent
with other tag operations.
### How was this patch tested?
- Added unit tests in `TestGravitinoInterceptionService`:
- `testMetalakeNotExistOrNotInUse()`: Verifies 403 response when metalake
doesn't exist
- `testEmptyExpressionSkipsAuthorization()`: Verifies empty expressions
work correctly
- Updated integration test
`TagOperationsAuthorizationIT.testTagOperationsWithNonExistentMetalake()` to
verify all tag operations return 403 consistently
- All tests pass successfully
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
