This is an automated email from the ASF dual-hosted git repository.
roryqi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 7d0a8282fa [#10055] fix(authz): Fix `NoSuchEntityException` caused by
unimported schema entity (#10059)
7d0a8282fa is described below
commit 7d0a8282faee4d4760abdf7bc4c46d5271891cf3
Author: roryqi <[email protected]>
AuthorDate: Fri Feb 27 19:07:17 2026 +0800
[#10055] fix(authz): Fix `NoSuchEntityException` caused by unimported
schema entity (#10059)
### What changes were proposed in this pull request?
Fix `NoSuchEntityException` caused by unimported schema entity
### Why are the changes needed?
Fix: #10055
### Does this PR introduce _any_ user-facing change?
No.
### How was this patch tested?
Added cache IT.
---
.../TableAuthorizationCacheEnabledIT.java | 42 ++++++++++++++++++++++
.../test/authorization/TableAuthorizationIT.java | 9 +++++
.../server/authorization/MetadataAuthzHelper.java | 29 ++++++++++++++-
3 files changed, 79 insertions(+), 1 deletion(-)
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationCacheEnabledIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationCacheEnabledIT.java
new file mode 100644
index 0000000000..06586f3f2e
--- /dev/null
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationCacheEnabledIT.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.gravitino.client.integration.test.authorization;
+
+import org.apache.gravitino.Configs;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.TestMethodOrder;
+
+/**
+ * Integration tests for table authorization with cache enabled. This test
class runs the same tests
+ * as {@link TableAuthorizationIT} but with the cache enabled to ensure
authorization works
+ * correctly with caching.
+ */
+@Tag("gravitino-docker-test")
+@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+public class TableAuthorizationCacheEnabledIT extends TableAuthorizationIT {
+
+ @BeforeAll
+ @Override
+ public void startIntegrationTest() throws Exception {
+ customConfigs.put(Configs.CACHE_ENABLED.getKey(), "true");
+ super.startIntegrationTest();
+ }
+}
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationIT.java
index 64a7662683..af12862609 100644
---
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationIT.java
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationIT.java
@@ -20,6 +20,7 @@ package
org.apache.gravitino.client.integration.test.authorization;
import static org.junit.Assert.assertThrows;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.junit.jupiter.api.Assertions.assertEquals;
import com.google.common.collect.ImmutableList;
@@ -132,12 +133,20 @@ public class TableAuthorizationIT extends
BaseRestApiAuthorizationIT {
public void testCreateTable() {
// owner can create table
TableCatalog tableCatalog =
client.loadMetalake(METALAKE).loadCatalog(CATALOG).asTableCatalog();
+
+ // ISSUE-10005: Fix NoSuchEntityException caused by unimported schema
entity
+ assertDoesNotThrow(
+ () -> {
+ tableCatalog.listTables(Namespace.of("default"));
+ });
+
tableCatalog.createTable(
NameIdentifier.of(SCHEMA, "table1"), createColumns(), "test", new
HashMap<>());
// ISSUE-9982: Schema default isn't imported before
tableCatalog.createTable(
NameIdentifier.of("default", "table2"), createColumns(), "test", new
HashMap<>());
+ tableCatalog.dropTable(NameIdentifier.of("default", "table2"));
// normal user cannot create table
TableCatalog tableCatalogNormalUser =
diff --git
a/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
b/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
index fedf1698ed..5a0f1ee8bf 100644
---
a/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
+++
b/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
@@ -17,6 +17,7 @@
package org.apache.gravitino.server.authorization;
+import com.google.common.base.Preconditions;
import java.lang.reflect.Array;
import java.security.Principal;
import java.util.ArrayList;
@@ -36,6 +37,7 @@ import org.apache.gravitino.GravitinoEnv;
import org.apache.gravitino.MetadataObject;
import org.apache.gravitino.Metalake;
import org.apache.gravitino.NameIdentifier;
+import org.apache.gravitino.Namespace;
import org.apache.gravitino.authorization.AuthorizationRequestContext;
import org.apache.gravitino.authorization.GravitinoAuthorizer;
import org.apache.gravitino.dto.tag.MetadataObjectDTO;
@@ -76,6 +78,13 @@ public class MetadataAuthzHelper {
Entity.EntityType.JOB,
Entity.EntityType.JOB_TEMPLATE);
+ /**
+ * Topic and Table may be from the external system and the schema may not
exist in Gravitino, so
+ * we need to import the schema first
+ */
+ private static final List<Entity.EntityType> REQUIRE_SCHEMA_EXISTS =
+ Arrays.asList(Entity.EntityType.TABLE, Entity.EntityType.TOPIC);
+
private MetadataAuthzHelper() {}
public static Metalake[] filterMetalakes(Metalake[] metalakes, String
expression) {
@@ -347,7 +356,10 @@ public class MetadataAuthzHelper {
private static void preloadToCache(
Entity.EntityType entityType, NameIdentifier[] nameIdentifiers) {
- if (!GravitinoEnv.getInstance().cacheEnabled()) {
+ // If cache is not enabled or access control dispatcher is not set, skip
preloading to cache
+ if (!GravitinoEnv.getInstance().cacheEnabled()
+ || GravitinoEnv.getInstance().accessControlDispatcher() == null
+ || nameIdentifiers.length == 0) {
return;
}
@@ -356,6 +368,21 @@ public class MetadataAuthzHelper {
return;
}
+ if (REQUIRE_SCHEMA_EXISTS.contains(entityType)) {
+ // For entity types that require schema existence, check if the schema
exists before
+ // preloading to cache
+ Namespace firstNamespace = nameIdentifiers[0].namespace();
+ Preconditions.checkArgument(
+ Arrays.stream(nameIdentifiers).allMatch(id ->
id.namespace().equals(firstNamespace)),
+ "All identifiers must have the same schema");
+
+ if (!GravitinoEnv.getInstance()
+ .schemaDispatcher()
+ .schemaExists(NameIdentifier.parse(firstNamespace.toString()))) {
+ return;
+ }
+ }
+
GravitinoEnv.getInstance()
.entityStore()
.batchGet(
