This is an automated email from the ASF dual-hosted git repository.
honahx pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new 41968a7f3 Make ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS
configurable per catalog (#2688)
41968a7f3 is described below
commit 41968a7f33e1df600e33221f505e52ff692e8a53
Author: Honah (Jonas) J. <[email protected]>
AuthorDate: Thu Sep 25 18:08:16 2025 -0500
Make ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS configurable per
catalog (#2688)
* Update ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS to be configurable
per catalog
---
.../apache/polaris/core/config/FeatureConfiguration.java | 1 +
.../apache/polaris/service/admin/PolarisAdminService.java | 15 ++++++++++++---
.../polaris/service/admin/PolarisAdminServiceTest.java | 10 ++++++++++
.../polaris/service/admin/PolarisAuthzTestBase.java | 2 +-
4 files changed, 24 insertions(+), 4 deletions(-)
diff --git
a/polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java
b/polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java
index 545efa6c8..764b00028 100644
---
a/polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java
+++
b/polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java
@@ -277,6 +277,7 @@ public class FeatureConfiguration<T> extends
PolarisConfiguration<T> {
.description(
"When enabled, allows RBAC operations to create synthetic
entities for"
+ " entities in federated catalogs that don't exist in the
local metastore.")
+
.catalogConfig("polaris.config.enable-sub-catalog-rbac-for-federated-catalogs")
.defaultValue(false)
.buildFeatureConfiguration();
diff --git
a/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java
b/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java
index d39ebfae6..bd8a1d6a4 100644
---
a/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java
+++
b/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java
@@ -511,13 +511,18 @@ public class PolarisAdminService {
}
}
+ CatalogEntity catalogEntity =
+ CatalogEntity.of(
+ findCatalogByName(catalogName)
+ .orElseThrow(() -> new NotFoundException("Catalog %s not
found", catalogName)));
PolarisResolvedPathWrapper tableLikeWrapper =
resolutionManifest.getResolvedPath(
identifier, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ANY_SUBTYPE, true);
boolean rbacForFederatedCatalogsEnabled =
getCurrentPolarisContext()
.getRealmConfig()
-
.getConfig(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS);
+ .getConfig(
+
FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS,
catalogEntity);
if (!(resolutionManifest.getIsPassthroughFacade() &&
rbacForFederatedCatalogsEnabled)
&&
!subTypes.contains(tableLikeWrapper.getRawLeafEntity().getSubType())) {
CatalogHandler.throwNotFoundExceptionForTableLikeEntity(identifier,
subTypes);
@@ -1710,7 +1715,9 @@ public class PolarisAdminService {
boolean rbacForFederatedCatalogsEnabled =
getCurrentPolarisContext()
.getRealmConfig()
-
.getConfig(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS);
+ .getConfig(
+
FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS,
+ catalogEntity);
if (resolutionManifest.getIsPassthroughFacade() &&
rbacForFederatedCatalogsEnabled) {
resolvedPathWrapper =
createSyntheticNamespaceEntities(catalogEntity, namespace,
resolvedPathWrapper);
@@ -2136,7 +2143,9 @@ public class PolarisAdminService {
boolean rbacForFederatedCatalogsEnabled =
getCurrentPolarisContext()
.getRealmConfig()
-
.getConfig(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS);
+ .getConfig(
+
FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS,
+ catalogEntity);
if (resolutionManifest.getIsPassthroughFacade() &&
rbacForFederatedCatalogsEnabled) {
resolvedPathWrapper =
createSyntheticTableLikeEntities(
diff --git
a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAdminServiceTest.java
b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAdminServiceTest.java
index d44ec0cbf..c1965a93a 100644
---
a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAdminServiceTest.java
+++
b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAdminServiceTest.java
@@ -61,6 +61,7 @@ import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
+import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
public class PolarisAdminServiceTest {
@@ -90,6 +91,9 @@ public class PolarisAdminServiceTest {
// Default feature configuration - enabled by default
when(realmConfig.getConfig(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS))
.thenReturn(true);
+ when(realmConfig.getConfig(
+
eq(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS),
Mockito.any()))
+ .thenReturn(true);
when(resolutionManifestFactory.createResolutionManifest(any(), any(),
any()))
.thenReturn(resolutionManifest);
@@ -358,6 +362,9 @@ public class PolarisAdminServiceTest {
// Disable the feature configuration
when(realmConfig.getConfig(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS))
.thenReturn(false);
+ when(realmConfig.getConfig(
+
eq(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS),
Mockito.any()))
+ .thenReturn(false);
PolarisEntity catalogEntity = createEntity(catalogName,
PolarisEntityType.CATALOG);
PolarisResolvedPathWrapper catalogWrapper =
mock(PolarisResolvedPathWrapper.class);
@@ -522,6 +529,9 @@ public class PolarisAdminServiceTest {
// Disable the feature configuration
when(realmConfig.getConfig(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS))
.thenReturn(false);
+ when(realmConfig.getConfig(
+
eq(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS),
Mockito.any()))
+ .thenReturn(false);
PolarisEntity catalogEntity = createEntity(catalogName,
PolarisEntityType.CATALOG);
PolarisResolvedPathWrapper catalogWrapper =
mock(PolarisResolvedPathWrapper.class);
diff --git
a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java
b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java
index 0f0ceb3db..c72e51871 100644
---
a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java
+++
b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java
@@ -128,7 +128,6 @@ public abstract class PolarisAuthzTestBase {
.put("polaris.features.\"DROP_WITH_PURGE_ENABLED\"", "true")
.put("polaris.behavior-changes.\"ALLOW_NAMESPACE_CUSTOM_LOCATION\"",
"true")
.put("polaris.features.\"ENABLE_CATALOG_FEDERATION\"", "true")
-
.put("polaris.features.\"ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS\"",
"true")
.build();
}
}
@@ -303,6 +302,7 @@ public abstract class PolarisAuthzTestBase {
realmConfig,
storageConfigModelForFederatedCatalog,
storageLocationForFederatedCatalog)
+
.addProperty("polaris.config.enable-sub-catalog-rbac-for-federated-catalogs",
"true")
.build();
ExternalCatalog externalCatalog =
ExternalCatalog.builder()
