This is an automated email from the ASF dual-hosted git repository.
yufei pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new 53aa531ad fix(auth): let ServiceFailureException bubble up for proper
HTTP status mapping during auth (#2670)
53aa531ad is described below
commit 53aa531adcfaff110ff929698153530e828be7d1
Author: Sushant Raikar <[email protected]>
AuthorDate: Wed Sep 24 19:15:27 2025 -0700
fix(auth): let ServiceFailureException bubble up for proper HTTP status
mapping during auth (#2670)
---
.../service/auth/AuthenticatingAugmentor.java | 5 +++++
.../service/auth/AuthenticatingAugmentorTest.java | 21 +++++++++++++++++++++
2 files changed, 26 insertions(+)
diff --git
a/runtime/service/src/main/java/org/apache/polaris/service/auth/AuthenticatingAugmentor.java
b/runtime/service/src/main/java/org/apache/polaris/service/auth/AuthenticatingAugmentor.java
index 50b334da2..4166b0800 100644
---
a/runtime/service/src/main/java/org/apache/polaris/service/auth/AuthenticatingAugmentor.java
+++
b/runtime/service/src/main/java/org/apache/polaris/service/auth/AuthenticatingAugmentor.java
@@ -26,6 +26,7 @@ import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
+import org.apache.iceberg.exceptions.ServiceFailureException;
import org.apache.polaris.core.auth.PolarisPrincipal;
/**
@@ -83,6 +84,10 @@ public class AuthenticatingAugmentor implements
SecurityIdentityAugmentor {
// Also include the Polaris principal properties as attributes of the
identity
polarisPrincipal.getProperties().forEach(builder::addAttribute);
return builder.build();
+ } catch (ServiceFailureException e) {
+ // Let ServiceFailureException bubble up to be handled by
IcebergExceptionMapper
+ // This will result in 503 Service Unavailable instead of 401
Unauthorized
+ throw e;
} catch (RuntimeException e) {
throw new AuthenticationFailedException(e);
}
diff --git
a/runtime/service/src/test/java/org/apache/polaris/service/auth/AuthenticatingAugmentorTest.java
b/runtime/service/src/test/java/org/apache/polaris/service/auth/AuthenticatingAugmentorTest.java
index 8166a1302..5a1c682a0 100644
---
a/runtime/service/src/test/java/org/apache/polaris/service/auth/AuthenticatingAugmentorTest.java
+++
b/runtime/service/src/test/java/org/apache/polaris/service/auth/AuthenticatingAugmentorTest.java
@@ -29,6 +29,7 @@ import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.mutiny.Uni;
import java.security.Principal;
import org.apache.iceberg.exceptions.NotAuthorizedException;
+import org.apache.iceberg.exceptions.ServiceFailureException;
import org.apache.polaris.core.auth.PolarisPrincipal;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
@@ -92,6 +93,26 @@ public class AuthenticatingAugmentorTest {
.hasCause(exception);
}
+ @Test
+ public void testServiceFailureExceptionBubblesUp() {
+ Principal nonPolarisPrincipal = mock(Principal.class);
+ PolarisCredential credential = mock(PolarisCredential.class);
+ SecurityIdentity identity =
+ QuarkusSecurityIdentity.builder()
+ .setPrincipal(nonPolarisPrincipal)
+ .addCredential(credential)
+ .build();
+
+ ServiceFailureException serviceException =
+ new ServiceFailureException("Unable to fetch principal entity");
+ when(authenticator.authenticate(credential)).thenThrow(serviceException);
+
+ assertThatThrownBy(
+ () -> augmentor.augment(identity,
Uni.createFrom()::item).await().indefinitely())
+ .isInstanceOf(ServiceFailureException.class)
+ .hasMessage("Unable to fetch principal entity");
+ }
+
@Test
public void testAugmentSuccessfulAuthentication() {
// Given
