LiebingYu commented on issue #1890:
URL: https://github.com/apache/fluss/issues/1890#issuecomment-3466390054
Currently, LakeCatalog does not support authentication for Fluss users,
making it difficult to implement permission control in multi-tenant scenarios.
I propose that we add hook functions at the interface layer to facilitate
different LakeCatalogs in implementing multi-tenant authentication. My
interface design is as follows:
```java
/**
* A catalog interface to modify metadata in external datalake.
*
* @since 0.7
*/
@PublicEvolving
public interface LakeCatalog extends AutoCloseable {
/**
* Create a new table in lake.
*
* @param tablePath path of the table to be created
* @param tableDescriptor The descriptor of the table to be created
* @throws TableAlreadyExistException if the table already exists
*/
void createTable(
TablePath tablePath, TableDescriptor tableDescriptor,
FlussPrincipal flussPrincipal)
throws TableAlreadyExistException;
/**
* Alter a table in lake.
*
* @param tablePath path of the table to be altered
* @param tableChanges The changes to be applied to the table
* @throws TableNotExistException if the table not exists
*/
void alterTable(
TablePath tablePath, List<TableChange> tableChanges,
FlussPrincipal flussPrincipal)
throws TableNotExistException;
@Override
default void close() throws Exception {
// default do nothing
}
}
/** Abstract catalog with default authorization control. */
public abstract class AbstractLakeCatalog implements LakeCatalog {
@Override
public void createTable(
TablePath tablePath, TableDescriptor tableDescriptor,
FlussPrincipal principal)
throws TableAlreadyExistException {
try {
authorize(principal, tablePath);
createTable(tablePath, tableDescriptor);
} finally {
revokeAuthorization(principal, tablePath);
}
}
@Override
public void alterTable(
TablePath tablePath, List<TableChange> tableChanges,
FlussPrincipal principal)
throws TableNotExistException {
try {
authorize(principal, tablePath);
alterTable(tablePath, tableChanges);
} finally {
revokeAuthorization(principal, tablePath);
}
}
protected abstract void createTable(TablePath tablePath, TableDescriptor
tableDescriptor)
throws TableAlreadyExistException;
protected abstract void alterTable(TablePath tablePath,
List<TableChange> tableChanges)
throws TableNotExistException;
/**
* Authorize the principal on the given table path. This method should
be called before
* performing any lake catalog operations in multi-tenant scenarios to
ensure the principal has
* the necessary permissions in the external datalake (e.g., Paimon,
Iceberg).
*
* <p>In the default implementation, this method does nothing.
Implementations can override this
* method to perform authorization, such as setting up user context or
granting temporary
* permissions in the external datalake system.
*
* @param principal The principal to authorize
* @param tablePath The table path for the operation
*/
protected void authorize(FlussPrincipal principal, TablePath tablePath) {
// default do nothing
}
/**
* Revoke authorization for the principal after completing the
operation. This method should be
* called after performing lake catalog operations to clean up any
temporary permissions or user
* context set up in {@link #authorize(FlussPrincipal, TablePath)}.
*
* <p>In the default implementation, this method does nothing.
Implementations can override this
* method to perform cleanup, such as revoking temporary permissions or
clearing user context in
* the external datalake system.
*
* @param principal The principal to revoke authorization for
* @param tablePath The table path for the operation
*/
protected void revokeAuthorization(FlussPrincipal principal, TablePath
tablePath) {
// default do nothing
}
}
```
For any Catalog that wants to implement custom permission control, it can be
done as follows:
```java
public class DLFPaimonCatalog extends PaimonLakeCatalog {
public DLFPaimonCatalog(Configuration configuration) {
super(configuration);
}
@Override
protected void authorize(FlussPrincipal principal, TablePath tablePath) {
// do custom authorization
}
@Override
protected void revokeAuthorization(FlussPrincipal principal, TablePath
tablePath) {
// do custom authorization
}
}
```
What do you think about it? @luoyuxia @zcoo
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
