dennishuo commented on code in PR #2473: URL: https://github.com/apache/polaris/pull/2473#discussion_r2309276852
########## polaris-core/src/main/java/org/apache/polaris/core/storage/LocationRestrictions.java: ########## @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.storage; + +import jakarta.annotation.Nonnull; +import java.util.List; +import java.util.Set; +import org.apache.iceberg.catalog.TableIdentifier; +import org.apache.iceberg.exceptions.ForbiddenException; +import org.apache.polaris.core.config.RealmConfig; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** Defines storage location access restrictions for Polaris entities within a specific context. */ +public class LocationRestrictions { + private static final Logger LOGGER = LoggerFactory.getLogger(LocationRestrictions.class); + + /** + * The complete set of storage locations that are permitted for access. + * + * <p>This list contains all storage URIs that entities can read from or write to, including both + * catalog-level allowed locations and any additional user-specified locations when unstructured + * table access is enabled. + * + * <p>All locations in this list have been validated to conform to the storage type's URI scheme + * requirements during construction. + */ + private final List<String> allowedLocations; + + /** + * The parent location for structured table enforcement. + * + * <p>When non-null, this location represents the root under which all new tables must be created, + * enforcing a structured hierarchy. When null, table creation is allowed anywhere within the Review Comment: "enforcing a structured hierarchy _in addition to residing under (@code allowedLocations}_" to make it clear that the restrictions are `AND` instead of `OR`. ########## polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisStorageConfigurationInfo.java: ########## @@ -160,7 +161,7 @@ public static Optional<PolarisStorageConfigurationInfo> forEntityPath( Set<String> locations = StorageUtil.getLocationsAllowedToBeAccessed( null, entityPathReversed.get(0).getPropertiesAsMap()); - return new StorageConfigurationOverride( + return new LocationRestrictions( Review Comment: I think the TODO on line 160 added in https://github.com/apache/polaris/pull/1320/files#diff-607cdd8c6ea78443988359e42ffec3091a4c84bc9151575772ee3b90164e03f3 was correctly pointing out that the addition of these locations from `StorageUtil.getLocationsAllowedToBeAccessed` (formerly `userSpecifiedWriteLocations`) msimatched the intent of the validation in ways that were problematic for Views. There also appears to have been an unintended change in semantics in https://github.com/apache/polaris/pull/2149 that started adding *all* table-requested paths instead of just the write.data.path and write.metadata.path. We should remove all this location-augmentation here and simply return the basic restrictions directly from `configInfo` in this `else` branch. ########## polaris-core/src/main/java/org/apache/polaris/core/storage/LocationRestrictions.java: ########## @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.storage; + +import jakarta.annotation.Nonnull; +import java.util.List; +import java.util.Set; +import org.apache.iceberg.catalog.TableIdentifier; +import org.apache.iceberg.exceptions.ForbiddenException; +import org.apache.polaris.core.config.RealmConfig; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** Defines storage location access restrictions for Polaris entities within a specific context. */ +public class LocationRestrictions { + private static final Logger LOGGER = LoggerFactory.getLogger(LocationRestrictions.class); + + /** + * The complete set of storage locations that are permitted for access. + * + * <p>This list contains all storage URIs that entities can read from or write to, including both + * catalog-level allowed locations and any additional user-specified locations when unstructured + * table access is enabled. + * + * <p>All locations in this list have been validated to conform to the storage type's URI scheme + * requirements during construction. + */ + private final List<String> allowedLocations; + + /** + * The parent location for structured table enforcement. + * + * <p>When non-null, this location represents the root under which all new tables must be created, + * enforcing a structured hierarchy. When null, table creation is allowed anywhere within the + * {@code allowedLocations}. + */ + private final String parentLocation; + + public LocationRestrictions( + @Nonnull PolarisStorageConfigurationInfo storageConfigurationInfo, + List<String> allowedLocations, + String parentLocation) { + this.allowedLocations = List.copyOf(allowedLocations); + allowedLocations.forEach(storageConfigurationInfo::validatePrefixForStorageType); + this.parentLocation = parentLocation; + } + + public LocationRestrictions( + @Nonnull PolarisStorageConfigurationInfo storageConfigurationInfo, + List<String> allowedLocations) { + this(storageConfigurationInfo, allowedLocations, null); + } + + public void validate(RealmConfig realmConfig, TableIdentifier identifier, Set<String> locations) { Review Comment: Javadoc comments for this method would be nice. Especially for `locations`. We might want to rename `locations` to `requestedLocations` to make it clear what the role of that method parameter is. Same for the `locations` param to `validateLocations` below. ########## polaris-core/src/main/java/org/apache/polaris/core/storage/LocationRestrictions.java: ########## @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.storage; + +import jakarta.annotation.Nonnull; +import java.util.List; +import java.util.Set; +import org.apache.iceberg.catalog.TableIdentifier; +import org.apache.iceberg.exceptions.ForbiddenException; +import org.apache.polaris.core.config.RealmConfig; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** Defines storage location access restrictions for Polaris entities within a specific context. */ +public class LocationRestrictions { + private static final Logger LOGGER = LoggerFactory.getLogger(LocationRestrictions.class); + + /** + * The complete set of storage locations that are permitted for access. + * + * <p>This list contains all storage URIs that entities can read from or write to, including both + * catalog-level allowed locations and any additional user-specified locations when unstructured + * table access is enabled. + * + * <p>All locations in this list have been validated to conform to the storage type's URI scheme + * requirements during construction. + */ + private final List<String> allowedLocations; + + /** + * The parent location for structured table enforcement. + * + * <p>When non-null, this location represents the root under which all new tables must be created, + * enforcing a structured hierarchy. When null, table creation is allowed anywhere within the + * {@code allowedLocations}. + */ + private final String parentLocation; + + public LocationRestrictions( + @Nonnull PolarisStorageConfigurationInfo storageConfigurationInfo, + List<String> allowedLocations, Review Comment: I think we can remove the `allowedLocations` input here based on what I commente in `PolarisStorageConfigurationInfo`. The intended use of `storageConfigurationInfo.getAllowedLocations()` should be implicit. If we *really* wanted to allow a UNION of `configInfo.getAllowedLocations()` with some additional `alternativeAllowedLocations` we should probably name it explicitly as such to make it very clear that we're changing the total set of allowedLocations rather than paring down a smaller subset of allowedLocations. ########## polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisStorageConfigurationInfo.java: ########## @@ -160,7 +161,7 @@ public static Optional<PolarisStorageConfigurationInfo> forEntityPath( Set<String> locations = StorageUtil.getLocationsAllowedToBeAccessed( Review Comment: While we're at it, maybe we should rename all the `StorageUtil.getLocationsAllowedToBeAccessed` methods to make it clear that it's not really telling what's "allowed", but really what's *declared* to be used by the table. Maybe rename it to `StorageUtil.getLocationsDeclaredForTable` or `StorageUtil.getLocationsRequestedForTable` or `StorageUtil.getAllLocationsUsedByTable` or something similar. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
