sungwy opened a new pull request, #3332: URL: https://github.com/apache/polaris/pull/3332
This PR improves authorization test coverage for: - `PolarisAuthorizerImpl` based unit tests including missing listAssigneePrincipalRoles and listGrants for CatalogRole calls - `OpaPolarisAuthorizer` integration tests for endpoints that invoke authorization calls in the different handlers (`PolarisAdminService`, `IcebergCatalogHandler`, `GenericTableCatalogHandler`, `PolicyCatalogHandler`) While exploring an alternative refactor of the PolarisAuthorizer API (similar to https://github.com/apache/polaris/pull/3228) it became clear that broader coverage of these authorization paths was needed to reason about the behavioral impact of changing RBAC resolution in the authorization flow. ## Checklist - [ ] ๐ก๏ธ Don't disclose security issues! (contact [email protected]) - [ ] ๐ Clearly explained why the changes are needed, or linked related issues: Fixes # - [x] ๐งช Added/updated tests with good coverage, or manually tested (and explained how) - [ ] ๐ก Added comments for complex logic - [ ] ๐งพ Updated `CHANGELOG.md` (if needed) - [ ] ๐ Updated documentation in `site/content/in-dev/unreleased` (if needed) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
