sririshindra commented on code in PR #3719:
URL: https://github.com/apache/polaris/pull/3719#discussion_r2835744134
##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java:
##########
@@ -612,13 +614,80 @@ public LoadTableResponse createTableStaged(
* @return ETagged {@link LoadTableResponse} to uniquely identify the table
metadata
*/
public LoadTableResponse registerTable(Namespace namespace,
RegisterTableRequest request) {
- PolarisAuthorizableOperation op =
PolarisAuthorizableOperation.REGISTER_TABLE;
- authorizeCreateTableLikeUnderNamespaceOperationOrThrow(
- op, TableIdentifier.of(namespace, request.name()));
+ TableIdentifier identifier = TableIdentifier.of(namespace, request.name());
+ boolean overwrite = request.overwrite();
+
+ if (overwrite) {
+ // Resolve the namespace and table (optional) so we can distinguish
overwrite from create.
+ resolutionManifest = newResolutionManifest();
+ resolutionManifest.addPath(
+ new ResolverPath(Arrays.asList(namespace.levels()),
PolarisEntityType.NAMESPACE),
+ namespace);
+ ResolverPath tablePath =
+ new ResolverPath(
+ PolarisCatalogHelpers.tableIdentifierToList(identifier),
+ PolarisEntityType.TABLE_LIKE,
+ true /* optional */);
+ resolutionManifest.addPassthroughPath(tablePath, identifier);
+ resolutionManifest.resolveAll();
+
+ boolean tableExists =
+ resolutionManifest.getResolvedPath(
+ identifier,
+ PolarisEntityType.TABLE_LIKE,
+ PolarisEntitySubType.ICEBERG_TABLE,
+ true)
+ != null;
Review Comment:
Fair question — loadTable and tableExists can use the standard helpers
(authorizeBasicTableLikeOperationsOrThrow /
authorizeCreateTableLikeUnderNamespaceOperationOrThrow) because they always
operate against either a known-existing table or always against the namespace.
Here the required privilege and auth target depend on whether the table already
exists at call time: an existing table needs REGISTER_TABLE_OVERWRITE
(TABLE_FULL_METADATA) targeted at the table entity, while a non-existent table
falls back to REGISTER_TABLE (TABLE_CREATE) targeted at the namespace. Neither
standard helper handles both outcomes. Additionally, baseCatalog.tableExists()
can't be called at this point because initializeCatalog() hasn't run yet — it's
always invoked at the end of an auth helper. So we resolve the namespace and an
optional table path in one pass and branch on the outcome. Added a Javadoc on
authorizeRegisterTableOverwriteOrCreate calling this out explicitly.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
