Re: [PR] auth: Refactor `AuthorizationRequest` Into Explicit Shapes [polaris]

Wed, 13 May 2026 05:48:09 -0700 


sungwy commented on code in PR #4409:
URL: https://github.com/apache/polaris/pull/4409#discussion_r3234341489


##########
extensions/auth/opa/impl/src/test/java/org/apache/polaris/extension/auth/opa/OpaPolarisAuthorizerTest.java:
##########
@@ -934,14 +930,136 @@ <T> T httpClientExecute(
         .isEqualTo(expectedDestination);
   }
 
+  @Test
+  void authorizeSingleOperationBatchEvaluatesSequentially() throws Exception {
+    final List<String> capturedRequestBodies = new ArrayList<>();
+    HttpEntity mockEntity = 
HttpEntities.create("{\"result\":{\"allow\":true}}");
+    @SuppressWarnings("resource")
+    ClassicHttpResponse mockResponse = new BasicClassicHttpResponse(200);
+    mockResponse.setEntity(mockEntity);
+
+    PolarisResolutionManifest resolutionManifest = 
mock(PolarisResolutionManifest.class);
+    AuthorizationState authzState = new AuthorizationState();
+    authzState.setResolutionManifest(resolutionManifest);
+    PolarisPrincipal principal = PolarisPrincipal.of("alice", Map.of(), 
Set.of("role-1"));
+
+    OpaPolarisAuthorizer authorizer =
+        new OpaPolarisAuthorizer(
+            URI.create("http://opa.example.com:8181/v1/data/polaris/allow";),
+            mock(CloseableHttpClient.class),
+            JsonMapper.builder().build(),
+            null) {
+          @Override
+          <T> T httpClientExecute(
+              ClassicHttpRequest request, HttpClientResponseHandler<? extends 
T> responseHandler)
+              throws HttpException, IOException {
+            capturedRequestBodies.add(
+                new String(
+                    request.getEntity().getContent().readAllBytes(), 
StandardCharsets.UTF_8));
+            return responseHandler.handleResponse(mockResponse);
+          }
+        };
+
+    AuthorizationDecision decision =
+        authorizer.authorize(
+            authzState,
+            principal,
+            List.of(
+                AuthorizationRequest.of(
+                    PolarisAuthorizableOperation.GET_CATALOG,
+                    PolarisSecurable.of(new 
PathSegment(PolarisEntityType.CATALOG, "catalog-1"))),
+                AuthorizationRequest.of(
+                    PolarisAuthorizableOperation.GET_CATALOG,
+                    PolarisSecurable.of(new 
PathSegment(PolarisEntityType.CATALOG, "catalog-2")))));
+
+    ObjectMapper mapper = JsonMapper.builder().build();
+    JsonNode firstRoot = mapper.readTree(capturedRequestBodies.get(0));
+    JsonNode secondRoot = mapper.readTree(capturedRequestBodies.get(1));
+
+    assertThat(decision.isAllowed()).isTrue();
+    assertThat(capturedRequestBodies).hasSize(2);

Review Comment:
   That's a good nit. thanks



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to