visit2rahul opened a new issue, #4521:
URL: https://github.com/apache/polaris/issues/4521

   ## Context
   
   `CatalogEntity.Builder.setStorageConfigurationInfo` 
(`polaris-core/src/main/java/org/apache/polaris/core/entity/CatalogEntity.java`,
 line 283) silently appends `defaultBaseLocation` to the `allowedLocations` set 
before serializing the storage config:
   
   ```java
   allowedLocations.add(defaultBaseLocation);
   ```
   
   The TODO immediately above (lines 275-281) already documents this and 
proposes the cleaner alternative:
   
   > TODO: Reconsider whether this should actually just be a check up-front or 
if we actually want to silently add to the allowed locations. Maybe ideally we 
only add to the allowedLocations if allowedLocations is empty for the simple 
case, but if the caller provided allowedLocations explicitly, then we just 
verify that the defaultBaseLocation is at least a subpath of one of the 
allowedLocations.
   
   ## The problem
   
   The silent-add affects both `createCatalog` and `updateCatalog`:
   
   1. **Create**: user submits `allowedLocations = [s3://A/]` and 
`defaultBaseLocation = s3://B/`. The catalog is stored with `allowedLocations = 
[s3://A/, s3://B/]`. The user's fencing intent is silently defeated.
   2. **Update**: same. PR #4422 currently works around this in the update path 
by validating the user-submitted allowed list *before* the builder runs (commit 
`a28670530`), but the underlying silent-add still exists for any other caller.
   
   ## Proposed fix
   
   Per the TODO, replace the silent-add with an up-front check:
   
   - If `allowedLocations` is empty: keep simple behavior (add 
`defaultBaseLocation`), OR reject as inconsistent.
   - If `allowedLocations` is non-empty: require `defaultBaseLocation` to be a 
subpath of at least one entry; throw `BadRequestException` if not.
   
   Changes the create-catalog behavior too, so test fixtures and possibly 
callers will need updates.
   
   ## Related
   
   - Surfaced during review of #4422 
([discussion](https://github.com/apache/polaris/pull/4422#discussion_r3277305916)).
   - PR #4422 added the update-time validation workaround at the call site; 
fixing the builder properly would let that workaround simplify.
   - TODO at `CatalogEntity.java:275-281`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to