justinmclean opened a new issue, #10621:
URL: https://github.com/apache/gravitino/issues/10621
### What would you like to be improved?
MetadataObjectUtil.toEntityIdent(String metalakeName, MetadataObject
metadataObject) handles MetadataObject.Type.METALAKE by returning
NameIdentifierUtil.ofMetalake(metalakeName) instead of using
metadataObject.name(). As a result, if a request carries a METALAKE metadata
object whose name differs from the surrounding metalakeName context, the code
resolves and validates the context metalake rather than the target object.
This is reachable from generic REST flows such as owner operations, which
parse {fullName} into a MetadataObject and then call
MetadataObjectUtil.checkMetadataObject(metalake, object). A mismatched request
can therefore pass validation against the wrong metalake.
### How should we improve?
Update the METALAKE branch in MetadataObjectUtil.toEntityIdent to build the
identifier from metadataObject.name() rather than metalakeName.
It would also help to add a defensive validation for METALAKE objects in
request-handling paths or inside checkMetadataObject, rejecting cases where
metadataObject.name() does not equal the surrounding metalake path/context.
Here's a unit test to help:
```
@Test
public void testToEntityIdentUsesMetadataObjectNameForMetalakeObject() {
Assertions.assertEquals(
NameIdentifier.of("target_metalake"),
MetadataObjectUtil.toEntityIdent(
"request_metalake",
MetadataObjects.of(null, "target_metalake",
MetadataObject.Type.METALAKE)));
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
