flyrain commented on code in PR #1264:
URL: https://github.com/apache/polaris/pull/1264#discussion_r2023655442
##########
polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java:
##########
@@ -183,4 +183,11 @@ protected FeatureConfiguration(
"How many times to retry refreshing metadata when the previous
error was retryable")
.defaultValue(2)
.buildFeatureConfiguration();
+
+ public static final FeatureConfiguration<Boolean> ENABLE_GENERIC_TABLES =
Review Comment:
Minor Question: how do we configure this? Do we just put the key in the file
application.properties like this?
```
ENABLE_GENERIC_TABLES=true
```
##########
polaris-core/src/main/java/org/apache/polaris/core/entity/PolarisPrivilege.java:
##########
@@ -41,21 +42,45 @@ public enum PolarisPrivilege {
TABLE_CREATE(6, PolarisEntityType.NAMESPACE),
VIEW_CREATE(7, PolarisEntityType.NAMESPACE),
NAMESPACE_DROP(8, PolarisEntityType.NAMESPACE),
- TABLE_DROP(9, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_TABLE),
+ TABLE_DROP(
+ 9,
+ PolarisEntityType.TABLE_LIKE,
+ List.of(PolarisEntitySubType.ICEBERG_TABLE,
PolarisEntitySubType.GENERIC_TABLE),
+ PolarisEntityType.CATALOG_ROLE),
VIEW_DROP(10, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_VIEW),
NAMESPACE_LIST(11, PolarisEntityType.NAMESPACE),
TABLE_LIST(12, PolarisEntityType.NAMESPACE),
VIEW_LIST(13, PolarisEntityType.NAMESPACE),
NAMESPACE_READ_PROPERTIES(14, PolarisEntityType.NAMESPACE),
- TABLE_READ_PROPERTIES(15, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_TABLE),
+ TABLE_READ_PROPERTIES(
+ 15,
+ PolarisEntityType.TABLE_LIKE,
+ List.of(PolarisEntitySubType.ICEBERG_TABLE,
PolarisEntitySubType.GENERIC_TABLE),
+ PolarisEntityType.CATALOG_ROLE),
VIEW_READ_PROPERTIES(16, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_VIEW),
NAMESPACE_WRITE_PROPERTIES(17, PolarisEntityType.NAMESPACE),
- TABLE_WRITE_PROPERTIES(18, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_TABLE),
+ TABLE_WRITE_PROPERTIES(
+ 18,
+ PolarisEntityType.TABLE_LIKE,
+ List.of(PolarisEntitySubType.ICEBERG_TABLE,
PolarisEntitySubType.GENERIC_TABLE),
Review Comment:
Can we remove it in that case? We can always add it back once we need it.
##########
polaris-core/src/main/java/org/apache/polaris/core/entity/table/GenericTableEntity.java:
##########
@@ -35,6 +35,7 @@
public class GenericTableEntity extends TableLikeEntity {
public static final String FORMAT_KEY = "format";
+ public static final String DOC_KEY = "doc";
Review Comment:
Not a blocker: either `doc` or `description` is fine to me. I like
`description` a bit more, it is more commonly used.
##########
polaris-core/src/main/java/org/apache/polaris/core/entity/PolarisPrivilege.java:
##########
@@ -162,7 +208,7 @@ public enum PolarisPrivilege {
private final PolarisEntityType securableType;
// the subtype of the securable for this privilege
- private final PolarisEntitySubType securableSubType;
+ private final List<PolarisEntitySubType> securableSubTypes;
Review Comment:
If it is not used, is it OK to remove to reduce the complexity? Or do we
foresee any near-term requirement?
##########
polaris-core/src/main/java/org/apache/polaris/core/config/FeatureConfiguration.java:
##########
@@ -183,4 +183,11 @@ protected FeatureConfiguration(
"How many times to retry refreshing metadata when the previous
error was retryable")
.defaultValue(2)
.buildFeatureConfiguration();
+
+ public static final FeatureConfiguration<Boolean> ENABLE_GENERIC_TABLES =
+ PolarisConfiguration.<Boolean>builder()
+ .key("ENABLE_GENERIC_TABLES")
+ .description("If true, the generic-tables endpoints are enabled")
+ .defaultValue(false)
Review Comment:
I guess we want it to be enabled by default. Do we?
##########
service/common/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogHandlerWrapper.java:
##########
@@ -0,0 +1,122 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.polaris.service.catalog.generic;
+
+import jakarta.ws.rs.core.SecurityContext;
+import java.util.Map;
+import java.util.TreeSet;
+import org.apache.iceberg.catalog.Namespace;
+import org.apache.iceberg.catalog.TableIdentifier;
+import org.apache.polaris.core.auth.PolarisAuthorizableOperation;
+import org.apache.polaris.core.auth.PolarisAuthorizer;
+import org.apache.polaris.core.config.FeatureConfiguration;
+import org.apache.polaris.core.context.CallContext;
+import org.apache.polaris.core.entity.PolarisEntitySubType;
+import org.apache.polaris.core.entity.table.GenericTableEntity;
+import org.apache.polaris.core.persistence.PolarisEntityManager;
+import org.apache.polaris.core.persistence.PolarisMetaStoreManager;
+import org.apache.polaris.service.catalog.common.CatalogHandlerWrapper;
+import org.apache.polaris.service.types.GenericTable;
+import org.apache.polaris.service.types.ListGenericTablesResponse;
+import org.apache.polaris.service.types.LoadGenericTableResponse;
+
+public class GenericTableCatalogHandlerWrapper extends CatalogHandlerWrapper {
Review Comment:
Do we need a CatalogHandlerWrapper class for generic table? Iceberg table
needs it as it invokes a class from the Iceberg lib named `CatalogHandler`.
There is no counterpart for generic table. Can we remove this class and move
logic here to `GenericTableCatalogAdapter`?
##########
service/common/src/main/java/org/apache/polaris/service/catalog/common/CatalogHandlerWrapper.java:
##########
@@ -0,0 +1,358 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.polaris.service.catalog.common;
+
+import jakarta.ws.rs.core.SecurityContext;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import org.apache.iceberg.catalog.Namespace;
+import org.apache.iceberg.catalog.TableIdentifier;
+import org.apache.iceberg.exceptions.AlreadyExistsException;
+import org.apache.iceberg.exceptions.NoSuchNamespaceException;
+import org.apache.iceberg.exceptions.NoSuchTableException;
+import org.apache.iceberg.exceptions.NoSuchViewException;
+import org.apache.polaris.core.PolarisDiagnostics;
+import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal;
+import org.apache.polaris.core.auth.PolarisAuthorizableOperation;
+import org.apache.polaris.core.auth.PolarisAuthorizer;
+import org.apache.polaris.core.catalog.PolarisCatalogHelpers;
+import org.apache.polaris.core.context.CallContext;
+import org.apache.polaris.core.entity.PolarisEntitySubType;
+import org.apache.polaris.core.entity.PolarisEntityType;
+import org.apache.polaris.core.persistence.PolarisEntityManager;
+import org.apache.polaris.core.persistence.PolarisResolvedPathWrapper;
+import org.apache.polaris.core.persistence.resolver.PolarisResolutionManifest;
+import org.apache.polaris.core.persistence.resolver.ResolverPath;
+import org.apache.polaris.core.persistence.resolver.ResolverStatus;
+
+/**
+ * An ABC for catalog wrappers which provides authorize methods that should be
called before a
+ * request is actually forwarded to a catalog. Child types must implement
`initializeCatalog` which
+ * will be called after a successful authorization.
+ */
+public abstract class CatalogHandlerWrapper {
Review Comment:
It's great we abstract the common logic out. Looks like all methods here are
related to authorization, and none of these methods are inheritable in
subclasses. I think we should avoid inheritance if it is not necessary as it
implies more tightly couple relation than combination. Can we create a
dedicated class for these authz methods, a class potentially named like
`CatalogAuthorizer` or `CommonCatalogAuthorizer`. For these two subclasses,
they can create the object in the constructor like this
```
CatalogAuthorizer catalogAuthorizer = new CatalogAuthorizer(callContext,
entityManager, catalogName, authenticatedPrincipal, securityContext,
authorizer);
```
Caller will do
```
catalogAuthorizer.authorizeBasicNamespaceOperationOrThrow();
```
##########
polaris-core/src/main/java/org/apache/polaris/core/entity/PolarisPrivilege.java:
##########
@@ -41,21 +42,45 @@ public enum PolarisPrivilege {
TABLE_CREATE(6, PolarisEntityType.NAMESPACE),
VIEW_CREATE(7, PolarisEntityType.NAMESPACE),
NAMESPACE_DROP(8, PolarisEntityType.NAMESPACE),
- TABLE_DROP(9, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_TABLE),
+ TABLE_DROP(
+ 9,
+ PolarisEntityType.TABLE_LIKE,
+ List.of(PolarisEntitySubType.ICEBERG_TABLE,
PolarisEntitySubType.GENERIC_TABLE),
+ PolarisEntityType.CATALOG_ROLE),
VIEW_DROP(10, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_VIEW),
NAMESPACE_LIST(11, PolarisEntityType.NAMESPACE),
TABLE_LIST(12, PolarisEntityType.NAMESPACE),
VIEW_LIST(13, PolarisEntityType.NAMESPACE),
NAMESPACE_READ_PROPERTIES(14, PolarisEntityType.NAMESPACE),
- TABLE_READ_PROPERTIES(15, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_TABLE),
+ TABLE_READ_PROPERTIES(
+ 15,
+ PolarisEntityType.TABLE_LIKE,
+ List.of(PolarisEntitySubType.ICEBERG_TABLE,
PolarisEntitySubType.GENERIC_TABLE),
+ PolarisEntityType.CATALOG_ROLE),
VIEW_READ_PROPERTIES(16, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_VIEW),
NAMESPACE_WRITE_PROPERTIES(17, PolarisEntityType.NAMESPACE),
- TABLE_WRITE_PROPERTIES(18, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_TABLE),
+ TABLE_WRITE_PROPERTIES(
+ 18,
+ PolarisEntityType.TABLE_LIKE,
+ List.of(PolarisEntitySubType.ICEBERG_TABLE,
PolarisEntitySubType.GENERIC_TABLE),
+ PolarisEntityType.CATALOG_ROLE),
VIEW_WRITE_PROPERTIES(19, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_VIEW),
- TABLE_READ_DATA(20, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_TABLE),
- TABLE_WRITE_DATA(21, PolarisEntityType.TABLE_LIKE,
PolarisEntitySubType.ICEBERG_TABLE),
+ TABLE_READ_DATA(
+ 20,
+ PolarisEntityType.TABLE_LIKE,
+ List.of(PolarisEntitySubType.ICEBERG_TABLE,
PolarisEntitySubType.GENERIC_TABLE),
Review Comment:
Same here, do we need this privilege for Generic table?
##########
service/common/src/main/java/org/apache/polaris/service/catalog/common/CatalogHandlerWrapper.java:
##########
@@ -0,0 +1,358 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.polaris.service.catalog.common;
+
+import jakarta.ws.rs.core.SecurityContext;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import org.apache.iceberg.catalog.Namespace;
+import org.apache.iceberg.catalog.TableIdentifier;
+import org.apache.iceberg.exceptions.AlreadyExistsException;
+import org.apache.iceberg.exceptions.NoSuchNamespaceException;
+import org.apache.iceberg.exceptions.NoSuchTableException;
+import org.apache.iceberg.exceptions.NoSuchViewException;
+import org.apache.polaris.core.PolarisDiagnostics;
+import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal;
+import org.apache.polaris.core.auth.PolarisAuthorizableOperation;
+import org.apache.polaris.core.auth.PolarisAuthorizer;
+import org.apache.polaris.core.catalog.PolarisCatalogHelpers;
+import org.apache.polaris.core.context.CallContext;
+import org.apache.polaris.core.entity.PolarisEntitySubType;
+import org.apache.polaris.core.entity.PolarisEntityType;
+import org.apache.polaris.core.persistence.PolarisEntityManager;
+import org.apache.polaris.core.persistence.PolarisResolvedPathWrapper;
+import org.apache.polaris.core.persistence.resolver.PolarisResolutionManifest;
+import org.apache.polaris.core.persistence.resolver.ResolverPath;
+import org.apache.polaris.core.persistence.resolver.ResolverStatus;
+
+/**
+ * An ABC for catalog wrappers which provides authorize methods that should be
called before a
+ * request is actually forwarded to a catalog. Child types must implement
`initializeCatalog` which
+ * will be called after a successful authorization.
+ */
+public abstract class CatalogHandlerWrapper {
+
+ // Initialized in the authorize methods.
+ protected PolarisResolutionManifest resolutionManifest = null;
+
+ protected final CallContext callContext;
+ protected final PolarisEntityManager entityManager;
+ protected final String catalogName;
+ protected final AuthenticatedPolarisPrincipal authenticatedPrincipal;
+ protected final SecurityContext securityContext;
+ protected final PolarisAuthorizer authorizer;
Review Comment:
Looks like `entityManager`, `catalogName` and `authorizer` are not used by
the subclasses, should we make them private?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
