dimas-b commented on code in PR #3760: URL: https://github.com/apache/polaris/pull/3760#discussion_r2819826176
########## polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisSecurable.java: ########## @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.auth; + +import jakarta.annotation.Nonnull; +import java.util.List; +import org.apache.polaris.core.entity.PolarisEntityType; +import org.apache.polaris.immutables.PolarisImmutable; + +/** + * Intent-only target reference for authorization decisions. + * + * <p>Represents the target name and entity type without any resolved RBAC state. This captures the + * pure authorization intent of a request. Callers should provide the full name path as {@link + * #getNameParts()} for hierarchical entities. + */ +@PolarisImmutable +public interface PolarisSecurable { + static PolarisSecurable of( + @Nonnull PolarisEntityType entityType, @Nonnull List<String> nameParts) { + return ImmutablePolarisSecurable.builder().entityType(entityType).nameParts(nameParts).build(); + } + + /** Returns the entity type of the securable. */ + @Nonnull + PolarisEntityType getEntityType(); + + /** Returns the name parts that identify the securable in hierarchical order. */ + @Nonnull + List<String> getNameParts(); Review Comment: nit: maybe `getNameElements()`?... (really minor) ########## polaris-core/src/main/java/org/apache/polaris/core/auth/AuthorizationRequest.java: ########## @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.auth; + +import jakarta.annotation.Nonnull; +import jakarta.annotation.Nullable; +import java.util.List; +import org.apache.polaris.core.entity.PolarisEntityType; +import org.apache.polaris.immutables.PolarisImmutable; + +/** + * Authorization request inputs for pre-authorization and core authorization. + * + * <p>This wrapper keeps authorization inputs together and conveys the intent to be authorized via + * {@link PolarisSecurable} targets and secondaries. + */ +@PolarisImmutable +public interface AuthorizationRequest { + static AuthorizationRequest of( + @Nonnull PolarisPrincipal principal, + @Nonnull PolarisAuthorizableOperation operation, + @Nullable List<PolarisSecurable> targets, + @Nullable List<PolarisSecurable> secondaries) { + return ImmutableAuthorizationRequest.builder() + .principal(principal) + .operation(operation) + .targets(targets) + .secondaries(secondaries) + .build(); + } + + /** Returns the principal requesting authorization. */ + @Nonnull + PolarisPrincipal getPrincipal(); + + /** Returns the operation being authorized. */ + @Nonnull + PolarisAuthorizableOperation getOperation(); + + /** Returns the primary target securables, if any. */ + @Nullable + List<PolarisSecurable> getTargets(); + + /** Returns the secondary securables, if any. */ + @Nullable + List<PolarisSecurable> getSecondaries(); Review Comment: What is a "secondary" securable really? 😅 I looked at them in the core RBAC code many times, but the idea does not stick in my head 😅 Since this is an attempt to refactor the authZ SPI, could you add javadoc to describe targets and secondaries in more details, please? I know the concept predates this effort, but it's a good opportunity to clarify this... WDYT? ########## polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisSecurable.java: ########## @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.auth; + +import jakarta.annotation.Nonnull; +import java.util.List; +import org.apache.polaris.core.entity.PolarisEntityType; +import org.apache.polaris.immutables.PolarisImmutable; + +/** + * Intent-only target reference for authorization decisions. + * + * <p>Represents the target name and entity type without any resolved RBAC state. This captures the + * pure authorization intent of a request. Callers should provide the full name path as {@link + * #getNameParts()} for hierarchical entities. + */ +@PolarisImmutable +public interface PolarisSecurable { + static PolarisSecurable of( + @Nonnull PolarisEntityType entityType, @Nonnull List<String> nameParts) { + return ImmutablePolarisSecurable.builder().entityType(entityType).nameParts(nameParts).build(); + } + + /** Returns the entity type of the securable. */ + @Nonnull + PolarisEntityType getEntityType(); + + /** Returns the name parts that identify the securable in hierarchical order. */ + @Nonnull + List<String> getNameParts(); + + /** Returns the dot-joined name derived from {@link #getNameParts()}. */ + default @Nonnull String getName() { Review Comment: Is it intended for any non-informational use? Joining with dot separators is not a reversible mapping WRT `getNameParts()`, I believe 🤔 ########## polaris-core/src/main/java/org/apache/polaris/core/auth/AuthorizationState.java: ########## @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.auth; + +import jakarta.annotation.Nonnull; +import org.apache.polaris.core.persistence.resolver.PolarisResolutionManifest; + +/** + * Request-scoped authorization state shared across authorization phases. + * + * <p>Distinct from {@link org.apache.polaris.core.context.CallContext}. This state is intended to + * carry authorization-specific data, such as a {@link PolarisResolutionManifest} created by the + * caller and populated by the authorizer. + */ +public interface AuthorizationState { Review Comment: Do we expect multiple different implementations of this "state"? Why not make it a class? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
