core: decouple rbac privileges and semantics from PolarisAuthorizableOperations#4006
core: decouple rbac privileges and semantics from PolarisAuthorizableOperations#4006sungwy merged 5 commits intoapache:mainfrom
PolarisAuthorizableOperations#4006Conversation
There was a problem hiding this comment.
Pull request overview
Refactors authorization logic to move RBAC privilege semantics out of PolarisAuthorizableOperation into a dedicated RbacOperationSemantics mapping, with tests ensuring every operation has explicit semantics defined.
Changes:
- Introduced
RbacOperationSemanticsrecord to define RBAC privilege requirements per operation (plus rooting metadata). - Updated
PolarisAuthorizerImplto useRbacOperationSemanticsfor privilege checks instead of embedding privileges in the enum. - Simplified
PolarisAuthorizableOperationto intent-level operations only and added unit tests validating the semantics mapping and constructor invariants.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| polaris-core/src/main/java/org/apache/polaris/core/auth/RbacOperationSemantics.java | Adds centralized RBAC semantics mapping and validation for all authorizable operations. |
| polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizerImpl.java | Switches authorization checks to read required privileges from RbacOperationSemantics. |
| polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizableOperation.java | Removes embedded RBAC privilege definitions, leaving a pure operation enum. |
| polaris-core/src/test/java/org/apache/polaris/core/auth/RbacOperationSemanticsTest.java | Adds tests ensuring complete semantics coverage and validates constructor behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
polaris-core/src/main/java/org/apache/polaris/core/auth/RbacOperationSemantics.java
Outdated
Show resolved
Hide resolved
polaris-core/src/main/java/org/apache/polaris/core/auth/RbacOperationSemantics.java
Show resolved
Hide resolved
polaris-core/src/test/java/org/apache/polaris/core/auth/RbacOperationSemanticsTest.java
Show resolved
Hide resolved
polaris-core/src/test/java/org/apache/polaris/core/auth/RbacOperationSemanticsTest.java
Show resolved
Hide resolved
polaris-core/src/main/java/org/apache/polaris/core/auth/RbacOperationSemantics.java
Show resolved
Hide resolved
# Conflicts: # polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizableOperation.java
flyingImer
left a comment
flyingImer
left a comment
There was a problem hiding this comment.
submit placeholder review to allow republish with improved draft
flyingImer
left a comment
flyingImer
left a comment
There was a problem hiding this comment.
Summary
This review uses correctly posted body via submit API test.
|
@sungwy : it looks like we got conflicts from the PRs removing unused operation values 😅 |
| record RbacOperationSemantics( | ||
| Set<PolarisPrivilege> targetPrivileges, | ||
| Set<PolarisPrivilege> secondaryPrivileges, | ||
| ResolvedPathRooting rooting) { |
There was a problem hiding this comment.
How is rooting intended to be used? I do not see any readers of this value 🤔
There was a problem hiding this comment.
Is it used in a follow-up PR?
There was a problem hiding this comment.
up to you... I was just wondering about the usage pattern... I'll check the other PR.
There was a problem hiding this comment.
I'm still a bit fuzzy about the "prepend root container" logic, but it looks like it existed since day 1, so we're not changing it in these PRs, just making inputs nicer 👍
There was a problem hiding this comment.
yes, exactly - currently the logic is embedded into the Handler call sites and I think it should be defined here as an RBAC semantic instead.
github-project-automation
bot
moved this from PRs In Progress
to Ready to merge
in Basic Kanban Board
# Conflicts: # polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizableOperation.java
github-project-automation
bot
moved this from Ready to merge
to Done
in Basic Kanban Board
|
Thanks a lot for the change, @sungwy ! The PR is in the right direction. Checked with @dennishuo a bit yesterday. He is interested in taking a look. Given the impact of this refactor, can we give a bit more time for reviewers? |
|
@flyrain : this PR has been merged, but follow-up comments and changes are welcome, of course... or are you proposing to revert it? |
|
Hi @flyrain, thank you for the note. As @dimas-b mentioned, I went ahead and merged this PR after the series of reviews here and on #3999. Since no use facing changes are introduced here, I felt it was reasonable to move things forward once it was approved. That said, I’m very open to feedback. If there are concerns about the direction of the refactor, I’m happy to pause any follow-up changes while we take a closer look. @dennishuo I would really appreciate your thoughts when you have a chance. Happy to adjust based on your feedback. |
Refactoring to decouple RBAC specific privilege based authorization semantics from
PolarisAuthorizableOperations. The PR includes a unit test suite that verifies that allPolarisAuthorizableOperationshave their correspondingRbacOperationSemanticsdefined with atargetPrivilege.No behavior change is introduced in this PR.
Note: This is an off-shoot from #3999.
Checklist
CHANGELOG.md(if needed)site/content/in-dev/unreleased(if needed)