-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[#5661] feat(auth): Add JDBC authorization plugin interface #5904
Conversation
f8b1c08
to
a144b64
Compare
c178a6d
to
8601049
Compare
.../authorization-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcPrivilege.java
Outdated
Show resolved
Hide resolved
...c/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcSQLBasedAuthorizationPlugin.java
Outdated
Show resolved
Hide resolved
...c/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcSQLBasedAuthorizationPlugin.java
Outdated
Show resolved
Hide resolved
...rc/main/java/org/apache/gravitino/authorization/jdbc/JdbcSecurableObjectMappingProvider.java
Outdated
Show resolved
Hide resolved
...rc/main/java/org/apache/gravitino/authorization/jdbc/JdbcSecurableObjectMappingProvider.java
Outdated
Show resolved
Hide resolved
...c/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcSQLBasedAuthorizationPlugin.java
Outdated
Show resolved
Hide resolved
...tion-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcAuthorizationPlugin.java
Outdated
Show resolved
Hide resolved
...rc/main/java/org/apache/gravitino/authorization/jdbc/JdbcSecurableObjectMappingProvider.java
Outdated
Show resolved
Hide resolved
...-jdbc/src/test/java/org/apache/gravitino/authorization/jdbc/JdbcAuthorizationPluginTest.java
Show resolved
Hide resolved
...-jdbc/src/test/java/org/apache/gravitino/authorization/jdbc/JdbcAuthorizationPluginTest.java
Outdated
Show resolved
Hide resolved
...tion-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcAuthorizationPlugin.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR is too big to review effectively. Can we split it into a few smaller ones?
List<AuthorizationPrivilege> privileges; | ||
|
||
JdbcAuthorizationObject(String database, String table, List<AuthorizationPrivilege> privileges) { | ||
Preconditions.checkNotNull(database, "Jdbc authorization object database can't null"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Preconditions.checkNotNull(database, "Jdbc authorization object database can't null"); | |
Preconditions.checkNotNull(database, "JDBC authorization object database cannot be null"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Changed.
public void close() throws IOException { | ||
if (dataSource != null) { | ||
try { | ||
dataSource.close(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this call be followed by a dataSource = null
? Not sure about it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it's more safe.
revokeObjectPrivileges(role, removeObject); | ||
grantObjectPrivileges(role, addObject); | ||
} else { | ||
throw new IllegalArgumentException(String.format("Don't support RoleChange %s", change)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
throw new IllegalArgumentException(String.format("Don't support RoleChange %s", change)); | |
throw new IllegalArgumentException(String.format("RoleChange is not supported - %s", change)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed.
...tion-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcAuthorizationPlugin.java
Outdated
Show resolved
Hide resolved
ALL("ALL PRIVILEGES"), | ||
CREATE("CREATE"), | ||
DROP("DROP"), | ||
USAGE("USAGE"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe there is a better way to consolidate this enum type with the class constants defined earlier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you give an example?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe something like:
public enum Type {
SELECT(new JdbcPrivilege("SELECT"), "SELECT"),
...
}
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it's weird. Because it's cyclic dependency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to xun's suggestion, I changed this class to enumeration.
It's hard to split otherwise we can't get whole picture of this feature. |
.../authorization-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcPrivilege.java
Outdated
Show resolved
Hide resolved
.../authorization-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcPrivilege.java
Outdated
Show resolved
Hide resolved
...rc/main/java/org/apache/gravitino/authorization/jdbc/JdbcSecurableObjectMappingProvider.java
Outdated
Show resolved
Hide resolved
...-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcAuthorizationProperties.java
Outdated
Show resolved
Hide resolved
...tion-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcAuthorizationPlugin.java
Show resolved
Hide resolved
...orization-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcMetadataObject.java
Outdated
Show resolved
Hide resolved
...orization-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcMetadataObject.java
Outdated
Show resolved
Hide resolved
...orization-jdbc/src/main/java/org/apache/gravitino/authorization/jdbc/JdbcMetadataObject.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@tengqm Do you have any other suggestion? I can raise a follow up pull request to fix them. |
Thanks for asking. None of the issues I raised were meant to be blockers. |
What changes were proposed in this pull request?
Add JDBC authorization plugin interface
Why are the changes needed?
Fix: #5661
Does this PR introduce any user-facing change?
No.
How was this patch tested?
Add a UT