Skip to content

Eliminate getCurrentContext() call in PolarisAuthorizerImpl #1494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
eric-maynard merged 1 commit into from
Apr 29, 2025
Merged

Eliminate getCurrentContext() call in PolarisAuthorizerImpl #1494

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,20 +22,23 @@
import jakarta.annotation.Nullable;
import java.util.List;
import java.util.Set;
import org.apache.polaris.core.context.CallContext;
import org.apache.polaris.core.entity.PolarisBaseEntity;
import org.apache.polaris.core.persistence.PolarisResolvedPathWrapper;

/** Interface for invoking authorization checks. */
public interface PolarisAuthorizer {

void authorizeOrThrow(
@Nonnull CallContext callContext,
@Nonnull AuthenticatedPolarisPrincipal authenticatedPrincipal,
@Nonnull Set<PolarisBaseEntity> activatedEntities,
@Nonnull PolarisAuthorizableOperation authzOp,
@Nullable PolarisResolvedPathWrapper target,
@Nullable PolarisResolvedPathWrapper secondary);

void authorizeOrThrow(
@Nonnull CallContext callContext,
@Nonnull AuthenticatedPolarisPrincipal authenticatedPrincipal,
@Nonnull Set<PolarisBaseEntity> activatedEntities,
@Nonnull PolarisAuthorizableOperation authzOp,
Expand Down
5 changes: 4 additions & 1 deletion polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisAuthorizerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -547,12 +547,14 @@ public boolean matchesOrIsSubsumedBy(

@Override
public void authorizeOrThrow(
@Nonnull CallContext callContext,
@Nonnull AuthenticatedPolarisPrincipal authenticatedPrincipal,
@Nonnull Set<PolarisBaseEntity> activatedEntities,
@Nonnull PolarisAuthorizableOperation authzOp,
@Nullable PolarisResolvedPathWrapper target,
@Nullable PolarisResolvedPathWrapper secondary) {
authorizeOrThrow(
callContext,
authenticatedPrincipal,
activatedEntities,
authzOp,
Expand All @@ -562,14 +564,15 @@ public void authorizeOrThrow(

@Override
public void authorizeOrThrow(
@Nonnull CallContext callContext,
@Nonnull AuthenticatedPolarisPrincipal authenticatedPrincipal,
@Nonnull Set<PolarisBaseEntity> activatedEntities,
@Nonnull PolarisAuthorizableOperation authzOp,
@Nullable List<PolarisResolvedPathWrapper> targets,
@Nullable List<PolarisResolvedPathWrapper> secondaries) {
boolean enforceCredentialRotationRequiredState =
featureConfig.getConfiguration(
CallContext.getCurrentContext().getPolarisCallContext(),
callContext.getPolarisCallContext(),
FeatureConfiguration.ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING);
if (enforceCredentialRotationRequiredState
&& authenticatedPrincipal
Expand Down
10 changes: 10 additions & 0 deletions service/common/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,7 @@ private void authorizeBasicRootOperationOrThrow(PolarisAuthorizableOperation op)
PolarisResolvedPathWrapper rootContainerWrapper =
resolutionManifest.getResolvedRootContainerEntityAsPath();
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedPrincipalRoleEntities(),
op,
Expand Down Expand Up @@ -239,6 +240,7 @@ private void authorizeBasicTopLevelEntityOperationOrThrow(
return;
}
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand All @@ -259,6 +261,7 @@ private void authorizeBasicCatalogRoleOperationOrThrow(
throw new NotFoundException("CatalogRole does not exist: %s", catalogRoleName);
}
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -289,6 +292,7 @@ private void authorizeGrantOnRootContainerToPrincipalRoleOperationOrThrow(
principalRoleName, PolarisEntityType.PRINCIPAL_ROLE);

authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -325,6 +329,7 @@ private void authorizeGrantOnTopLevelEntityToPrincipalRoleOperationOrThrow(
principalRoleName, PolarisEntityType.PRINCIPAL_ROLE);

authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -355,6 +360,7 @@ private void authorizeGrantOnPrincipalRoleToPrincipalOperationOrThrow(
resolutionManifest.getResolvedTopLevelEntity(principalName, PolarisEntityType.PRINCIPAL);

authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -393,6 +399,7 @@ private void authorizeGrantOnCatalogRoleToPrincipalRoleOperationOrThrow(
resolutionManifest.getResolvedPath(catalogRoleName, true);

authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -422,6 +429,7 @@ private void authorizeGrantOnCatalogOperationOrThrow(
PolarisResolvedPathWrapper catalogRoleWrapper =
resolutionManifest.getResolvedPath(catalogRoleName, true);
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -461,6 +469,7 @@ private void authorizeGrantOnNamespaceOperationOrThrow(
resolutionManifest.getResolvedPath(catalogRoleName, true);

authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -506,6 +515,7 @@ private void authorizeGrantOnTableLikeOperationOrThrow(
resolutionManifest.getResolvedPath(catalogRoleName, true);

authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down
6 changes: 6 additions & 0 deletions service/common/src/main/java/org/apache/polaris/service/catalog/common/CatalogHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,7 @@ protected void authorizeBasicNamespaceOperationOrThrow(
throw new NoSuchNamespaceException("Namespace does not exist: %s", namespace);
}
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -174,6 +175,7 @@ protected void authorizeCreateNamespaceUnderNamespaceOperationOrThrow(
throw new NoSuchNamespaceException("Namespace does not exist: %s", parentNamespace);
}
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -211,6 +213,7 @@ protected void authorizeCreateTableLikeUnderNamespaceOperationOrThrow(
throw new NoSuchNamespaceException("Namespace does not exist: %s", namespace);
}
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -239,6 +242,7 @@ protected void authorizeBasicTableLikeOperationOrThrow(
throwNotFoundExceptionForTableLikeEntity(identifier, List.of(subType));
}
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -289,6 +293,7 @@ protected void authorizeCollectionOfTableLikeOperationOrThrow(
"View does not exist: %s", identifier)))
.toList();
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -357,6 +362,7 @@ protected void authorizeRenameTableLikeOperationOrThrow(
PolarisResolvedPathWrapper secondary =
resolutionManifest.getResolvedPath(dst.namespace(), true);
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down
3 changes: 3 additions & 0 deletions .../common/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@ private void authorizeBasicPolicyOperationOrThrow(
}

authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -209,6 +210,7 @@ private void authorizeBasicCatalogOperationOrThrow(PolarisAuthorizableOperation
throw new NotFoundException("Catalog not found");
}
authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down Expand Up @@ -267,6 +269,7 @@ private void authorizePolicyMappingOperationOrThrow(
determinePolicyMappingOperation(target, targetWrapper, isAttach);

authorizer.authorizeOrThrow(
callContext,
authenticatedPrincipal,
resolutionManifest.getAllActivatedCatalogRoleAndPrincipalRoles(),
op,
Expand Down