From 74c7aac4e99c1fa377af4194d73fa4c759cfc478 Mon Sep 17 00:00:00 2001
From: roryqi <roryqi@apache.org>
Date: Mon, 23 Dec 2024 17:03:45 +0800
Subject: [PATCH] [#5947] fix(auth): It will throw error if we enable
 authorization and rename catalog (#5949)

### What changes were proposed in this pull request?

Fix the issue of renaming catalogs or metalakes.

### Why are the changes needed?

Fix: #5947

### Does this PR introduce _any_ user-facing change?

No.

### How was this patch tested?
Add UT.
---
 .../ranger/integration/test/RangerBaseE2EIT.java | 16 ++++++++++++++++
 .../authorization/AuthorizationUtils.java        |  9 +++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java
index c7c9ec02f22..1fb9677d528 100644
--- a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java
+++ b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java
@@ -29,8 +29,10 @@
 import java.util.List;
 import org.apache.commons.io.FileUtils;
 import org.apache.gravitino.Catalog;
+import org.apache.gravitino.CatalogChange;
 import org.apache.gravitino.MetadataObject;
 import org.apache.gravitino.MetadataObjects;
+import org.apache.gravitino.MetalakeChange;
 import org.apache.gravitino.NameIdentifier;
 import org.apache.gravitino.auth.AuthConstants;
 import org.apache.gravitino.authorization.Owner;
@@ -203,6 +205,20 @@ protected static void waitForUpdatingPolicies() {
 
   protected abstract void testAlterTable();
 
+  // ISSUE-5947: can't rename a catalog or a metalake
+  @Test
+  void testRenameMetalakeOrCatalog() {
+    Assertions.assertDoesNotThrow(
+        () -> client.alterMetalake(metalakeName, MetalakeChange.rename("new_name")));
+    Assertions.assertDoesNotThrow(
+        () -> client.alterMetalake("new_name", MetalakeChange.rename(metalakeName)));
+
+    Assertions.assertDoesNotThrow(
+        () -> metalake.alterCatalog(catalogName, CatalogChange.rename("new_name")));
+    Assertions.assertDoesNotThrow(
+        () -> metalake.alterCatalog("new_name", CatalogChange.rename(catalogName)));
+  }
+
   @Test
   protected void testCreateSchema() throws InterruptedException {
     // Choose a catalog
diff --git a/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java b/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java
index 61aa86f425e..0e236b72635 100644
--- a/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java
+++ b/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java
@@ -274,9 +274,14 @@ public static void authorizationPluginRenamePrivileges(
           NameIdentifierUtil.toMetadataObject(NameIdentifier.of(ident.namespace(), newName), type);
       MetadataObjectChange renameObject =
           MetadataObjectChange.rename(oldMetadataObject, newMetadataObject);
+
+      String metalake = type == Entity.EntityType.METALAKE ? newName : ident.namespace().level(0);
+
+      // For a renamed catalog, we should pass the new name catalog, otherwise we can't find the
+      // catalog in the entity store
       callAuthorizationPluginForMetadataObject(
-          ident.namespace().level(0),
-          oldMetadataObject,
+          metalake,
+          newMetadataObject,
           authorizationPlugin -> {
             authorizationPlugin.onMetadataUpdated(renameObject);
           });