From 8722982891a15e7a316fa28cfcc00149f2fd78a0 Mon Sep 17 00:00:00 2001 From: roryqi Date: Mon, 23 Dec 2024 18:28:37 +0800 Subject: [PATCH] [#5947] fix(auth): It will throw error if we enable authorization and rename catalog (#5949) (#5953) ### What changes were proposed in this pull request? Fix the issue of renaming catalogs or metalakes. ### Why are the changes needed? Fix: #5947 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Add UT. --- .../ranger/integration/test/RangerHiveE2EIT.java | 16 ++++++++++++++++ .../authorization/AuthorizationUtils.java | 9 +++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerHiveE2EIT.java b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerHiveE2EIT.java index 409ddf48e22..34e5cb4e2a6 100644 --- a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerHiveE2EIT.java +++ b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerHiveE2EIT.java @@ -39,9 +39,11 @@ import java.util.Map; import org.apache.commons.io.FileUtils; import org.apache.gravitino.Catalog; +import org.apache.gravitino.CatalogChange; import org.apache.gravitino.Configs; import org.apache.gravitino.MetadataObject; import org.apache.gravitino.MetadataObjects; +import org.apache.gravitino.MetalakeChange; import org.apache.gravitino.NameIdentifier; import org.apache.gravitino.auth.AuthConstants; import org.apache.gravitino.auth.AuthenticatorType; @@ -235,6 +237,20 @@ public void stop() { RangerITEnv.cleanup(); } + // ISSUE-5947: can't rename a catalog or a metalake + @Test + void testRenameMetalakeOrCatalog() { + Assertions.assertDoesNotThrow( + () -> client.alterMetalake(metalakeName, MetalakeChange.rename("new_name"))); + Assertions.assertDoesNotThrow( + () -> client.alterMetalake("new_name", MetalakeChange.rename(metalakeName))); + + Assertions.assertDoesNotThrow( + () -> metalake.alterCatalog(catalogName, CatalogChange.rename("new_name"))); + Assertions.assertDoesNotThrow( + () -> metalake.alterCatalog("new_name", CatalogChange.rename(catalogName))); + } + @Test void testCreateSchema() throws InterruptedException { // First, fail to create the schema diff --git a/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java b/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java index ca5866558b4..7c28cafb093 100644 --- a/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java +++ b/core/src/main/java/org/apache/gravitino/authorization/AuthorizationUtils.java @@ -298,9 +298,14 @@ public static void authorizationPluginRenamePrivileges( NameIdentifierUtil.toMetadataObject(NameIdentifier.of(ident.namespace(), newName), type); MetadataObjectChange renameObject = MetadataObjectChange.rename(oldMetadataObject, newMetadataObject); + + String metalake = type == Entity.EntityType.METALAKE ? newName : ident.namespace().level(0); + + // For a renamed catalog, we should pass the new name catalog, otherwise we can't find the + // catalog in the entity store callAuthorizationPluginForMetadataObject( - ident.namespace().level(0), - oldMetadataObject, + metalake, + newMetadataObject, authorizationPlugin -> { authorizationPlugin.onMetadataUpdated(renameObject); });