Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#6716] improvement(authz): Delete catalogs if failing to execute post hook actions #6717

Merged
merged 7 commits into from
Mar 20, 2025
Merged

[#6716] improvement(authz): Delete catalogs if failing to execute post hook actions #6717

merged 7 commits into from
Mar 20, 2025

Conversation

jerqi
Copy link
Contributor

@jerqi jerqi commented Mar 19, 2025

What changes were proposed in this pull request?

Delete catalogs if failing to execute post hook actions

Why are the changes needed?

Fix: #6716

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Add a new IT.

@jerqi jerqi changed the title [#6716] improvement: Delete catalogs if failing to execute post hook actions [#6716] improvement(authz): Delete catalogs if failing to execute post hook actions Mar 19, 2025
@jerqi jerqi requested review from yuqi1129 and mchades March 19, 2025 08:37
@jerqi jerqi self-assigned this Mar 19, 2025
@jerqi jerqi added the branch-0.8 Automatically cherry-pick commit to branch-0.8 label Mar 19, 2025
yuqi1129
yuqi1129 previously approved these changes Mar 19, 2025
View reviewed changes
Copy link
Contributor

@yuqi1129 yuqi1129 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @xunliu , Would you like to take a look?

@jerqi jerqi requested a review from yuqi1129 March 19, 2025 13:04
yuqi1129
yuqi1129 reviewed Mar 19, 2025
View reviewed changes
...anger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationPlugin.java
if (ClientResponse.Status.NOT_FOUND.equals(rse.getStatus())) {
if (Boolean.parseBoolean(
config.get(RangerAuthorizationProperties.RANGER_SERVICE_CREATE_IF_ABSENT))
&& ClientResponse.Status.NOT_FOUND.equals(rse.getStatus())) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have changed the original design:
Before: If RANGER_SERVICE_CREATE_IF_ABSENT is false, there will be no exception in any condition.
Now: If RANGER_SERVICE_CREATE_IF_ABSENT is false and the service is unavailable, you will throw

throw new AuthorizationPluginException(
            "Fail to get ranger service name %s, exception: %s", serviceName, rse.getMessage());

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the change seems more reasonable for me.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xunliu, could you please help confirm the original design?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it ok

xunliu
xunliu reviewed Mar 20, 2025
View reviewed changes
...rc/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerHiveE2EIT.java
Comment on lines +242 to +261
Map<String, String> wrongProperties =
ImmutableMap.of(
HiveConstants.METASTORE_URIS,
HIVE_METASTORE_URIS,
IMPERSONATION_ENABLE,
"true",
AUTHORIZATION_PROVIDER,
"ranger",
RangerAuthorizationProperties.RANGER_SERVICE_TYPE,
"HadoopSQL",
RangerAuthorizationProperties.RANGER_ADMIN_URL,
RangerITEnv.RANGER_ADMIN_URL,
RangerAuthorizationProperties.RANGER_AUTH_TYPE,
RangerContainer.authType,
RangerAuthorizationProperties.RANGER_USERNAME,
RangerContainer.rangerUserName,
RangerAuthorizationProperties.RANGER_PASSWORD,
RangerContainer.rangerPassword,
RangerAuthorizationProperties.RANGER_SERVICE_CREATE_IF_ABSENT,
"true");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which is the wrong properties?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remove the service name. This service name is required.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a comment in the here. Thanks

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

...rc/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerHiveE2EIT.java Outdated
Comment on lines 264 to 272
Assertions.assertThrows(
RuntimeException.class,
() ->
metalake.createCatalog(
"wrongTestProperties",
Catalog.Type.RELATIONAL,
provider,
"comment",
wrongProperties));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is better to add a check throw type or throw message function.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@jerqi jerqi requested a review from xunliu March 20, 2025 06:45
xunliu
xunliu approved these changes Mar 20, 2025
View reviewed changes
Copy link
Member

@xunliu xunliu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

...anger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationPlugin.java
if (ClientResponse.Status.NOT_FOUND.equals(rse.getStatus())) {
if (Boolean.parseBoolean(
config.get(RangerAuthorizationProperties.RANGER_SERVICE_CREATE_IF_ABSENT))
&& ClientResponse.Status.NOT_FOUND.equals(rse.getStatus())) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it ok

@jerqi jerqi merged commit 87a1890 into apache:main Mar 20, 2025
28 checks passed
github-actions bot pushed a commit that referenced this pull request Mar 20, 2025
@jerqi @web-flow
[#6716] improvement(authz): Delete catalogs if failing to execute pos…
74ffb61 
…t hook actions (#6717)

### What changes were proposed in this pull request?

 Delete catalogs if failing to execute post hook actions

### Why are the changes needed?


Fix: #6716

### Does this PR introduce _any_ user-facing change?

No.

### How was this patch tested?
Add a new IT.
Abyss-lord pushed a commit to Abyss-lord/gravitino that referenced this pull request Mar 21, 2025
@jerqi @Abyss-lord
[apache#6716] improvement(authz): Delete catalogs if failing to execu…
588aa0f 
…te post hook actions (apache#6717)

### What changes were proposed in this pull request?

 Delete catalogs if failing to execute post hook actions

### Why are the changes needed?


Fix: apache#6716

### Does this PR introduce _any_ user-facing change?

No.

### How was this patch tested?
Add a new IT.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuqi1129 yuqi1129 yuqi1129 left review comments

@xunliu xunliu xunliu approved these changes

@mchades mchades Awaiting requested review from mchades

Assignees

@jerqi jerqi

Labels
branch-0.8 Automatically cherry-pick commit to branch-0.8
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Improvement] Delete catalogs if failing to execute post hook actions.
3 participants
@jerqi @xunliu @yuqi1129