This is an automated email from the ASF dual-hosted git repository.
jshao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 4fc5975e26 [#7823] feat(authz): Enable the test catalog connection
operation to support authorization. (#8818)
4fc5975e26 is described below
commit 4fc5975e26f8db157eb9ae6d9fd7295046c48ae2
Author: yangyang zhong <[email protected]>
AuthorDate: Fri Oct 17 10:41:50 2025 +0800
[#7823] feat(authz): Enable the test catalog connection operation to
support authorization. (#8818)
### What changes were proposed in this pull request?
Enable the test catalog connection operation to support authorization.
### Why are the changes needed?
Fix: #7823
### Does this PR introduce _any_ user-facing change?
None
### How was this patch tested?
org.apache.gravitino.client.integration.test.authorization.CatalogAuthorizationIT#testCreateCatalog
---
.../test/authorization/CatalogAuthorizationIT.java | 16 +++++++++++++++-
.../gravitino/server/web/rest/CatalogOperations.java | 3 +++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CatalogAuthorizationIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CatalogAuthorizationIT.java
index 2e1a698386..3b62bbf229 100644
---
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CatalogAuthorizationIT.java
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CatalogAuthorizationIT.java
@@ -59,9 +59,17 @@ public class CatalogAuthorizationIT extends
BaseRestApiAuthorizationIT {
@Test
@Order(1)
- public void testCreateCatalog() {
+ public void testCreateCatalog() throws Exception {
Map<String, String> properties = Maps.newHashMap();
properties.put("metastore.uris", hmsUri);
+ assertThrows(
+ "Can not access metadata {" + catalog1 + "}.",
+ ForbiddenException.class,
+ () -> {
+ normalUserClient
+ .loadMetalake(METALAKE)
+ .testConnection(catalog1, Catalog.Type.RELATIONAL, "hive",
"comment", properties);
+ });
assertThrows(
"Can not access metadata {" + catalog1 + "}.",
ForbiddenException.class,
@@ -70,9 +78,15 @@ public class CatalogAuthorizationIT extends
BaseRestApiAuthorizationIT {
.loadMetalake(METALAKE)
.createCatalog(catalog1, Catalog.Type.RELATIONAL, "hive",
"comment", properties);
});
+ client
+ .loadMetalake(METALAKE)
+ .testConnection(catalog1, Catalog.Type.RELATIONAL, "hive", "comment",
properties);
client
.loadMetalake(METALAKE)
.createCatalog(catalog1, Catalog.Type.RELATIONAL, "hive", "comment",
properties);
+ client
+ .loadMetalake(METALAKE)
+ .testConnection(catalog2, Catalog.Type.RELATIONAL, "hive", "comment",
properties);
client
.loadMetalake(METALAKE)
.createCatalog(catalog2, Catalog.Type.RELATIONAL, "hive", "comment",
properties);
diff --git
a/server/src/main/java/org/apache/gravitino/server/web/rest/CatalogOperations.java
b/server/src/main/java/org/apache/gravitino/server/web/rest/CatalogOperations.java
index c1e36b8c09..093e17eff6 100644
---
a/server/src/main/java/org/apache/gravitino/server/web/rest/CatalogOperations.java
+++
b/server/src/main/java/org/apache/gravitino/server/web/rest/CatalogOperations.java
@@ -168,6 +168,9 @@ public class CatalogOperations {
@Path("testConnection")
@Produces("application/vnd.gravitino.v1+json")
@Timed(name = "test-connection." + MetricNames.HTTP_PROCESS_DURATION,
absolute = true)
+ @AuthorizationExpression(
+ expression = "METALAKE::CREATE_CATALOG || METALAKE::OWNER",
+ accessMetadataType = MetadataObject.Type.METALAKE)
@ResponseMetered(name = "test-connection", absolute = true)
public Response testConnection(
@PathParam("metalake") @AuthorizationMetadata(type =
Entity.EntityType.METALAKE)
