This is an automated email from the ASF dual-hosted git repository.
yuqi4733 pushed a commit to branch branch-1.1
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/branch-1.1 by this push:
new 1f75cdeece [Cherry-pick to branch-1.1] [#10055] fix(authz): Fix
`NoSuchEntityException` caused by unimported schema entity (#10059) (#10076)
1f75cdeece is described below
commit 1f75cdeece3d128eb0a5fdd02141d6f52e857893
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Fri Feb 27 20:40:49 2026 +0800
[Cherry-pick to branch-1.1] [#10055] fix(authz): Fix
`NoSuchEntityException` caused by unimported schema entity (#10059) (#10076)
**Cherry-pick Information:**
- Original commit: 7d0a8282faee4d4760abdf7bc4c46d5271891cf3
- Target branch: `branch-1.1`
- Status: ⚠️ **Has conflicts - manual resolution required**
Please review and resolve the conflicts before merging.
---------
Co-authored-by: roryqi <[email protected]>
---
.../TableAuthorizationCacheEnabledIT.java | 42 ++++++++++++++++++++++
.../test/authorization/TableAuthorizationIT.java | 9 +++++
.../server/authorization/MetadataAuthzHelper.java | 30 +++++++++++++++-
3 files changed, 80 insertions(+), 1 deletion(-)
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationCacheEnabledIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationCacheEnabledIT.java
new file mode 100644
index 0000000000..06586f3f2e
--- /dev/null
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationCacheEnabledIT.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.gravitino.client.integration.test.authorization;
+
+import org.apache.gravitino.Configs;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.TestMethodOrder;
+
+/**
+ * Integration tests for table authorization with cache enabled. This test
class runs the same tests
+ * as {@link TableAuthorizationIT} but with the cache enabled to ensure
authorization works
+ * correctly with caching.
+ */
+@Tag("gravitino-docker-test")
+@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+public class TableAuthorizationCacheEnabledIT extends TableAuthorizationIT {
+
+ @BeforeAll
+ @Override
+ public void startIntegrationTest() throws Exception {
+ customConfigs.put(Configs.CACHE_ENABLED.getKey(), "true");
+ super.startIntegrationTest();
+ }
+}
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationIT.java
index bc7cb46d6b..53fc6d372e 100644
---
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationIT.java
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/TableAuthorizationIT.java
@@ -20,6 +20,7 @@ package
org.apache.gravitino.client.integration.test.authorization;
import static org.junit.Assert.assertThrows;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.junit.jupiter.api.Assertions.assertEquals;
import com.google.common.collect.ImmutableList;
@@ -129,12 +130,20 @@ public class TableAuthorizationIT extends
BaseRestApiAuthorizationIT {
public void testCreateTable() {
// owner can create table
TableCatalog tableCatalog =
client.loadMetalake(METALAKE).loadCatalog(CATALOG).asTableCatalog();
+
+ // ISSUE-10005: Fix NoSuchEntityException caused by unimported schema
entity
+ assertDoesNotThrow(
+ () -> {
+ tableCatalog.listTables(Namespace.of("default"));
+ });
+
tableCatalog.createTable(
NameIdentifier.of(SCHEMA, "table1"), createColumns(), "test", new
HashMap<>());
// ISSUE-9982: Schema default isn't imported before
tableCatalog.createTable(
NameIdentifier.of("default", "table2"), createColumns(), "test", new
HashMap<>());
+ tableCatalog.dropTable(NameIdentifier.of("default", "table2"));
// normal user cannot create table
TableCatalog tableCatalogNormalUser =
diff --git
a/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
b/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
index 5049d2f4aa..3980062946 100644
---
a/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
+++
b/server-common/src/main/java/org/apache/gravitino/server/authorization/MetadataAuthzHelper.java
@@ -17,6 +17,7 @@
package org.apache.gravitino.server.authorization;
+import com.google.common.base.Preconditions;
import java.lang.reflect.Array;
import java.security.Principal;
import java.util.ArrayList;
@@ -36,6 +37,7 @@ import org.apache.gravitino.GravitinoEnv;
import org.apache.gravitino.MetadataObject;
import org.apache.gravitino.Metalake;
import org.apache.gravitino.NameIdentifier;
+import org.apache.gravitino.Namespace;
import org.apache.gravitino.authorization.AuthorizationRequestContext;
import org.apache.gravitino.authorization.GravitinoAuthorizer;
import org.apache.gravitino.dto.tag.MetadataObjectDTO;
@@ -76,6 +78,13 @@ public class MetadataAuthzHelper {
Entity.EntityType.JOB,
Entity.EntityType.JOB_TEMPLATE);
+ /**
+ * Topic and Table may be from the external system and the schema may not
exist in Gravitino, so
+ * we need to import the schema first
+ */
+ private static final List<Entity.EntityType> REQUIRE_SCHEMA_EXISTS =
+ Arrays.asList(Entity.EntityType.TABLE, Entity.EntityType.TOPIC);
+
private MetadataAuthzHelper() {}
public static Metalake[] filterMetalakes(Metalake[] metalakes, String
expression) {
@@ -348,7 +357,11 @@ public class MetadataAuthzHelper {
private static void preloadToCache(
Entity.EntityType entityType, NameIdentifier[] nameIdentifiers) {
Config config = GravitinoEnv.getInstance().config();
- if (config == null || !config.get(Configs.CACHE_ENABLED)) {
+ // If cache is not enabled or access control dispatcher is not set, skip
preloading to cache
+ if (config == null
+ || !config.get(Configs.CACHE_ENABLED)
+ || GravitinoEnv.getInstance().accessControlDispatcher() == null
+ || nameIdentifiers.length == 0) {
return;
}
@@ -357,6 +370,21 @@ public class MetadataAuthzHelper {
return;
}
+ if (REQUIRE_SCHEMA_EXISTS.contains(entityType)) {
+ // For entity types that require schema existence, check if the schema
exists before
+ // preloading to cache
+ Namespace firstNamespace = nameIdentifiers[0].namespace();
+ Preconditions.checkArgument(
+ Arrays.stream(nameIdentifiers).allMatch(id ->
id.namespace().equals(firstNamespace)),
+ "All identifiers must have the same schema");
+
+ if (!GravitinoEnv.getInstance()
+ .schemaDispatcher()
+ .schemaExists(NameIdentifier.parse(firstNamespace.toString()))) {
+ return;
+ }
+ }
+
GravitinoEnv.getInstance()
.entityStore()
.batchGet(
