flyrain commented on code in PR #3999:
URL: https://github.com/apache/polaris/pull/3999#discussion_r3077112696
##########
polaris-core/src/main/java/org/apache/polaris/core/auth/AuthorizationRequest.java:
##########
@@ -75,18 +79,36 @@ default List<PolarisSecurable> getTargets() {
@Nonnull
@Value.Derived
default List<PolarisSecurable> getSecondaries() {
- List<PolarisSecurable> secondaries = new ArrayList<>();
- for (AuthorizationTargetBinding targetBinding : getTargetBindings()) {
- if (targetBinding.getSecondary() != null) {
- secondaries.add(targetBinding.getSecondary());
- }
- }
- return secondaries;
+ return getTargetBindings().stream()
+ .map(AuthorizationTargetBinding::getSecondary)
+ .filter(Objects::nonNull)
+ .toList();
+ }
+
+ /**
+ * Returns a stable debug string for authorization messages.
+ *
+ * <p>Includes the operation, principal name, formatted targets, and
formatted secondaries.
+ */
+ @Nonnull
+ default String formatForAuthorizationMessage() {
+ return String.format(
+ "operation=%s principal=%s targets=%s secondaries=%s",
Review Comment:
> this will be logged in the Polaris logs, but excluded in the Polaris API
response sent back to the user.
Agreed. We should be careful about the exception message. For example,
https://github-personal/polaris-catalog/polaris/blob/main/runtime/service/src/main/java/org/apache/polaris/service/exception/IcebergExceptionMapper.java#L109-L109,
it sends back as part of response. Otherwise, we should be good.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
