diff --git a/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java b/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java index 4d5f763b4..e817b2404 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java @@ -79,6 +79,7 @@ import org.apache.polaris.core.auth.PolarisPrincipal; import org.apache.polaris.core.catalog.PolarisCatalogHelpers; import org.apache.polaris.core.config.FeatureConfiguration; +import org.apache.polaris.core.config.RealmConfig; import org.apache.polaris.core.connection.AuthenticationParametersDpo; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.entity.CatalogEntity; @@ -138,6 +139,7 @@ public class PolarisAdminService { private static final Logger LOGGER = LoggerFactory.getLogger(PolarisAdminService.class); private final CallContext callContext; + private final RealmConfig realmConfig; private final ResolutionManifestFactory resolutionManifestFactory; private final SecurityContext securityContext; private final PolarisPrincipal polarisPrincipal; @@ -158,6 +160,7 @@ public PolarisAdminService( @NotNull PolarisAuthorizer authorizer, @NotNull ReservedProperties reservedProperties) { this.callContext = callContext; + this.realmConfig = callContext.getRealmConfig(); this.resolutionManifestFactory = resolutionManifestFactory; this.metaStoreManager = metaStoreManager; this.securityContext = securityContext; @@ -643,7 +646,7 @@ private String terminateWithSlash(String path) { */ private boolean catalogOverlapsWithExistingCatalog(CatalogEntity catalogEntity) { boolean allowOverlappingCatalogUrls = - callContext.getRealmConfig().getConfig(FeatureConfiguration.ALLOW_OVERLAPPING_CATALOG_URLS); + realmConfig.getConfig(FeatureConfiguration.ALLOW_OVERLAPPING_CATALOG_URLS); if (allowOverlappingCatalogUrls) { return false; } @@ -744,8 +747,7 @@ public PolarisEntity createCatalog(CreateCatalogRequest catalogRequest) { PolarisAuthorizableOperation op = PolarisAuthorizableOperation.CREATE_CATALOG; authorizeBasicRootOperationOrThrow(op); - CatalogEntity entity = - CatalogEntity.fromCatalog(callContext.getRealmConfig(), catalogRequest.getCatalog()); + CatalogEntity entity = CatalogEntity.fromCatalog(realmConfig, catalogRequest.getCatalog()); checkArgument(entity.getId() == -1, "Entity to be created must have no ID assigned"); @@ -773,11 +775,10 @@ public PolarisEntity createCatalog(CreateCatalogRequest catalogRequest) { .addKeyValue("catalogName", entity.getName()) .log("Creating a federated catalog"); FeatureConfiguration.enforceFeatureEnabledOrThrow( - callContext.getRealmConfig(), FeatureConfiguration.ENABLE_CATALOG_FEDERATION); + realmConfig, FeatureConfiguration.ENABLE_CATALOG_FEDERATION); Map processedSecretReferences = Map.of(); List supportedAuthenticationTypes = - callContext - .getRealmConfig() + realmConfig .getConfig(FeatureConfiguration.SUPPORTED_EXTERNAL_CATALOG_AUTHENTICATION_TYPES) .stream() .map(s -> s.toUpperCase(Locale.ROOT)) @@ -830,8 +831,7 @@ public void deleteCatalog(String name) { findCatalogByName(name) .orElseThrow(() -> new NotFoundException("Catalog %s not found", name)); // TODO: Handle return value in case of concurrent modification - boolean cleanup = - callContext.getRealmConfig().getConfig(FeatureConfiguration.CLEANUP_ON_CATALOG_DROP); + boolean cleanup = realmConfig.getConfig(FeatureConfiguration.CLEANUP_ON_CATALOG_DROP); DropEntityResult dropEntityResult = metaStoreManager.dropEntityIfExists( getCurrentPolarisContext(), null, entity, Map.of(), cleanup); @@ -950,7 +950,7 @@ private void validateUpdateCatalogDiffOrThrow( } if (updateRequest.getStorageConfigInfo() != null) { updateBuilder.setStorageConfigurationInfo( - callContext.getRealmConfig(), updateRequest.getStorageConfigInfo(), defaultBaseLocation); + realmConfig, updateRequest.getStorageConfigInfo(), defaultBaseLocation); } CatalogEntity updatedEntity = updateBuilder.build(); diff --git a/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java b/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java index 2391abdb9..806289da0 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java @@ -64,6 +64,7 @@ import org.apache.polaris.core.auth.PolarisAuthorizer; import org.apache.polaris.core.auth.PolarisPrincipal; import org.apache.polaris.core.config.FeatureConfiguration; +import org.apache.polaris.core.config.RealmConfig; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.core.entity.CatalogEntity; @@ -98,6 +99,7 @@ public class PolarisServiceImpl private final MetaStoreManagerFactory metaStoreManagerFactory; private final UserSecretsManagerFactory userSecretsManagerFactory; private final CallContext callContext; + private final RealmConfig realmConfig; private final ReservedProperties reservedProperties; @Inject @@ -113,6 +115,7 @@ public PolarisServiceImpl( this.userSecretsManagerFactory = userSecretsManagerFactory; this.polarisAuthorizer = polarisAuthorizer; this.callContext = callContext; + this.realmConfig = callContext.getRealmConfig(); this.reservedProperties = reservedProperties; } @@ -168,9 +171,7 @@ public Response createCatalog( private void validateStorageConfig(StorageConfigInfo storageConfigInfo) { List allowedStorageTypes = - callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES); + realmConfig.getConfig(FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES); if (!allowedStorageTypes.contains(storageConfigInfo.getStorageType().name())) { LOGGER .atWarn() @@ -197,10 +198,7 @@ private void validateConnectionConfigInfo(ConnectionConfigInfo connectionConfigI String connectionType = connectionConfigInfo.getConnectionType().name(); List supportedConnectionTypes = - callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.SUPPORTED_CATALOG_CONNECTION_TYPES) - .stream() + realmConfig.getConfig(FeatureConfiguration.SUPPORTED_CATALOG_CONNECTION_TYPES).stream() .map(s -> s.toUpperCase(Locale.ROOT)) .toList(); if (!supportedConnectionTypes.contains(connectionType)) { @@ -212,8 +210,7 @@ private void validateAuthenticationParameters(AuthenticationParameters authentic String authenticationType = authenticationParameters.getAuthenticationType().name(); List supportedAuthenticationTypes = - callContext - .getRealmConfig() + realmConfig .getConfig(FeatureConfiguration.SUPPORTED_EXTERNAL_CATALOG_AUTHENTICATION_TYPES) .stream() .map(s -> s.toUpperCase(Locale.ROOT)) diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/common/CatalogHandler.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/common/CatalogHandler.java index f356c42b3..2d08ab2db 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/common/CatalogHandler.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/common/CatalogHandler.java @@ -37,6 +37,7 @@ import org.apache.polaris.core.auth.PolarisPrincipal; import org.apache.polaris.core.catalog.ExternalCatalogFactory; import org.apache.polaris.core.catalog.PolarisCatalogHelpers; +import org.apache.polaris.core.config.RealmConfig; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.entity.PolarisEntitySubType; import org.apache.polaris.core.entity.PolarisEntityType; @@ -66,6 +67,7 @@ public abstract class CatalogHandler { protected final PolarisDiagnostics diagnostics; protected final CallContext callContext; + protected final RealmConfig realmConfig; protected final PolarisPrincipal polarisPrincipal; protected final SecurityContext securityContext; @@ -79,6 +81,7 @@ public CatalogHandler( Instance externalCatalogFactories) { this.callContext = callContext; this.diagnostics = callContext.getPolarisCallContext().getDiagServices(); + this.realmConfig = callContext.getRealmConfig(); this.resolutionManifestFactory = resolutionManifestFactory; this.catalogName = catalogName; diagnostics.checkNotNull(securityContext, "null_security_context"); diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogAdapter.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogAdapter.java index 2a4a903b9..befe9907f 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogAdapter.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/generic/GenericTableCatalogAdapter.java @@ -28,6 +28,7 @@ import org.apache.polaris.core.auth.PolarisAuthorizer; import org.apache.polaris.core.catalog.ExternalCatalogFactory; import org.apache.polaris.core.config.FeatureConfiguration; +import org.apache.polaris.core.config.RealmConfig; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.core.persistence.PolarisMetaStoreManager; @@ -50,6 +51,7 @@ public class GenericTableCatalogAdapter private static final Logger LOGGER = LoggerFactory.getLogger(GenericTableCatalogAdapter.class); private final RealmContext realmContext; + private final RealmConfig realmConfig; private final CallContext callContext; private final ResolutionManifestFactory resolutionManifestFactory; private final PolarisMetaStoreManager metaStoreManager; @@ -72,6 +74,7 @@ public GenericTableCatalogAdapter( @Any Instance externalCatalogFactories) { this.realmContext = realmContext; this.callContext = callContext; + this.realmConfig = callContext.getRealmConfig(); this.resolutionManifestFactory = resolutionManifestFactory; this.metaStoreManager = metaStoreManager; this.polarisAuthorizer = polarisAuthorizer; @@ -84,7 +87,7 @@ public GenericTableCatalogAdapter( private GenericTableCatalogHandler newHandlerWrapper( SecurityContext securityContext, String prefix) { FeatureConfiguration.enforceFeatureEnabledOrThrow( - callContext.getRealmConfig(), FeatureConfiguration.ENABLE_GENERIC_TABLES); + realmConfig, FeatureConfiguration.ENABLE_GENERIC_TABLES); validatePrincipal(securityContext); return new GenericTableCatalogHandler( diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java index 9d37dd32d..7eec03595 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java @@ -171,6 +171,7 @@ public class IcebergCatalog extends BaseMetastoreViewCatalog private final StorageCredentialCache storageCredentialCache; private final ResolverFactory resolverFactory; private final CallContext callContext; + private final RealmConfig realmConfig; private final PolarisResolutionManifestCatalogView resolvedEntityView; private final CatalogEntity catalogEntity; private final TaskExecutor taskExecutor; @@ -209,6 +210,7 @@ public IcebergCatalog( this.storageCredentialCache = storageCredentialCache; this.resolverFactory = resolverFactory; this.callContext = callContext; + this.realmConfig = callContext.getRealmConfig(); this.resolvedEntityView = resolvedEntityView; this.catalogEntity = CatalogEntity.of(resolvedEntityView.getResolvedReferenceCatalogEntity().getRawLeafEntity()); @@ -256,7 +258,7 @@ public void initialize(String name, Map properties) { var storageConfigurationInfo = catalogEntity.getStorageConfigurationInfo(); ioImplClassName = IcebergPropertiesValidation.determineFileIOClassName( - callContext.getRealmConfig(), properties, storageConfigurationInfo); + realmConfig, properties, storageConfigurationInfo); if (ioImplClassName == null) { LOGGER.warn( @@ -346,10 +348,8 @@ public TableOperations newTableOps( @Override protected TableOperations newTableOps(TableIdentifier tableIdentifier) { boolean makeMetadataCurrentOnCommit = - callContext - .getRealmConfig() - .getConfig( - BehaviorChangeConfiguration.TABLE_OPERATIONS_MAKE_METADATA_CURRENT_ON_COMMIT); + realmConfig.getConfig( + BehaviorChangeConfiguration.TABLE_OPERATIONS_MAKE_METADATA_CURRENT_ON_COMMIT); return newTableOps(tableIdentifier, makeMetadataCurrentOnCommit); } @@ -488,7 +488,7 @@ private void createNamespaceInternal( // Set / suffix boolean requireTrailingSlash = - callContext.getRealmConfig().getConfig(FeatureConfiguration.ADD_TRAILING_SLASH_TO_LOCATION); + realmConfig.getConfig(FeatureConfiguration.ADD_TRAILING_SLASH_TO_LOCATION); if (requireTrailingSlash && !baseLocation.endsWith("/")) { baseLocation += "/"; } @@ -502,9 +502,7 @@ private void createNamespaceInternal( .setCreateTimestamp(System.currentTimeMillis()) .setBaseLocation(baseLocation) .build(); - if (!callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.ALLOW_NAMESPACE_LOCATION_OVERLAP)) { + if (!realmConfig.getConfig(FeatureConfiguration.ALLOW_NAMESPACE_LOCATION_OVERLAP)) { LOGGER.debug("Validating no overlap for {} with sibling tables or namespaces", namespace); validateNoLocationOverlap(entity, resolvedParent.getRawFullPath()); } else { @@ -641,9 +639,7 @@ public boolean dropNamespace(Namespace namespace) throws NamespaceNotEmptyExcept PolarisEntity.toCoreList(catalogPath), leafEntity, Map.of(), - callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.CLEANUP_ON_NAMESPACE_DROP)); + realmConfig.getConfig(FeatureConfiguration.CLEANUP_ON_NAMESPACE_DROP)); if (!dropEntityResult.isSuccess() && dropEntityResult.failedBecauseNotEmpty()) { throw new NamespaceNotEmptyException("Namespace %s is not empty", namespace); @@ -668,9 +664,7 @@ public boolean setProperties(Namespace namespace, Map properties PolarisEntity updatedEntity = new PolarisEntity.Builder(entity).setProperties(newProperties).build(); - if (!callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.ALLOW_NAMESPACE_LOCATION_OVERLAP)) { + if (!realmConfig.getConfig(FeatureConfiguration.ALLOW_NAMESPACE_LOCATION_OVERLAP)) { LOGGER.debug("Validating no overlap with sibling tables or namespaces"); validateNoLocationOverlap( NamespaceEntity.of(updatedEntity), resolvedEntities.getRawParentPath()); @@ -874,7 +868,6 @@ private String buildPrefixedLocation(TableIdentifier tableIdentifier) { */ private String applyDefaultLocationObjectStoragePrefix( TableIdentifier tableIdentifier, String location) { - RealmConfig realmConfig = callContext.getRealmConfig(); boolean prefixEnabled = realmConfig.getConfig( FeatureConfiguration.DEFAULT_LOCATION_OBJECT_STORAGE_PREFIX_ENABLED, catalogEntity); @@ -1007,17 +1000,14 @@ private void validateLocationsForTableLike( PolarisResolvedPathWrapper resolvedStorageEntity) { Optional optStorageConfiguration = PolarisStorageConfigurationInfo.forEntityPath( - callContext.getRealmConfig(), resolvedStorageEntity.getRawFullPath()); + realmConfig, resolvedStorageEntity.getRawFullPath()); optStorageConfiguration.ifPresentOrElse( storageConfigInfo -> { Map> validationResults = InMemoryStorageIntegration.validateSubpathsOfAllowedLocations( - callContext.getRealmConfig(), - storageConfigInfo, - Set.of(PolarisStorageActions.ALL), - locations); + realmConfig, storageConfigInfo, Set.of(PolarisStorageActions.ALL), locations); validationResults .values() .forEach( @@ -1040,9 +1030,7 @@ private void validateLocationsForTableLike( }, () -> { List allowedStorageTypes = - callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES); + realmConfig.getConfig(FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES); if (!allowedStorageTypes.contains(StorageConfigInfo.StorageTypeEnum.FILE.name())) { List invalidLocations = locations.stream() @@ -1068,13 +1056,9 @@ private void validateNoLocationOverlap( String location, PolarisEntity entity) { boolean validateViewOverlap = - callContext - .getRealmConfig() - .getConfig(BehaviorChangeConfiguration.VALIDATE_VIEW_LOCATION_OVERLAP); + realmConfig.getConfig(BehaviorChangeConfiguration.VALIDATE_VIEW_LOCATION_OVERLAP); - if (callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.ALLOW_TABLE_LOCATION_OVERLAP, catalog)) { + if (realmConfig.getConfig(FeatureConfiguration.ALLOW_TABLE_LOCATION_OVERLAP, catalog)) { LOGGER.debug("Skipping location overlap validation for identifier '{}'", identifier); } else if (validateViewOverlap || entity.getSubType().equals(PolarisEntitySubType.ICEBERG_TABLE)) { @@ -1108,7 +1092,7 @@ private void validateNoLocationO // Attempt to directly query for siblings boolean useOptimizedSiblingCheck = - callContext.getRealmConfig().getConfig(FeatureConfiguration.OPTIMIZED_SIBLING_CHECK); + realmConfig.getConfig(FeatureConfiguration.OPTIMIZED_SIBLING_CHECK); if (useOptimizedSiblingCheck) { Optional> directSiblingCheckResult = getMetaStoreManager().hasOverlappingSiblings(callContext.getPolarisCallContext(), entity); @@ -2018,12 +2002,9 @@ protected void refreshFromMetadataLocation( } private void validateMetadataFileInTableDir(TableIdentifier identifier, TableMetadata metadata) { - boolean allowEscape = - callContext.getRealmConfig().getConfig(FeatureConfiguration.ALLOW_EXTERNAL_TABLE_LOCATION); + boolean allowEscape = realmConfig.getConfig(FeatureConfiguration.ALLOW_EXTERNAL_TABLE_LOCATION); if (!allowEscape - && !callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.ALLOW_EXTERNAL_METADATA_FILE_LOCATION)) { + && !realmConfig.getConfig(FeatureConfiguration.ALLOW_EXTERNAL_METADATA_FILE_LOCATION)) { LOGGER.debug( "Validating base location {} for table {} in metadata file {}", metadata.location(), @@ -2223,7 +2204,7 @@ private void createTableLike( IcebergTableLikeEntity icebergTableLikeEntity = IcebergTableLikeEntity.of(entity); // Set / suffix boolean requireTrailingSlash = - callContext.getRealmConfig().getConfig(FeatureConfiguration.ADD_TRAILING_SLASH_TO_LOCATION); + realmConfig.getConfig(FeatureConfiguration.ADD_TRAILING_SLASH_TO_LOCATION); if (requireTrailingSlash && icebergTableLikeEntity.getBaseLocation() != null && !icebergTableLikeEntity.getBaseLocation().endsWith("/")) { @@ -2288,7 +2269,7 @@ private void updateTableLike(TableIdentifier identifier, PolarisEntity entity) { // Set / suffix boolean requireTrailingSlash = - callContext.getRealmConfig().getConfig(FeatureConfiguration.ADD_TRAILING_SLASH_TO_LOCATION); + realmConfig.getConfig(FeatureConfiguration.ADD_TRAILING_SLASH_TO_LOCATION); if (requireTrailingSlash && icebergTableLikeEntity.getBaseLocation() != null && !icebergTableLikeEntity.getBaseLocation().endsWith("/")) { @@ -2348,9 +2329,7 @@ private void updateTableLike(TableIdentifier identifier, PolarisEntity entity) { // Check that purge is enabled, if it is set: if (catalogPath != null && !catalogPath.isEmpty() && purge) { boolean dropWithPurgeEnabled = - callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.DROP_WITH_PURGE_ENABLED, catalogEntity); + realmConfig.getConfig(FeatureConfiguration.DROP_WITH_PURGE_ENABLED, catalogEntity); if (!dropWithPurgeEnabled) { throw new ForbiddenException( String.format( @@ -2575,8 +2554,6 @@ protected FileIO loadFileIO(String ioImpl, Map properties) { } private int getMaxMetadataRefreshRetries() { - return callContext - .getRealmConfig() - .getConfig(FeatureConfiguration.MAX_METADATA_REFRESH_RETRIES); + return realmConfig.getConfig(FeatureConfiguration.MAX_METADATA_REFRESH_RETRIES); } } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java index a70ea6f6c..33b4bef06 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java @@ -210,7 +210,7 @@ protected void initializeCatalog() { .addKeyValue("remoteUrl", connectionConfigInfoDpo.getUri()) .log("Initializing federated catalog"); FeatureConfiguration.enforceFeatureEnabledOrThrow( - callContext.getRealmConfig(), FeatureConfiguration.ENABLE_CATALOG_FEDERATION); + realmConfig, FeatureConfiguration.ENABLE_CATALOG_FEDERATION); Catalog federatedCatalog; ConnectionType connectionType = @@ -688,17 +688,13 @@ public Optional loadTableWithAccessDelegationIfStale( LOGGER.info("Catalog type: {}", catalogEntity.getCatalogType()); LOGGER.info( "allow external catalog credential vending: {}", - callContext - .getRealmConfig() - .getConfig( - FeatureConfiguration.ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING, catalogEntity)); + realmConfig.getConfig( + FeatureConfiguration.ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING, catalogEntity)); if (catalogEntity .getCatalogType() .equals(org.apache.polaris.core.admin.model.Catalog.TypeEnum.EXTERNAL) - && !callContext - .getRealmConfig() - .getConfig( - FeatureConfiguration.ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING, catalogEntity)) { + && !realmConfig.getConfig( + FeatureConfiguration.ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING, catalogEntity)) { throw new ForbiddenException( "Access Delegation is not enabled for this catalog. Please consult applicable " + "documentation for the catalog config property '%s' to enable this feature", @@ -952,10 +948,8 @@ public void commitTransaction(CommitTransactionRequest commitTransactionRequest) if (!currentMetadata .location() .equals(((MetadataUpdate.SetLocation) singleUpdate).location()) - && !callContext - .getRealmConfig() - .getConfig( - FeatureConfiguration.ALLOW_NAMESPACE_LOCATION_OVERLAP)) { + && !realmConfig.getConfig( + FeatureConfiguration.ALLOW_NAMESPACE_LOCATION_OVERLAP)) { throw new BadRequestException( "Unsupported operation: commitTransaction containing SetLocation" + " for table '%s' and new location '%s'", diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogAdapter.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogAdapter.java index 6168e9a52..b2fa94f49 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogAdapter.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/policy/PolicyCatalogAdapter.java @@ -29,6 +29,7 @@ import org.apache.polaris.core.auth.PolarisAuthorizer; import org.apache.polaris.core.catalog.ExternalCatalogFactory; import org.apache.polaris.core.config.FeatureConfiguration; +import org.apache.polaris.core.config.RealmConfig; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.core.persistence.PolarisMetaStoreManager; @@ -54,6 +55,7 @@ public class PolicyCatalogAdapter implements PolarisCatalogPolicyApiService, Cat private static final Logger LOGGER = LoggerFactory.getLogger(PolicyCatalogAdapter.class); private final RealmContext realmContext; + private final RealmConfig realmConfig; private final CallContext callContext; private final ResolutionManifestFactory resolutionManifestFactory; private final PolarisMetaStoreManager metaStoreManager; @@ -74,6 +76,7 @@ public PolicyCatalogAdapter( @Any Instance externalCatalogFactories) { this.realmContext = realmContext; this.callContext = callContext; + this.realmConfig = callContext.getRealmConfig(); this.resolutionManifestFactory = resolutionManifestFactory; this.metaStoreManager = metaStoreManager; this.polarisAuthorizer = polarisAuthorizer; @@ -84,7 +87,7 @@ public PolicyCatalogAdapter( private PolicyCatalogHandler newHandlerWrapper(SecurityContext securityContext, String prefix) { FeatureConfiguration.enforceFeatureEnabledOrThrow( - callContext.getRealmConfig(), FeatureConfiguration.ENABLE_POLICY_STORE); + realmConfig, FeatureConfiguration.ENABLE_POLICY_STORE); validatePrincipal(securityContext); return new PolicyCatalogHandler( diff --git a/runtime/service/src/test/java/org/apache/polaris/service/admin/ManagementServiceTest.java b/runtime/service/src/test/java/org/apache/polaris/service/admin/ManagementServiceTest.java index a620b92e4..422af05cf 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/admin/ManagementServiceTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/admin/ManagementServiceTest.java @@ -201,18 +201,8 @@ public String getAuthenticationScheme() { return ""; } }, - new PolarisAuthorizerImpl(callContext.getRealmConfig()), - new ReservedProperties() { - @Override - public List prefixes() { - return List.of(); - } - - @Override - public Set allowlist() { - return Set.of(); - } - }); + new PolarisAuthorizerImpl(services.realmConfig()), + ReservedProperties.NONE); } private PrincipalEntity createPrincipal( diff --git a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java index a714886e8..2717ee71c 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java @@ -238,7 +238,7 @@ public void before(TestInfo testInfo) { callContext = polarisContext; realmConfig = polarisContext.getRealmConfig(); - polarisAuthorizer = new PolarisAuthorizerImpl(polarisContext.getRealmConfig()); + polarisAuthorizer = new PolarisAuthorizerImpl(realmConfig); PrincipalEntity rootPrincipal = metaStoreManager.findRootPrincipal(polarisContext).orElseThrow(); diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractIcebergCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractIcebergCatalogTest.java index 979e12d23..38c4db7e5 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractIcebergCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractIcebergCatalogTest.java @@ -92,6 +92,7 @@ import org.apache.polaris.core.admin.model.CreateCatalogRequest; import org.apache.polaris.core.admin.model.StorageConfigInfo; import org.apache.polaris.core.admin.model.UpdateCatalogRequest; +import org.apache.polaris.core.auth.PolarisAuthorizer; import org.apache.polaris.core.auth.PolarisAuthorizerImpl; import org.apache.polaris.core.auth.PolarisPrincipal; import org.apache.polaris.core.config.FeatureConfiguration; @@ -303,6 +304,7 @@ public void before(TestInfo testInfo) { when(securityContext.getUserPrincipal()).thenReturn(authenticatedRoot); when(securityContext.isUserInRole(isA(String.class))).thenReturn(true); + PolarisAuthorizer authorizer = new PolarisAuthorizerImpl(realmConfig); reservedProperties = new ReservedProperties() {}; adminService = @@ -312,7 +314,7 @@ public void before(TestInfo testInfo) { metaStoreManager, userSecretsManager, securityContext, - new PolarisAuthorizerImpl(polarisContext.getRealmConfig()), + authorizer, reservedProperties); String storageLocation = "s3://my-bucket/path/to/data"; @@ -1399,8 +1401,7 @@ public void testUpdateNotificationCreateTableWithHttpPrefix() { httpsMetadataLocation, TableMetadataParser.toJson(createSampleTableMetadata(metadataLocation)).getBytes(UTF_8)); - if (!polarisContext - .getRealmConfig() + if (!realmConfig .getConfig(FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES) .contains("FILE")) { Assertions.assertThatThrownBy(() -> catalog.sendNotification(table, newRequest)) diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractIcebergCatalogViewTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractIcebergCatalogViewTest.java index d14ccd84f..92fff50cf 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractIcebergCatalogViewTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractIcebergCatalogViewTest.java @@ -40,6 +40,7 @@ import org.apache.polaris.core.admin.model.CreateCatalogRequest; import org.apache.polaris.core.admin.model.FileStorageConfigInfo; import org.apache.polaris.core.admin.model.StorageConfigInfo; +import org.apache.polaris.core.auth.PolarisAuthorizer; import org.apache.polaris.core.auth.PolarisAuthorizerImpl; import org.apache.polaris.core.auth.PolarisPrincipal; import org.apache.polaris.core.config.FeatureConfiguration; @@ -172,6 +173,7 @@ public void before(TestInfo testInfo) { when(securityContext.getUserPrincipal()).thenReturn(authenticatedRoot); when(securityContext.isUserInRole(Mockito.anyString())).thenReturn(true); + PolarisAuthorizer authorizer = new PolarisAuthorizerImpl(realmConfig); ReservedProperties reservedProperties = ReservedProperties.NONE; PolarisAdminService adminService = @@ -181,7 +183,7 @@ public void before(TestInfo testInfo) { metaStoreManager, userSecretsManager, securityContext, - new PolarisAuthorizerImpl(polarisContext.getRealmConfig()), + authorizer, reservedProperties); adminService.createCatalog( new CreateCatalogRequest( diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractPolarisGenericTableCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractPolarisGenericTableCatalogTest.java index c4f3ce5d4..af7556618 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractPolarisGenericTableCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractPolarisGenericTableCatalogTest.java @@ -41,6 +41,7 @@ import org.apache.polaris.core.admin.model.AwsStorageConfigInfo; import org.apache.polaris.core.admin.model.CreateCatalogRequest; import org.apache.polaris.core.admin.model.StorageConfigInfo; +import org.apache.polaris.core.auth.PolarisAuthorizer; import org.apache.polaris.core.auth.PolarisAuthorizerImpl; import org.apache.polaris.core.auth.PolarisPrincipal; import org.apache.polaris.core.config.FeatureConfiguration; @@ -117,7 +118,6 @@ public abstract class AbstractPolarisGenericTableCatalogTest { private PolarisPrincipal authenticatedRoot; private PolarisEntity catalogEntity; private SecurityContext securityContext; - private ReservedProperties reservedProperties; protected static final Schema SCHEMA = new Schema( @@ -164,7 +164,8 @@ public void before(TestInfo testInfo) { when(securityContext.getUserPrincipal()).thenReturn(authenticatedRoot); when(securityContext.isUserInRole(isA(String.class))).thenReturn(true); - reservedProperties = ReservedProperties.NONE; + PolarisAuthorizer authorizer = new PolarisAuthorizerImpl(realmConfig); + ReservedProperties reservedProperties = ReservedProperties.NONE; adminService = new PolarisAdminService( @@ -173,7 +174,7 @@ public void before(TestInfo testInfo) { metaStoreManager, userSecretsManager, securityContext, - new PolarisAuthorizerImpl(polarisContext.getRealmConfig()), + authorizer, reservedProperties); String storageLocation = "s3://my-bucket/path/to/data"; diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractPolicyCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractPolicyCatalogTest.java index 2b0d8d57f..2e34acac9 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractPolicyCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/AbstractPolicyCatalogTest.java @@ -48,6 +48,7 @@ import org.apache.polaris.core.admin.model.AwsStorageConfigInfo; import org.apache.polaris.core.admin.model.CreateCatalogRequest; import org.apache.polaris.core.admin.model.StorageConfigInfo; +import org.apache.polaris.core.auth.PolarisAuthorizer; import org.apache.polaris.core.auth.PolarisAuthorizerImpl; import org.apache.polaris.core.auth.PolarisPrincipal; import org.apache.polaris.core.config.FeatureConfiguration; @@ -143,7 +144,6 @@ public abstract class AbstractPolicyCatalogTest { private PolarisPrincipal authenticatedRoot; private PolarisEntity catalogEntity; private SecurityContext securityContext; - private ReservedProperties reservedProperties; @BeforeAll public static void setUpMocks() { @@ -185,7 +185,8 @@ public void before(TestInfo testInfo) { when(securityContext.getUserPrincipal()).thenReturn(authenticatedRoot); when(securityContext.isUserInRole(isA(String.class))).thenReturn(true); - reservedProperties = ReservedProperties.NONE; + PolarisAuthorizer authorizer = new PolarisAuthorizerImpl(realmConfig); + ReservedProperties reservedProperties = ReservedProperties.NONE; adminService = new PolarisAdminService( @@ -194,7 +195,7 @@ public void before(TestInfo testInfo) { metaStoreManager, userSecretsManager, securityContext, - new PolarisAuthorizerImpl(realmConfig), + authorizer, reservedProperties); String storageLocation = "s3://my-bucket/path/to/data"; diff --git a/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java b/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java index c3fafc7fc..2cb9a483d 100644 --- a/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java +++ b/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java @@ -39,6 +39,7 @@ import org.apache.polaris.core.auth.PolarisPrincipal; import org.apache.polaris.core.catalog.ExternalCatalogFactory; import org.apache.polaris.core.config.PolarisConfigurationStore; +import org.apache.polaris.core.config.RealmConfig; import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.core.entity.PrincipalEntity; @@ -89,6 +90,7 @@ public record TestServices( ResolutionManifestFactory resolutionManifestFactory, MetaStoreManagerFactory metaStoreManagerFactory, RealmContext realmContext, + RealmConfig realmConfig, SecurityContext securityContext, FileIOFactory fileIOFactory, TaskExecutor taskExecutor, @@ -175,13 +177,13 @@ public TestServices build() { CallContext callContext = new PolarisCallContext( realmContext, metaStoreSession, polarisDiagnostics, configurationStore); + RealmConfig realmConfig = callContext.getRealmConfig(); PolarisMetaStoreManager metaStoreManager = metaStoreManagerFactory.getOrCreateMetaStoreManager(realmContext); EntityCache entityCache = - metaStoreManagerFactory.getOrCreateEntityCache( - realmContext, callContext.getRealmConfig()); + metaStoreManagerFactory.getOrCreateEntityCache(realmContext, realmConfig); ResolverFactory resolverFactory = (_callContext, securityContext, referenceCatalogName) -> new Resolver( @@ -213,8 +215,7 @@ public TestServices build() { ReservedProperties reservedProperties = ReservedProperties.NONE; - CatalogHandlerUtils catalogHandlerUtils = - new CatalogHandlerUtils(callContext.getRealmConfig()); + CatalogHandlerUtils catalogHandlerUtils = new CatalogHandlerUtils(realmConfig); @SuppressWarnings("unchecked") Instance externalCatalogFactory = Mockito.mock(Instance.class); @@ -297,6 +298,7 @@ public String getAuthenticationScheme() { resolutionManifestFactory, metaStoreManagerFactory, realmContext, + realmConfig, securityContext, fileIOFactory, taskExecutor,