justinmclean opened a new issue, #10269:
URL: https://github.com/apache/gravitino/issues/10269
### What would you like to be improved?
FilesetHookDispatcher.dropFileset always calls
AuthorizationUtils.authorizationPluginRemovePrivileges(...) after delegating
the drop.
But the delegate can validly return false (fileset not dropped / not found).
In that path, metadata still exists (or at least was not deleted by this
operation), yet authorization privileges are removed anyway. This can
desynchronize authorization state from metadata state and cause incorrect
access behavior.
### How should we improve?
Guard privilege removal by the drop result:
- Fetch locations as today.
- Call dispatcher.dropFileset(ident).
- Only call authorizationPluginRemovePrivileges(...) when dropped == true.
- Return dropped unchanged.
Here's a test to help:
```
@Test
public void testDropFilesetShouldNotRemovePrivilegesWhenDropReturnsFalse()
{
NameIdentifier ident = NameIdentifier.of("metalake", "catalog",
"schema", "fileset");
FilesetDispatcher delegate = Mockito.mock(FilesetDispatcher.class);
FilesetHookDispatcher hookDispatcher = new
FilesetHookDispatcher(delegate);
List<String> locations = ImmutableList.of("/tmp/fileset");
Mockito.when(delegate.dropFileset(ident)).thenReturn(false);
try (MockedStatic<AuthorizationUtils> mockedAuthz =
Mockito.mockStatic(AuthorizationUtils.class)) {
mockedAuthz
.when(
() -> AuthorizationUtils.getMetadataObjectLocation(ident,
Entity.EntityType.FILESET))
.thenReturn(locations);
hookDispatcher.dropFileset(ident);
mockedAuthz.verify(
() ->
AuthorizationUtils.authorizationPluginRemovePrivileges(
ident, Entity.EntityType.FILESET, locations),
Mockito.never());
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
