jerryshao opened a new issue, #11172: URL: https://github.com/apache/gravitino/issues/11172
### Describe what's wrong Two internal Gravitino mechanisms invoke event-firing dispatchers as part of normal operation, producing audit rows attributed to the user that represent infrastructure work rather than user actions. **Pattern 1 — Authorization lookups.** Every authenticated request triggers `accessControlDispatcher.getUser(metalake, username)` from `JcasbinAuthorizer`, which fires a `GetUserEvent` and writes a `GET_USER` audit row. **Pattern 2 — IRC ownership hooks.** Every IRC CREATE operation invokes `IcebergNamespaceHookDispatcher.setSchemaOwner` or `IcebergTableHookDispatcher.importTableAndSetOwner`, which fire `LOAD_SCHEMA`, `LOAD_TABLE`, and `SET_OWNER` events against the native event bus. A single user `CREATE_TABLE` produces 4 audit rows — only 1 representing the actual user action. The other 3 are internal side-effects attributed to the same user and indistinguishable from real user operations in the audit log. ### Error message and/or stacktrace Relevant source locations: - `core/src/main/java/org/apache/gravitino/listener/AccessControlEventDispatcher.java` lines 167–175 - `iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/dispatcher/IcebergNamespaceHookDispatcher.java` - `iceberg/iceberg-rest-server/src/main/java/org/apache/gravitino/iceberg/service/dispatcher/IcebergTableHookDispatcher.java` ### How to reproduce Issue a single `CREATE TABLE` via the Iceberg REST API. Observe 4 audit rows are produced: `CREATE_TABLE`, `GET_USER`, `LOAD_SCHEMA`, and `SET_OWNER` — all attributed to the same user. ### Additional context Internal call paths initiated by Gravitino infrastructure (auth chain, hook dispatchers, ownership management) must not fire user-attributed audit events. The implementation needs a mechanism to distinguish user-initiated from infrastructure-initiated call paths so the latter bypass the event-firing dispatchers. Public REST API calls that legitimately exercise these same operations continue to be audited normally. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
