Re: [PR] Update privilege model to support granting CatalogRole access to PrincipalRoles [polaris]

via GitHub Wed, 09 Oct 2024 09:36:09 -0700


eric-maynard commented on code in PR #361:
URL: https://github.com/apache/polaris/pull/361#discussion_r1793833986



##########
polaris-service/src/test/java/org/apache/polaris/service/admin/PolarisServiceImplIntegrationTest.java:
##########
@@ -1775,4 +1790,479 @@ public void testAssignListAndRevokeCatalogRoles() {
       assertThat(response).returns(204, Response::getStatus);
     }
   }
+
+  @Test
+  public void testCatalogAdminGrantAndRevokeCatalogRoles() {
+    // Create a PrincipalRole and a new catalog. Grant the catalog_admin role 
to the new principal
+    // role
+    String principalRoleName = "mypr33";
+    PrincipalRole principalRole1 = new PrincipalRole(principalRoleName);
+    createPrincipalRole(principalRole1);
+
+    String catalogName = "myuniquetestcatalog";
+    Catalog catalog =
+        PolarisCatalog.builder()
+            .setType(Catalog.TypeEnum.INTERNAL)
+            .setName(catalogName)
+            .setStorageConfigInfo(
+                new AwsStorageConfigInfo(
+                    "arn:aws:iam::012345678901:role/jdoe", 
StorageConfigInfo.StorageTypeEnum.S3))
+            .setProperties(new CatalogProperties("s3://bucket1/"))
+            .build();
+    createCatalog(catalog);
+
+    CatalogRole catalogAdminRole = readCatalogRole(catalogName, 
"catalog_admin");
+    grantCatalogRoleToPrincipalRole(principalRoleName, catalogName, 
catalogAdminRole, userToken);
+
+    PrincipalWithCredentials catalogAdminPrincipal = 
createPrincipal("principal1");
+
+    
grantPrincipalRoleToPrincipal(catalogAdminPrincipal.getPrincipal().getName(), 
principalRole1);
+
+    String catalogAdminToken =
+        TokenUtils.getTokenFromSecrets(
+            EXT.client(),
+            EXT.getLocalPort(),
+            catalogAdminPrincipal.getCredentials().getClientId(),
+            catalogAdminPrincipal.getCredentials().getClientSecret(),
+            realm);
+
+    // Create a second principal role. Use the catalog admin principal to list 
principal roles and
+    // grant a catalog role to the new principal role
+    String principalRoleName2 = "mypr2";

Review Comment:
   ditto



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] Update privilege model to support granting CatalogRole access to PrincipalRoles [polaris]

Reply via email to