dimas-b commented on code in PR #2223:
URL: https://github.com/apache/polaris/pull/2223#discussion_r2377271201
##########
runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java:
##########
@@ -1686,14 +1691,33 @@ public boolean grantPrivilegeOnNamespaceToRole(
PolarisAuthorizableOperation.ADD_NAMESPACE_GRANT_TO_CATALOG_ROLE;
authorizeGrantOnNamespaceOperationOrThrow(op, catalogName, namespace,
catalogRoleName);
+ CatalogEntity catalogEntity =
+ findCatalogByName(catalogName)
+ .orElseThrow(() -> new NotFoundException("Parent catalog %s not
found", catalogName));
PolarisEntity catalogRoleEntity =
findCatalogRoleByName(catalogName, catalogRoleName)
.orElseThrow(() -> new NotFoundException("CatalogRole %s not
found", catalogRoleName));
PolarisResolvedPathWrapper resolvedPathWrapper =
resolutionManifest.getResolvedPath(namespace);
if (resolvedPathWrapper == null
|| !resolvedPathWrapper.isFullyResolvedNamespace(catalogName,
namespace)) {
- throw new NotFoundException("Namespace %s not found", namespace);
+ boolean rbacForFederatedCatalogsEnabled =
+ getCurrentPolarisContext()
+ .getRealmConfig()
+
.getConfig(FeatureConfiguration.ENABLE_SUB_CATALOG_RBAC_FOR_FEDERATED_CATALOGS);
+ if (resolutionManifest.getIsPassthroughFacade() &&
rbacForFederatedCatalogsEnabled) {
+ resolvedPathWrapper =
+ createSyntheticNamespaceEntities(catalogEntity, namespace,
resolvedPathWrapper);
Review Comment:
I do not have a strong objection against on demand creation of synthetic
entities, but in that case I think the `rbacForFederatedCatalogsEnabled` flag
should be configurable per catalog (not per realm).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
