Skip to content

Fix REST responses for failed Admin operations #2291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 15, 2025
Merged

Fix REST responses for failed Admin operations #2291

merged 2 commits into from
Aug 15, 2025

Conversation

@XN137
Copy link
Contributor

@XN137 XN137 commented Aug 7, 2025
edited
Loading

the boolean return values of many methods in PolarisAdminService
were often simply not getting used at all, thus the REST api returned
success in those cases even though the PrivilegeResult was marked
as failed.
due to this fix a silently failing test now needs to be adjusted.

we return the PrivilegeResult instead of a boolean to give the
client at least some indication of what has gone wrong on the server
side.

note that some of the other operations were throwing Expcetions already,
which are already reported back correctly to the client.

@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board Aug 7, 2025
@XN137 XN137 force-pushed the fix-admin-rest-responses branch from c7b3a45 to 339ac46 Compare August 7, 2025 10:40
snazy
snazy reviewed Aug 7, 2025
View reviewed changes
runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java
return Response.status(Response.Status.BAD_REQUEST).build();
}
return Response.status(Response.Status.CREATED).build();
return toResponse(result, Response.Status.CREATED);
Copy link
Member

@snazy snazy Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means that errors were not propagated to clients, right?

Copy link
Contributor Author

@XN137 XN137 Aug 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, some methods do throw exceptions internally (and those get propagated to clients correctly) but the returned boolean value of the methods was often ignored.
as part of this PR we have to fix a test in PolarisManagementServiceIntegrationTest.java which was silently failing before.

@XN137 XN137 force-pushed the fix-admin-rest-responses branch 3 times, most recently from 9cf05b2 to d9a55c1 Compare August 12, 2025 07:15
@XN137
Fix REST responses for failed Admin operations
56ad6dc 
the `boolean` return values of many methods in `PolarisAdminService`
were often simply not getting used at all, thus the REST api returned
success in those cases even though the `PrivilegeResult` was marked
as failed.
due to this fix a silently failing test now needs to be adjusted.

we return the `PrivilegeResult` instead of a `boolean` to give the
client at least some indication of what has gone wrong on the server
side.

note that some of the other operations were throwing Expcetions already,
which are already reported back correctly to the client.
@XN137 XN137 force-pushed the fix-admin-rest-responses branch from d9a55c1 to 56ad6dc Compare August 12, 2025 08:34
XN137
XN137 commented Aug 12, 2025
View reviewed changes
...rc/main/java/org/apache/polaris/service/it/test/PolarisManagementServiceIntegrationTest.java
.returns(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), Response::getStatus);
assertThat(response.hasEntity()).isTrue();
ErrorResponse errorResponse = response.readEntity(ErrorResponse.class);
assertThat(errorResponse.message()).contains("Operation failed: GRANT_NOT_FOUND");
Copy link
Contributor Author

@XN137 XN137 Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there could be an argument that GRANT_NOT_FOUND should be a 404 instead of internal server error but it would mean we need to translate all BaseResult.ReturnStatus values to a proper HTTP code.
i think this can be figured out in a followup and we should first stop silently failing in those cases.

Copy link
Member

@snazy snazy Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm - HTTP/500 feels odd, as it's rather a user (argument) error. HTTP/400 would be better IMHO.

Copy link
Contributor Author

@XN137 XN137 Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok switched to HTTP/400

@XN137 XN137 marked this pull request as ready for review August 12, 2025 08:36
@github-project-automation github-project-automation bot moved this from PRs In Progress to Ready to merge in Basic Kanban Board Aug 12, 2025
@snazy
Copy link
Member

snazy commented Aug 14, 2025

If nobody objects, I'll merge later today.

@snazy snazy merged commit 6e036e0 into apache:main Aug 15, 2025
12 checks passed
@github-project-automation github-project-automation bot moved this from Ready to merge to Done in Basic Kanban Board Aug 15, 2025
snazy added a commit to snazy/polaris that referenced this pull request Nov 20, 2025
@snazy @adutra
@renovate-bot @XN137 @poojanilangekar @eric-maynard @dimas-b @XJDKC
Dremio merge 2025 08 18 11 02 (apache#104)
da546bd 
* Fix Keycloak getting-started example (apache#2349)

The `polaris-setup` container was erroneously including a non-existent scope when fetching a token from Keycloak.

* fix(deps): update dependency com.nimbusds:nimbus-jose-jwt to v10.4.2 (apache#2350)

* Use PolarisTaskConstants (apache#2346)

* Add a regression test for Catalog Federation (apache#2286)

* Add a regression test for Catalog Federation

* Install jq dependency

* Fix token issues

* Update regtests/README.md

Co-authored-by: Eric Maynard <[email protected]>

* Update README.md

---------

Co-authored-by: Eric Maynard <[email protected]>

* Modularize federation (Option 2) (apache#2332)

* Modularize federation (Option 2)

* Move polaris-extensions-federation-hadoop dependency

* Change identifier to lowerCase

* Change identifiers to constants

* Replace CallContext with RealmConfig in enforceFeatureEnabledOrThrow (apache#2348)

* Replace CallContext with RealmConfig in CatalogEntity (apache#2336)

* chore(deps): update registry.access.redhat.com/ubi9/openjdk-21-runtime docker tag to v1.23-6 (apache#2353)

* fix(deps): update dependency com.gradleup.shadow:shadow-gradle-plugin to v9.0.2 (apache#2358)

* chore(deps): update postgres docker tag to v17.6 (apache#2354)

* Add integration tests with Keycloak (apache#2343)

* Fix REST responses for failed Admin operations (apache#2291)

* Fix REST responses for failed Admin operations

the `boolean` return values of many methods in `PolarisAdminService`
were often simply not getting used at all, thus the REST api returned
success in those cases even though the `PrivilegeResult` was marked
as failed.
due to this fix a silently failing test now needs to be adjusted.

we return the `PrivilegeResult` instead of a `boolean` to give the
client at least some indication of what has gone wrong on the server
side.

note that some of the other operations were throwing Expcetions already,
which are already reported back correctly to the client.

* review: use http 400 BAD_REQUEST

* Make PolarisAuthorizer RequestScoped (apache#2340)

all methods in `PolarisAuthorizer` currently have a `CallContext`
parameter.
in its only implementation only `CallContext.getRealmConfig` is getting
used.

so since `PolarisAuthorizer` cant be used outside a request, we can
simply make it request-scoped and inject the request-scoped `RealmConfig`
directly.

* fix(deps): update mockito monorepo to v5.19.0 (apache#2360)

* Fix soft-merge conflict on `main` (apache#2364)

* feat(docs): Add Getting Stated guide for MinIO (apache#2227)

* feat(docs): Add Getting Stated guide for MinIO

A simple page of step-by-step instructions for setting
up a local environment with Polaris, MinIO and Spark.

Closes apache#1530

* IntelliJ: fix project icon in IJ project list (apache#2366)

... copy source has changed

* Use asMap property helpers (apache#2347)

seems like these helpers existed for a long time but were just not
getting used consistently

* SigV4 Auth Support for Catalog Federation - Part 2: Connection Config Persistence (apache#2190)

* Add SigV4 related DPOs

* Rename UserSecretReference to SecretReference and fix some small issues

* fix(deps): update dependency software.amazon.awssdk:bom to v2.32.24 (apache#2371)

* Rat-check: exclude venv, cleanup excludes, include .svg (apache#2363)

* `.svg` files are XML files and can contain a license header
* Re-grouped the exclusion rat patterns
* Added exclude for `.venv`
* Added exclude for `.ruff_cache`

* NoSQL: Async-impls: add some safeguards + javadoc spelling

* NoSQL: spelling

* NoSQL: dependency updates

* Last merged commit: 5a7686b

---------

Co-authored-by: Alexandre Dutra <[email protected]>
Co-authored-by: Mend Renovate <[email protected]>
Co-authored-by: Christopher Lambert <[email protected]>
Co-authored-by: Pooja Nilangekar <[email protected]>
Co-authored-by: Eric Maynard <[email protected]>
Co-authored-by: Dmitri Bourlatchkov <[email protected]>
Co-authored-by: Rulin Xing <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adutra adutra adutra approved these changes

@snazy snazy snazy approved these changes

@dimas-b dimas-b dimas-b approved these changes

@dennishuo dennishuo Awaiting requested review from dennishuo

@eric-maynard eric-maynard Awaiting requested review from eric-maynard

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@XN137 @snazy @adutra @dimas-b