Skip to content

Make PolarisAuthorizer RequestScoped #2340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 15, 2025
Merged

Make PolarisAuthorizer RequestScoped #2340

merged 1 commit into from
Aug 15, 2025

Conversation

@XN137
Copy link
Contributor

@XN137 XN137 commented Aug 13, 2025

all methods in PolarisAuthorizer currently have a CallContext parameter.
in its only implementation only CallContext.getRealmConfig is getting used.

so since PolarisAuthorizer cant be used outside a request, we can simply make it request-scoped and inject the request-scoped RealmConfig directly.

@XN137
Make PolarisAuthorizer RequestScoped
82ee3db 
all methods in `PolarisAuthorizer` currently have a `CallContext`
parameter.
in its only implementation only `CallContext.getRealmConfig` is getting
used.

so since `PolarisAuthorizer` cant be used outside a request, we can
simply make it request-scoped and inject the request-scoped `RealmConfig`
directly.
@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board Aug 13, 2025
XN137
XN137 commented Aug 13, 2025
View reviewed changes
runtime/service/src/main/java/org/apache/polaris/service/config/ServiceProducers.java
@Produces
@RequestScoped
public PolarisAuthorizer polarisAuthorizer(RealmConfig realmConfig) {
return new PolarisAuthorizerImpl(realmConfig);
Copy link
Contributor Author

@XN137 XN137 Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: if any custom implementations of PolarisAuthorizer are out there and still need the CallContext for whatever reason, they are free to still inject it here.

@XN137 XN137 marked this pull request as ready for review August 13, 2025 08:04
snazy
snazy approved these changes Aug 13, 2025
View reviewed changes
Copy link
Member

@snazy snazy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice cleanup, +1

@github-project-automation github-project-automation bot moved this from PRs In Progress to Ready to merge in Basic Kanban Board Aug 13, 2025
dimas-b
dimas-b approved these changes Aug 13, 2025
View reviewed changes
Copy link
Contributor

@dimas-b dimas-b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvement! 👍

@snazy
Copy link
Member

snazy commented Aug 15, 2025

The PR got 4 approvals and no objections, merging.

@snazy snazy merged commit 88f58fc into apache:main Aug 15, 2025
12 checks passed
@github-project-automation github-project-automation bot moved this from Ready to merge to Done in Basic Kanban Board Aug 15, 2025
snazy added a commit to snazy/polaris that referenced this pull request Nov 20, 2025
@snazy @adutra
@renovate-bot @XN137 @poojanilangekar @eric-maynard @dimas-b @XJDKC
Dremio merge 2025 08 18 11 02 (apache#104)
da546bd 
* Fix Keycloak getting-started example (apache#2349)

The `polaris-setup` container was erroneously including a non-existent scope when fetching a token from Keycloak.

* fix(deps): update dependency com.nimbusds:nimbus-jose-jwt to v10.4.2 (apache#2350)

* Use PolarisTaskConstants (apache#2346)

* Add a regression test for Catalog Federation (apache#2286)

* Add a regression test for Catalog Federation

* Install jq dependency

* Fix token issues

* Update regtests/README.md

Co-authored-by: Eric Maynard <[email protected]>

* Update README.md

---------

Co-authored-by: Eric Maynard <[email protected]>

* Modularize federation (Option 2) (apache#2332)

* Modularize federation (Option 2)

* Move polaris-extensions-federation-hadoop dependency

* Change identifier to lowerCase

* Change identifiers to constants

* Replace CallContext with RealmConfig in enforceFeatureEnabledOrThrow (apache#2348)

* Replace CallContext with RealmConfig in CatalogEntity (apache#2336)

* chore(deps): update registry.access.redhat.com/ubi9/openjdk-21-runtime docker tag to v1.23-6 (apache#2353)

* fix(deps): update dependency com.gradleup.shadow:shadow-gradle-plugin to v9.0.2 (apache#2358)

* chore(deps): update postgres docker tag to v17.6 (apache#2354)

* Add integration tests with Keycloak (apache#2343)

* Fix REST responses for failed Admin operations (apache#2291)

* Fix REST responses for failed Admin operations

the `boolean` return values of many methods in `PolarisAdminService`
were often simply not getting used at all, thus the REST api returned
success in those cases even though the `PrivilegeResult` was marked
as failed.
due to this fix a silently failing test now needs to be adjusted.

we return the `PrivilegeResult` instead of a `boolean` to give the
client at least some indication of what has gone wrong on the server
side.

note that some of the other operations were throwing Expcetions already,
which are already reported back correctly to the client.

* review: use http 400 BAD_REQUEST

* Make PolarisAuthorizer RequestScoped (apache#2340)

all methods in `PolarisAuthorizer` currently have a `CallContext`
parameter.
in its only implementation only `CallContext.getRealmConfig` is getting
used.

so since `PolarisAuthorizer` cant be used outside a request, we can
simply make it request-scoped and inject the request-scoped `RealmConfig`
directly.

* fix(deps): update mockito monorepo to v5.19.0 (apache#2360)

* Fix soft-merge conflict on `main` (apache#2364)

* feat(docs): Add Getting Stated guide for MinIO (apache#2227)

* feat(docs): Add Getting Stated guide for MinIO

A simple page of step-by-step instructions for setting
up a local environment with Polaris, MinIO and Spark.

Closes apache#1530

* IntelliJ: fix project icon in IJ project list (apache#2366)

... copy source has changed

* Use asMap property helpers (apache#2347)

seems like these helpers existed for a long time but were just not
getting used consistently

* SigV4 Auth Support for Catalog Federation - Part 2: Connection Config Persistence (apache#2190)

* Add SigV4 related DPOs

* Rename UserSecretReference to SecretReference and fix some small issues

* fix(deps): update dependency software.amazon.awssdk:bom to v2.32.24 (apache#2371)

* Rat-check: exclude venv, cleanup excludes, include .svg (apache#2363)

* `.svg` files are XML files and can contain a license header
* Re-grouped the exclusion rat patterns
* Added exclude for `.venv`
* Added exclude for `.ruff_cache`

* NoSQL: Async-impls: add some safeguards + javadoc spelling

* NoSQL: spelling

* NoSQL: dependency updates

* Last merged commit: 5a7686b

---------

Co-authored-by: Alexandre Dutra <[email protected]>
Co-authored-by: Mend Renovate <[email protected]>
Co-authored-by: Christopher Lambert <[email protected]>
Co-authored-by: Pooja Nilangekar <[email protected]>
Co-authored-by: Eric Maynard <[email protected]>
Co-authored-by: Dmitri Bourlatchkov <[email protected]>
Co-authored-by: Rulin Xing <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adutra adutra adutra approved these changes

@snazy snazy snazy approved these changes

@dimas-b dimas-b dimas-b approved these changes

@dennishuo dennishuo Awaiting requested review from dennishuo

@eric-maynard eric-maynard Awaiting requested review from eric-maynard

@collado-mike collado-mike Awaiting requested review from collado-mike

+1 more reviewer

@donPain donPain donPain approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@XN137 @snazy @adutra @dimas-b @donPain