Skip to content

Commit 59a9742

Browse files
author
Vibe Kanban
committed
Route Iceberg listTables through service auth and constructor DI
1 parent 1d7bfb7 commit 59a9742

File tree

4 files changed

+38
-9
lines changed

4 files changed

+38
-9
lines changed

services/tables/src/main/java/com/linkedin/openhouse/tables/controller/IcebergRestCatalogController.java

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@
77
import com.linkedin.openhouse.tables.generated.iceberg.api.IcebergReadOnlyApi;
88
import com.linkedin.openhouse.tables.api.validator.TablesApiValidator;
99
import com.linkedin.openhouse.tables.services.TablesService;
10+
import java.util.List;
11+
import java.util.stream.Collectors;
1012
import org.apache.iceberg.catalog.Namespace;
1113
import org.apache.iceberg.catalog.TableIdentifier;
1214
import org.apache.iceberg.exceptions.NoSuchNamespaceException;
@@ -16,7 +18,6 @@
1618
import org.apache.iceberg.rest.responses.ConfigResponse;
1719
import org.apache.iceberg.rest.responses.ListTablesResponse;
1820
import org.apache.iceberg.rest.responses.LoadTableResponse;
19-
import org.springframework.beans.factory.annotation.Autowired;
2021
import org.springframework.http.MediaType;
2122
import org.springframework.http.ResponseEntity;
2223
import org.springframework.web.bind.annotation.RestController;
@@ -30,11 +31,20 @@
3031
@RestController
3132
public class IcebergRestCatalogController implements IcebergReadOnlyApi {
3233

33-
@Autowired private OpenHouseInternalCatalog openHouseInternalCatalog;
34+
private final OpenHouseInternalCatalog openHouseInternalCatalog;
3435

35-
@Autowired private TablesService tablesService;
36+
private final TablesService tablesService;
3637

37-
@Autowired private TablesApiValidator tablesApiValidator;
38+
private final TablesApiValidator tablesApiValidator;
39+
40+
public IcebergRestCatalogController(
41+
OpenHouseInternalCatalog openHouseInternalCatalog,
42+
TablesService tablesService,
43+
TablesApiValidator tablesApiValidator) {
44+
this.openHouseInternalCatalog = openHouseInternalCatalog;
45+
this.tablesService = tablesService;
46+
this.tablesApiValidator = tablesApiValidator;
47+
}
3848

3949
@Override
4050
public ResponseEntity<String> getConfig(String warehouse) {
@@ -50,8 +60,11 @@ public ResponseEntity<String> listTables(String namespace) {
5060
String databaseId = icebergNamespace.level(0);
5161
tablesApiValidator.validateSearchTables(databaseId);
5262

53-
ListTablesResponse response =
54-
CatalogHandlers.listTables(openHouseInternalCatalog, icebergNamespace);
63+
List<TableIdentifier> tableIdentifiers =
64+
tablesService.searchTables(databaseId, extractAuthenticatedUserPrincipal()).stream()
65+
.map(table -> TableIdentifier.of(icebergNamespace, table.getTableId()))
66+
.collect(Collectors.toList());
67+
ListTablesResponse response = ListTablesResponse.builder().addAll(tableIdentifiers).build();
5568
return ResponseEntity.ok()
5669
.contentType(MediaType.APPLICATION_JSON)
5770
.body(IcebergRestSerde.toJson(response));

services/tables/src/main/java/com/linkedin/openhouse/tables/services/TablesService.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,15 @@ public interface TablesService {
3232
*/
3333
List<TableDto> searchTables(String databaseId);
3434

35+
/**
36+
* Given a databaseId, prepare list of {@link TableDto}s if actingPrincipal has list permission.
37+
*
38+
* @param databaseId
39+
* @param actingPrincipal
40+
* @return list of {@link TableDto}
41+
*/
42+
List<TableDto> searchTables(String databaseId, String actingPrincipal);
43+
3544
/**
3645
* Given a databaseId, prepare list of {@link TableDto}s.
3746
*

services/tables/src/main/java/com/linkedin/openhouse/tables/services/TablesServiceImpl.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,13 @@ public List<TableDto> searchTables(String databaseId) {
7979
return openHouseInternalRepository.searchTables(databaseId);
8080
}
8181

82+
@Override
83+
public List<TableDto> searchTables(String databaseId, String actingPrincipal) {
84+
authorizationUtils.checkDatabasePrivilege(
85+
databaseId, actingPrincipal, Privileges.GET_TABLE_METADATA);
86+
return searchTables(databaseId);
87+
}
88+
8289
@Override
8390
public Page<TableDto> searchTables(String databaseId, int page, int size, String sortBy) {
8491
Pageable pageable = createPageable(page, size, sortBy, null);

services/tables/src/test/java/com/linkedin/openhouse/tables/mock/controller/IcebergRestCatalogControllerTest.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@
2121
import org.apache.iceberg.SortOrder;
2222
import org.apache.iceberg.TableMetadata;
2323
import org.apache.iceberg.TableOperations;
24-
import org.apache.iceberg.catalog.Namespace;
2524
import org.apache.iceberg.catalog.TableIdentifier;
2625
import org.apache.iceberg.types.Types;
2726
import org.junit.jupiter.api.BeforeEach;
@@ -65,10 +64,11 @@ public void testConfig() throws Exception {
6564

6665
@Test
6766
public void testListTables() throws Exception {
68-
when(openHouseInternalCatalog.listTables(Namespace.of("db")))
67+
when(tablesService.searchTables(eq("db"), anyString()))
6968
.thenReturn(
7069
Arrays.asList(
71-
TableIdentifier.of("db", "tb1"), TableIdentifier.of("db", "tb2")));
70+
TableDto.builder().databaseId("db").tableId("tb1").build(),
71+
TableDto.builder().databaseId("db").tableId("tb2").build()));
7272

7373
mvc.perform(MockMvcRequestBuilders.get("/v1/namespaces/db/tables"))
7474
.andExpect(status().isOk())

0 commit comments

Comments
 (0)