Remove deprecated hasDataAccess method. #13574
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #13574 +/- ##
============================================
+ Coverage 61.75% 61.98% +0.23%
+ Complexity 207 198 -9
============================================
Files 2436 2555 +119
Lines 133233 140614 +7381
Branches 20636 21819 +1183
============================================
+ Hits 82274 87163 +4889
- Misses 44911 46839 +1928
- Partials 6048 6612 +564
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
cc @soumitra-st @zhtaoxiang Can you help take a look? |
|
@vvivekiyer - Can you help review this please |
| @@ -24,7 +24,7 @@ | |||
| public class AllowAllAccessFactory implements AccessControlFactory { | |||
| private static final AccessControl ALLOW_ALL_ACCESS = new AccessControl() { | |||
| @Override | |||
| public boolean hasDataAccess(HttpHeaders httpHeaders, String tableName) { | |||
| public boolean hasAccess(String tableName, AccessType accessType, HttpHeaders httpHeaders, String endpointUrl) { | |||
There was a problem hiding this comment.
Perhaps we can remove this function as the default implementation returns true?
| @@ -158,7 +158,7 @@ public Response downloadSegment( | |||
| boolean hasDataAccess; | |||
| try { | |||
| AccessControl accessControl = _accessControlFactory.create(); | |||
| hasDataAccess = accessControl.hasDataAccess(httpHeaders, tableName); | |||
| hasDataAccess = accessControl.hasAccess(tableName, AccessType.READ, httpHeaders, null); | |||
There was a problem hiding this comment.
@abhioncbr Can we please pass the endpointUrl Actions.Table.DOWNLOAD_SEGMENT here and in PinotQueryResource (ideally we should pass it in all places where hasAccess is called if not done already). This will allow callers to have different READ restrictions for each endpoint.
Internally at Linkedin, we have different restrictions on READ access for downloadSegment and query endpoints.
There was a problem hiding this comment.
Sure, I'll make the required changes. Thanks
| @@ -292,7 +293,7 @@ private String getQueryResponse(String query, @Nullable SqlNode sqlNode, String | |||
|
|
|||
| // Validate data access | |||
| AccessControl accessControl = _accessControlFactory.create(); | |||
| if (!accessControl.hasDataAccess(httpHeaders, rawTableName)) { | |||
| if (!accessControl.hasAccess(rawTableName, AccessType.READ, httpHeaders, Actions.Table.DOWNLOAD_SEGMENT)) { | |||
There was a problem hiding this comment.
Is Actions.Table.DOWNLOAD_SEGMENT is not suited for endpointUrl? If endpointUrl is not accessible, we can use null.
There was a problem hiding this comment.
@vvivekiyer / @soumitra-st We need some consensus on whether to use Actions.Table.DOWNLOAD_SEGMENT or pass null.
There was a problem hiding this comment.
@soumitra-st Passing endpointUrl is critical to allow implementations to provide different access restrictions to different read endpoints. Hence I had suggested that we add the relevant action.
All over our codebase (eg: PinotTableResstletResource), we pass the action as endpointUrl. If we feel that a better identifier is needed to identify endpointUrl, we can discuss.
@abhioncbr as this is the query endpoint, the action here should be Actions.Table.QUERY ?
There was a problem hiding this comment.
All over our codebase (eg: PinotTableResstletResource), we pass the action as endpointUrl. If we feel that a better identifier is needed to identify endpointUrl, we can discuss.
@vvivekiyer , if we pass action as endpointUrl across the board, then I am ok with that.
There was a problem hiding this comment.
Thanks for the feedback. I will make the change here as suggested by @vvivekiyer and for adding endpointUrl across board, I will raise another PR. Sounds good?
| @@ -158,7 +158,7 @@ public Response downloadSegment( | |||
| boolean hasDataAccess; | |||
| try { | |||
| AccessControl accessControl = _accessControlFactory.create(); | |||
| hasDataAccess = accessControl.hasDataAccess(httpHeaders, tableName); | |||
| hasDataAccess = accessControl.hasAccess(tableName, AccessType.READ, httpHeaders, Actions.Table.DOWNLOAD_SEGMENT); | |||
There was a problem hiding this comment.
Same here, Actions.Table.DOWNLOAD_SEGMENT action used as endpointUrl. Shall we pass null?
|
Can we merge it? |
* Remove deprecated lang3 RandomUtils usage. * Changes as per the PR comment. * Remove deprecated method hasDataAccess. * Changes as per the PR Comments. * Updated the endpointUrl to QUERY. * Fix linting issue.
| @Nullable String endpointUrl) { | ||
| return true; | ||
| } | ||
| boolean hasAccess(@Nullable String tableName, AccessType accessType, HttpHeaders httpHeaders, |
There was a problem hiding this comment.
Why does this no longer default true? This is backwards incompatible for users of this interface
There was a problem hiding this comment.
Good catch. Adding it back in #14382
Labels
Description
In the year 2021, We deprecated the hasDataAccess method of class AccessControl.java ( for reference: PR ). This PR is just removing the deprecated method from the code.