[#10966] feat(authn): Add built-in IdP model#11022
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR introduces the API model layer for the built-in IdP feature within the plugins:idp-basic module, including DTOs, REST request/response objects, and focused unit tests to validate JSON (de)serialization and input validation behavior.
Changes:
- Added built-in IdP DTOs for users and groups (
IdpUserDTO,IdpGroupDTO). - Added request/response model classes for user/group operations (create user/group, reset password, update group users).
- Added unit tests covering SerDe, validation, and ensuring password fields are not exposed via
toString(); updated module dependencies accordingly.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/IdpUserDTO.java | Adds user DTO with builder and JSON annotations. |
| plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/IdpGroupDTO.java | Adds group DTO with builder and JSON annotations. |
| plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/requests/CreateUserRequest.java | Adds create-user request model with validation and password redaction in toString(). |
| plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/requests/CreateGroupRequest.java | Adds create-group request model with validation. |
| plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/requests/ResetPasswordRequest.java | Adds reset-password request model with validation and password redaction in toString(). |
| plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/requests/UpdateGroupUsersRequest.java | Adds group-membership update request model with validation. |
| plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/responses/IdpUserResponse.java | Adds user response wrapper with validation. |
| plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/responses/IdpGroupResponse.java | Adds group response wrapper with validation. |
| plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/TestIdpUserDTO.java | Tests user DTO JSON SerDe and builder validation. |
| plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/TestIdpGroupDTO.java | Tests group DTO JSON SerDe and builder validation. |
| plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/requests/TestCreateUserRequest.java | Tests create-user request SerDe/validate and password non-exposure via toString(). |
| plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/requests/TestCreateGroupRequest.java | Tests create-group request SerDe and validation. |
| plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/requests/TestResetPasswordRequest.java | Tests reset-password request SerDe/validate and password non-exposure via toString(). |
| plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/requests/TestUpdateGroupUsersRequest.java | Tests update-group-users request SerDe and validation. |
| plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/responses/TestIdpUserResponse.java | Tests user response SerDe and validation error messaging. |
| plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/responses/TestIdpGroupResponse.java | Tests group response SerDe and validation error messaging. |
| plugins/idp-basic/build.gradle.kts | Adds required dependencies (common module, Jackson, Lombok) to support new API models and tests. |
Code Coverage Report
Files
|
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
@roryqi The CI process has been successfully completed. If you have time, please review it for me. Thank you. |
|
I will suggest reviewing storage pull request first. |
| @ToString | ||
| @Builder | ||
| @Jacksonized | ||
| public class CreateGroupRequest implements RESTRequest { |
There was a problem hiding this comment.
Could u use AddGroupRequest?
There was a problem hiding this comment.
Got I have modified
| @ToString | ||
| @Builder | ||
| @Jacksonized | ||
| public class CreateUserRequest implements RESTRequest { |
There was a problem hiding this comment.
Could u use AddUserRequest?
There was a problem hiding this comment.
Got I have modified
| @ToString | ||
| @Builder | ||
| @Jacksonized | ||
| public class UpdateGroupUsersRequest implements RESTRequest { |
There was a problem hiding this comment.
Could u use GroupMembershipChangeRequest?
There was a problem hiding this comment.
Got I have added GroupAddUsersRequest
| import org.apache.commons.lang3.StringUtils; | ||
|
|
||
| /** Represents a built-in IdP group Data Transfer Object (DTO). */ | ||
| @EqualsAndHashCode |
There was a problem hiding this comment.
Could u use builder annotation here?
There was a problem hiding this comment.
Got It has been supplemented.
| @ToString | ||
| @Builder | ||
| @Jacksonized | ||
| public class UpdateGroupUsersRequest implements RESTRequest { |
There was a problem hiding this comment.
Got I have added GroupRemoveUsersRequest
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
@roryqi All the codes have been modified according to the suggestions. If you have the time, could you please review the code for me? |
|
|
||
| /** The interface of a built-in IdP user. */ | ||
| @Evolving | ||
| public interface IdpUser { |
There was a problem hiding this comment.
Why do we need this interfaces?
There was a problem hiding this comment.
It has no practical use. The project contains some DTO classes and uses interfaces. If it is not necessary, interface can be removed.
There was a problem hiding this comment.
We shouldn't put plugin classes into api module. API module is visible to users. Users shouldn't know these concepts.
There was a problem hiding this comment.
Got, I have deleted two interfaces. cc @roryqi
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
@roryqi All the codes have been revised. If you have time, please review them for me. Thank you. |
| } | ||
|
|
||
| dependencies { | ||
| implementation(project(":common")) |
There was a problem hiding this comment.
Could u add a blank line here? Because next line belongs the different segment.
|
|
||
| dependencies { | ||
| implementation(project(":common")) | ||
| implementation(libs.bcprov.jdk18on) |
There was a problem hiding this comment.
Could u follow the alphabet order here?
| implementation(libs.guava) | ||
| implementation(libs.jackson.annotations) | ||
| implementation(libs.jackson.databind) | ||
| annotationProcessor(libs.lombok) |
There was a problem hiding this comment.
Why does lombok repeat for many times? Is it required?
| @ToString | ||
| @Builder | ||
| @Jacksonized | ||
| public class GroupRemoveUsersRequest implements RESTRequest { |
There was a problem hiding this comment.
I have concern about this class. I don't we should have this request. I prefer using
GroupMembershipChangeRequest {
String[] additions;
String[] removals;
}
But we can see the next pull request.
I also don't like the order you raised the pull requests.
You raise the storage pull request first.
Then logic layer pull request.
Finally API layer pull request.
What changes were proposed in this pull request?
This PR adds the built-in IdP API model classes under the
plugins:idp-basicmodule, including DTOs, requests, responses, and their unit tests.Why are the changes needed?
The built-in IdP management work needs its API model classes to live with the
idp-basicplugin instead of introducing them in broader shared modules.Fix: #10966
Does this PR introduce any user-facing change?
No.
How was this patch tested?