[#11095] [#11096] feat(client-python): add Role authorization management#11202
Closed
sunyuhan1998 wants to merge 2 commits into
Closed
[#11095] [#11096] feat(client-python): add Role authorization management#11202sunyuhan1998 wants to merge 2 commits into
sunyuhan1998 wants to merge 2 commits into
Conversation
Add Role CRUD, grant/revoke roles to users/groups, and grant/revoke privileges to roles in the Python SDK. - Add PrivilegeDTO, SecurableObjectDTO, RoleDTO with JSON serialization - Add RoleCreate/Grant/Revoke and PrivilegeGrant/Revoke request DTOs - Add RoleResponse and RoleNamesListResponse - Add PermissionErrorHandler for grant/revoke operations - Add 10 methods to GravitinoMetalake and delegate to GravitinoClient - Fix GenericPrivilege.__eq__ for PrivilegeDTO compatibility - Add DTOConverters for privilege and securable object conversion
4 tasks
Contributor
Author
|
cc @jerryshao |
Contributor
|
This PR is too big, I would suggest you split it into small PRs. |
Contributor
Author
No problem. However, the changes in this PR are highly coupled. I am considering splitting Role management and Grant/Revoke into two PRs. Do you think this is appropriate? Here is the PR for Role CRUD: #11210. The Grant/Revoke part will be submitted after it is merged. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
Add Role management and permission operations (grant/revoke) to the Gravitino Python SDK, including:
New DTOs:
PrivilegeDTO— JSON serialization with lowercase enum encoding matching Java serverSecurableObjectDTO— with fullName parsing and MetadataObject.Type codecRoleDTO— with Builder pattern and audit validationNew Request/Response DTOs:
RoleCreateRequest,RoleGrantRequest,RoleRevokeRequestPrivilegeGrantRequest,PrivilegeRevokeRequestRoleResponse,RoleNamesListResponseNew Error Handler:
PermissionErrorHandler— handles grant/revoke error codes (IllegalPrivilege, NoSuchUser/Group/Role/MetadataObject, etc.)Client Methods (10 new methods on GravitinoMetalake + GravitinoClient delegates):
create_role,get_role,delete_role,list_role_namesgrant_roles_to_user,revoke_roles_from_user,grant_roles_to_group,revoke_roles_from_groupgrant_privileges_to_role,revoke_privileges_from_roleBug fix:
GenericPrivilege.__eq__changed fromisinstance(value, GenericPrivilege)toisinstance(value, Privilege)for symmetric equality withPrivilegeDTOWhy are the changes needed?
The Java SDK already supports full authorization management via
GravitinoMetalake. The Python SDK should provide equivalent functionality so users can manage roles and permissions without falling back to raw REST API calls.This is part of the authorization management split for issue #10782
Fix: #11095Fix: #11096Does this PR introduce any user-facing change?
Yes, adds new public APIs to
GravitinoClientandGravitinoMetalake:create_role,get_role,delete_role,list_role_namesgrant_roles_to_user,revoke_roles_from_usergrant_roles_to_group,revoke_roles_from_groupgrant_privileges_to_role,revoke_privileges_from_roleHow was this patch tested?