The Apache Pinot codebase currently exhibits substantial code duplication concerning authorization logic. Specifically, the classes BasicAuthAccessFactory and ZkBasicAuthAccessFactory contain redundant authorization logic. This duplication is pervasive for afore-mentioned classes across all components i.e. controller, server and broker, leading to several issues:
- Maintenance Challenges: Maintaining multiple copies of similar logic can be burdensome, increasing the risk of overlooking necessary updates or introducing bugs during modifications.
- Potential Inconsistencies: Redundant code raises the likelihood of inconsistencies in the authorization logic, which can compromise security or functionality.
- Difficulty in Extending Functionality: Introducing new implementations becomes cumbersome as it necessitates repeating the same logic, further propagating the issue of code duplication.
Proposed Solution
To address this issue, I propose extracting the common authorization logic into a superclass and having both BasicAuthAccessFactory and ZkBasicAuthAccessFactory extend this superclass. This will ensure that the core authorization logic for basic auth is centralized, making it easier to maintain and update. I plan to do this across all components and extract shared logic via appropriate utilities or classes wherever needed. This refactoring will streamline maintenance, enhance consistency, and simplify the process of adding new authorization mechanisms.
CC: @Jackie-Jiang
The Apache Pinot codebase currently exhibits substantial code duplication concerning authorization logic. Specifically, the classes BasicAuthAccessFactory and ZkBasicAuthAccessFactory contain redundant authorization logic. This duplication is pervasive for afore-mentioned classes across all components i.e. controller, server and broker, leading to several issues:
Proposed Solution
To address this issue, I propose extracting the common authorization logic into a superclass and having both BasicAuthAccessFactory and ZkBasicAuthAccessFactory extend this superclass. This will ensure that the core authorization logic for basic auth is centralized, making it easier to maintain and update. I plan to do this across all components and extract shared logic via appropriate utilities or classes wherever needed. This refactoring will streamline maintenance, enhance consistency, and simplify the process of adding new authorization mechanisms.
CC: @Jackie-Jiang