This is an automated email from the ASF dual-hosted git repository.
jshao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new f06649a359 [#7143] feat(core): add a basic framework for policy
management (#7564)
f06649a359 is described below
commit f06649a359a8e3bda30f68c571b01cc6374db504
Author: mchades <[email protected]>
AuthorDate: Wed Jul 23 20:28:27 2025 +0800
[#7143] feat(core): add a basic framework for policy management (#7564)
### What changes were proposed in this pull request?
add a basic framework for policy management
### Why are the changes needed?
Fix: #7143
### Does this PR introduce _any_ user-facing change?
no
### How was this patch tested?
Tests will be added after the logic is implemented.
---
.../java/org/apache/gravitino/GravitinoEnv.java | 15 ++
.../gravitino/SupportsRelationOperations.java | 4 +-
.../apache/gravitino/policy/PolicyDispatcher.java | 210 +++++++++++++++++++++
.../org/apache/gravitino/policy/PolicyManager.java | 130 +++++++++++++
.../relational/service/PolicyMetaService.java | 32 ++++
5 files changed, 390 insertions(+), 1 deletion(-)
diff --git a/core/src/main/java/org/apache/gravitino/GravitinoEnv.java
b/core/src/main/java/org/apache/gravitino/GravitinoEnv.java
index ccb75f1764..4651fada19 100644
--- a/core/src/main/java/org/apache/gravitino/GravitinoEnv.java
+++ b/core/src/main/java/org/apache/gravitino/GravitinoEnv.java
@@ -76,6 +76,8 @@ import org.apache.gravitino.metalake.MetalakeManager;
import org.apache.gravitino.metalake.MetalakeNormalizeDispatcher;
import org.apache.gravitino.metrics.MetricsSystem;
import org.apache.gravitino.metrics.source.JVMMetricsSource;
+import org.apache.gravitino.policy.PolicyDispatcher;
+import org.apache.gravitino.policy.PolicyManager;
import org.apache.gravitino.storage.IdGenerator;
import org.apache.gravitino.storage.RandomIdGenerator;
import org.apache.gravitino.tag.TagDispatcher;
@@ -120,6 +122,8 @@ public class GravitinoEnv {
private TagDispatcher tagDispatcher;
+ private PolicyDispatcher policyDispatcher;
+
private AccessControlDispatcher accessControlDispatcher;
private IdGenerator idGenerator;
@@ -341,6 +345,15 @@ public class GravitinoEnv {
return tagDispatcher;
}
+ /**
+ * Get the AuditLogManager associated with the Gravitino environment.
+ *
+ * @return The AuditLogManager instance.
+ */
+ public PolicyDispatcher policyDispatcher() {
+ return policyDispatcher;
+ }
+
/**
* Get the Owner dispatcher associated with the Gravitino environment.
*
@@ -545,5 +558,7 @@ public class GravitinoEnv {
// Create and initialize Tag related modules
this.tagDispatcher = new TagEventDispatcher(eventBus, new
TagManager(idGenerator, entityStore));
+ // todo: support policy event dispatcher
+ this.policyDispatcher = new PolicyManager(idGenerator, entityStore);
}
}
diff --git
a/core/src/main/java/org/apache/gravitino/SupportsRelationOperations.java
b/core/src/main/java/org/apache/gravitino/SupportsRelationOperations.java
index 22bc08acd5..8827c10665 100644
--- a/core/src/main/java/org/apache/gravitino/SupportsRelationOperations.java
+++ b/core/src/main/java/org/apache/gravitino/SupportsRelationOperations.java
@@ -38,7 +38,9 @@ public interface SupportsRelationOperations {
/** Role and group relationship */
ROLE_GROUP_REL,
/** Job template and job relationship */
- JOB_TEMPLATE_JOB_REL
+ JOB_TEMPLATE_JOB_REL,
+ /** Policy and metadata object relationship */
+ POLICY_METADATA_OBJECT_REL,
}
/**
diff --git
a/core/src/main/java/org/apache/gravitino/policy/PolicyDispatcher.java
b/core/src/main/java/org/apache/gravitino/policy/PolicyDispatcher.java
new file mode 100644
index 0000000000..e9e449a770
--- /dev/null
+++ b/core/src/main/java/org/apache/gravitino/policy/PolicyDispatcher.java
@@ -0,0 +1,210 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.gravitino.policy;
+
+import java.util.Set;
+import org.apache.gravitino.MetadataObject;
+import org.apache.gravitino.annotation.Evolving;
+import org.apache.gravitino.exceptions.NoSuchPolicyException;
+import org.apache.gravitino.exceptions.PolicyAlreadyExistsException;
+
+/**
+ * The interface provides functionalities for managing policies within a
metalake. It includes a
+ * comprehensive set of operations such as listing, creating, retrieving,
updating, and deleting
+ * policies, as well as associating policies with other objects.
+ */
+@Evolving
+public interface PolicyDispatcher {
+
+ /**
+ * List all the policy names under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @return The list of policy names.
+ */
+ String[] listPolicies(String metalake);
+
+ /**
+ * List all the policies with detailed information under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @return The list of policies.
+ */
+ Policy[] listPolicyInfos(String metalake);
+
+ /**
+ * Get a policy by its name under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param policyName the name of the policy
+ * @return The policy.
+ * @throws NoSuchPolicyException If the policy does not exist.
+ */
+ Policy getPolicy(String metalake, String policyName) throws
NoSuchPolicyException;
+
+ /**
+ * Create a built-in type policy under a metalake. The exclusive,
inheritable, and supported
+ * object types parameters attributes are determined by the type of the
policy.
+ *
+ * @param metalake the name of the metalake
+ * @param name The name of the policy
+ * @param type The type of the policy
+ * @param comment The comment of the policy
+ * @param enabled Whether the policy is enabled or not
+ * @param content The content of the policy
+ * @return The created policy
+ * @throws PolicyAlreadyExistsException If the policy already exists
+ */
+ default Policy createPolicy(
+ String metalake,
+ String name,
+ String type,
+ String comment,
+ boolean enabled,
+ PolicyContent content)
+ throws PolicyAlreadyExistsException {
+ Policy.BuiltInType builtInType = Policy.BuiltInType.fromPolicyType(type);
+ return createPolicy(
+ metalake,
+ name,
+ type,
+ comment,
+ enabled,
+ builtInType.exclusive(),
+ builtInType.inheritable(),
+ builtInType.supportedObjectTypes(),
+ content);
+ }
+
+ /**
+ * Create a new type policy under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param policyName the name of the policy
+ * @param type the type of the policy
+ * @param comment the comment of the policy
+ * @param enabled whether the policy is enabled or not
+ * @param exclusive whether the policy is exclusive or not
+ * @param inheritable whether the policy is inheritable or not
+ * @param supportedObjectTypes the set of supported object types for the
policy
+ * @param content the content of the policy
+ * @return The created policy.
+ * @throws PolicyAlreadyExistsException If the policy already exists.
+ */
+ Policy createPolicy(
+ String metalake,
+ String policyName,
+ String type,
+ String comment,
+ boolean enabled,
+ boolean exclusive,
+ boolean inheritable,
+ Set<MetadataObject.Type> supportedObjectTypes,
+ PolicyContent content)
+ throws PolicyAlreadyExistsException;
+
+ /**
+ * Alter an existing policy under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param policyName the name of the policy
+ * @param changes the changes to apply to the policy
+ * @return The updated policy.
+ */
+ Policy alterPolicy(String metalake, String policyName, PolicyChange...
changes);
+
+ /**
+ * Enable an existing policy under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param policyName the name of the policy
+ */
+ void enablePolicy(String metalake, String policyName) throws
NoSuchPolicyException;
+
+ /**
+ * Disable an existing policy under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param policyName the name of the policy
+ */
+ void disablePolicy(String metalake, String policyName) throws
NoSuchPolicyException;
+
+ /**
+ * Delete an existing policy under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param policyName the name of the policy
+ * @return True if the policy was successfully deleted, false otherwise.
+ */
+ boolean deletePolicy(String metalake, String policyName);
+
+ /**
+ * List all metadata objects associated with the specified policy under a
metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param policyName the name of the policy
+ * @return The array of metadata objects associated with the specified
policy.
+ */
+ MetadataObject[] listMetadataObjectsForPolicy(String metalake, String
policyName);
+
+ /**
+ * List all the policy names associated with a metadata object under a
metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param metadataObject the metadata object for which associated policies
+ * @return The array of policy names associated with the specified metadata
object.
+ */
+ String[] listPoliciesForMetadataObject(String metalake, MetadataObject
metadataObject);
+
+ /**
+ * List all the policies with detailed information associated with a
metadata object under a
+ *
+ * @param metalake the name of the metalake
+ * @param metadataObject the metadata object for which associated policies
+ * @return The array of policies associated with the specified metadata
object.
+ */
+ Policy[] listPolicyInfosForMetadataObject(String metalake, MetadataObject
metadataObject);
+
+ /**
+ * Associate policies to a metadata object under a metalake.
+ *
+ * @param metalake the name of the metalake
+ * @param metadataObject the metadata object to associate policies with
+ * @param policiesToAdd the policies to be added to the metadata object
+ * @param policiesToRemove the policies to remove from the metadata object
+ * @return An array of updated policy names.
+ */
+ String[] associatePoliciesForMetadataObject(
+ String metalake,
+ MetadataObject metadataObject,
+ String[] policiesToAdd,
+ String[] policiesToRemove);
+
+ /**
+ * Get a specific policy associated with the specified metadata object.
+ *
+ * @param metalake the name of the metalake
+ * @param metadataObject the metadata object for which to retrieve the policy
+ * @param policyName the name of the policy to retrieve
+ * @return The policy associated with the metadata object.
+ */
+ Policy getPolicyForMetadataObject(
+ String metalake, MetadataObject metadataObject, String policyName);
+}
diff --git a/core/src/main/java/org/apache/gravitino/policy/PolicyManager.java
b/core/src/main/java/org/apache/gravitino/policy/PolicyManager.java
new file mode 100644
index 0000000000..cf3c97df0a
--- /dev/null
+++ b/core/src/main/java/org/apache/gravitino/policy/PolicyManager.java
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.gravitino.policy;
+
+import java.util.Set;
+import org.apache.gravitino.EntityStore;
+import org.apache.gravitino.MetadataObject;
+import org.apache.gravitino.SupportsRelationOperations;
+import org.apache.gravitino.exceptions.NoSuchPolicyException;
+import org.apache.gravitino.storage.IdGenerator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@SuppressWarnings("unused") // todo: remove this when the methods are
implemented
+public class PolicyManager implements PolicyDispatcher {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(PolicyManager.class);
+
+ private final IdGenerator idGenerator;
+ private final EntityStore entityStore;
+
+ public PolicyManager(IdGenerator idGenerator, EntityStore entityStore) {
+ if (!(entityStore instanceof SupportsRelationOperations)) {
+ String errorMsg =
+ "PolicyManager cannot run with entity store that does not support
policy operations, "
+ + "please configure the entity store to use relational entity
store and restart the Gravitino server";
+ LOG.error(errorMsg);
+ throw new RuntimeException(errorMsg);
+ }
+
+ this.idGenerator = idGenerator;
+ this.entityStore = entityStore;
+ }
+
+ @Override
+ public String[] listPolicies(String metalake) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public Policy[] listPolicyInfos(String metalake) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public Policy getPolicy(String metalake, String policyName) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public Policy createPolicy(
+ String metalake,
+ String policyName,
+ String type,
+ String comment,
+ boolean enabled,
+ boolean exclusive,
+ boolean inheritable,
+ Set<MetadataObject.Type> supportedObjectTypes,
+ PolicyContent content) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public Policy alterPolicy(String metalake, String policyName,
PolicyChange... changes) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public void enablePolicy(String metalake, String policyName) throws
NoSuchPolicyException {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public void disablePolicy(String metalake, String policyName) throws
NoSuchPolicyException {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public boolean deletePolicy(String metalake, String policyName) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public MetadataObject[] listMetadataObjectsForPolicy(String metalake, String
policyName) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public String[] listPoliciesForMetadataObject(String metalake,
MetadataObject metadataObject) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public Policy[] listPolicyInfosForMetadataObject(String metalake,
MetadataObject metadataObject) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public String[] associatePoliciesForMetadataObject(
+ String metalake,
+ MetadataObject metadataObject,
+ String[] policiesToAdd,
+ String[] policiesToRemove) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ @Override
+ public Policy getPolicyForMetadataObject(
+ String metalake, MetadataObject metadataObject, String policyName) {
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+}
diff --git
a/core/src/main/java/org/apache/gravitino/storage/relational/service/PolicyMetaService.java
b/core/src/main/java/org/apache/gravitino/storage/relational/service/PolicyMetaService.java
index 8176224622..36ebcd6411 100644
---
a/core/src/main/java/org/apache/gravitino/storage/relational/service/PolicyMetaService.java
+++
b/core/src/main/java/org/apache/gravitino/storage/relational/service/PolicyMetaService.java
@@ -25,7 +25,9 @@ import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.gravitino.Entity;
+import org.apache.gravitino.EntityAlreadyExistsException;
import org.apache.gravitino.HasIdentifier;
+import org.apache.gravitino.MetadataObject;
import org.apache.gravitino.NameIdentifier;
import org.apache.gravitino.Namespace;
import org.apache.gravitino.exceptions.NoSuchEntityException;
@@ -179,6 +181,36 @@ public class PolicyMetaService {
return policyMetaDeletedCount[0] + policyVersionDeletedCount[0] > 0;
}
+ public List<PolicyEntity> listPoliciesForMetadataObject(
+ NameIdentifier objectIdent, MetadataObject.Type objectType)
+ throws NoSuchEntityException, IOException {
+ // todo: implement this method
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ public PolicyEntity getPolicyForMetadataObject(
+ NameIdentifier objectIdent, MetadataObject.Type objectType,
NameIdentifier policyIdent)
+ throws NoSuchEntityException, IOException {
+ // todo: implement this method
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ public List<MetadataObject>
listAssociatedMetadataObjectsForPolicy(NameIdentifier policyIdent)
+ throws IOException {
+ // todo: implement this method
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
+ public List<PolicyEntity> associatePoliciesWithMetadataObject(
+ NameIdentifier objectIdent,
+ MetadataObject.Type objectType,
+ NameIdentifier[] policiesToAdd,
+ NameIdentifier[] policiesToRemove)
+ throws NoSuchEntityException, EntityAlreadyExistsException, IOException {
+ // todo: implement this method
+ throw new UnsupportedOperationException("Not implemented yet");
+ }
+
public int deletePolicyAndVersionMetasByLegacyTimeline(Long legacyTimeline,
int limit) {
int policyDeletedCount =
SessionUtils.doWithCommitAndFetchResult(
