Re: [PR] [#7623] feat(policy): Add core logic implementation for policy management (part-1) [gravitino]

Wed, 30 Jul 2025 02:17:36 -0700 


yuqi1129 commented on code in PR #7625:
URL: https://github.com/apache/gravitino/pull/7625#discussion_r2242023656


##########
core/src/main/java/org/apache/gravitino/policy/PolicyManager.java:
##########
@@ -74,28 +123,103 @@ public Policy createPolicy(
       boolean exclusive,
       boolean inheritable,
       Set<MetadataObject.Type> supportedObjectTypes,
-      PolicyContent content) {
-    throw new UnsupportedOperationException("Not implemented yet");
+      PolicyContent content)
+      throws PolicyAlreadyExistsException {
+    NameIdentifier metalakeIdent = NameIdentifierUtil.ofMetalake(metalake);
+    checkMetalake(metalakeIdent, entityStore);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifierUtil.ofPolicy(metalake, policyName),
+        LockType.WRITE,
+        () -> {
+          PolicyEntity policyEntity =
+              PolicyEntity.builder()
+                  .withId(idGenerator.nextId())
+                  .withName(policyName)
+                  .withNamespace(NamespaceUtil.ofPolicy(metalake))
+                  .withComment(comment)
+                  .withPolicyType(type)
+                  .withEnabled(enabled)
+                  .withExclusive(exclusive)
+                  .withInheritable(inheritable)
+                  .withSupportedObjectTypes(supportedObjectTypes)
+                  .withContent(content)
+                  .withAuditInfo(
+                      AuditInfo.builder()
+                          
.withCreator(PrincipalUtils.getCurrentPrincipal().getName())
+                          .withCreateTime(Instant.now())
+                          .build())
+                  .build();
+
+          try {
+            entityStore.put(policyEntity, false /* overwritten */);
+            return policyEntity;
+          } catch (EntityAlreadyExistsException e) {
+            throw new PolicyAlreadyExistsException(
+                "Policy with name %s under metalake %s already exists", 
policyName, metalake);
+          } catch (IOException ioe) {
+            LOG.error("Failed to create policy {} under metalake {}", 
policyName, metalake, ioe);
+            throw new RuntimeException(ioe);
+          }
+        });
   }
 
   @Override
   public Policy alterPolicy(String metalake, String policyName, 
PolicyChange... changes) {
-    throw new UnsupportedOperationException("Not implemented yet");
+    NameIdentifier metalakeIdent = NameIdentifierUtil.ofMetalake(metalake);
+    checkMetalake(metalakeIdent, entityStore);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifierUtil.ofPolicy(metalake, policyName),
+        LockType.WRITE,
+        () -> {
+          try {
+            return entityStore.update(
+                NameIdentifierUtil.ofPolicy(metalake, policyName),
+                PolicyEntity.class,
+                Entity.EntityType.POLICY,
+                policyEntity -> updatePolicyEntity(policyEntity, changes));
+          } catch (NoSuchEntityException e) {
+            throw new NoSuchPolicyException(
+                "Policy with name %s under metalake %s does not exist", 
policyName, metalake);
+          } catch (EntityAlreadyExistsException e) {
+            throw new RuntimeException(
+                "Policy with name "

Review Comment:
   The message is incorrect. The `policyName` is the value that lies in 
`PolicyChange` NOT itself. 



##########
core/src/main/java/org/apache/gravitino/policy/PolicyManager.java:
##########
@@ -127,4 +251,100 @@ public Policy getPolicyForMetadataObject(
       String metalake, MetadataObject metadataObject, String policyName) {
     throw new UnsupportedOperationException("Not implemented yet");
   }
+
+  private void changePolicyEnabledState(
+      String metalake, String policyName, boolean expectedEnabledState) {
+    NameIdentifier metalakeIdent = NameIdentifierUtil.ofMetalake(metalake);
+    checkMetalake(metalakeIdent, entityStore);
+    TreeLockUtils.doWithTreeLock(
+        NameIdentifierUtil.ofPolicy(metalake, policyName),
+        LockType.WRITE,
+        () -> {
+          if (policyEnabled(metalake, policyName) == expectedEnabledState) {
+            return null;
+          }
+
+          try {
+            entityStore.update(
+                NameIdentifierUtil.ofPolicy(metalake, policyName),
+                PolicyEntity.class,
+                Entity.EntityType.POLICY,
+                policyEntity -> {
+                  PolicyEntity.Builder builder = 
newPolicyBuilder(policyEntity);
+                  builder.withEnabled(expectedEnabledState);
+                  return builder.build();
+                });
+            return null;
+          } catch (IOException ioe) {
+            LOG.error(
+                "Failed to change policy {} enabled state under metalake {}",
+                policyName,
+                metalake,
+                ioe);
+            throw new RuntimeException(ioe);
+          }
+        });
+  }
+
+  private PolicyEntity.Builder newPolicyBuilder(PolicyEntity policyEntity) {

Review Comment:
   You'd better place it in class `PolicyEntity` and the name can be 
`toBuilder()`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to