mansehajsingh commented on code in PR #4: URL: https://github.com/apache/polaris-tools/pull/4#discussion_r2035923654
########## polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/PolarisServiceFactory.java: ########## @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.tools.sync.polaris; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; +import org.apache.http.HttpHeaders; +import org.apache.polaris.management.ApiClient; +import org.apache.polaris.management.client.PolarisManagementDefaultApi; +import org.apache.polaris.tools.sync.polaris.http.OAuth2Util; + +/** Used to initialize a {@link PolarisService}. */ +public class PolarisServiceFactory { + + private static void validatePolarisInstanceProperties( + String baseUrl, + String accessToken, + String oauth2ServerUri, + String clientId, + String clientSecret, + String scope) { + if (baseUrl == null) { + throw new IllegalArgumentException("baseUrl is required but was not provided"); + } + + if (accessToken != null) { + return; + } + + final String oauthErrorMessage = + "Either the accessToken property must be provided, or all of oauth2ServerUri, clientId, clientSecret, scope"; + + if (oauth2ServerUri == null || clientId == null || clientSecret == null || scope == null) { + throw new IllegalArgumentException(oauthErrorMessage); + } + } + + public static PolarisService newPolarisService( + String baseUrl, String oauth2ServerUri, String clientId, String clientSecret, String scope) + throws IOException { + validatePolarisInstanceProperties( + baseUrl, null, oauth2ServerUri, clientId, clientSecret, scope); + + String accessToken = OAuth2Util.fetchToken(oauth2ServerUri, clientId, clientSecret, scope); + + return newPolarisService(baseUrl, accessToken); + } + + public static PolarisService newPolarisService(String baseUrl, String accessToken) { + validatePolarisInstanceProperties(baseUrl, accessToken, null, null, null, null); Review Comment: Added! ########## polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/PolarisSynchronizer.java: ########## @@ -0,0 +1,1135 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.tools.sync.polaris; + +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import org.apache.iceberg.BaseTable; +import org.apache.iceberg.Table; +import org.apache.iceberg.catalog.Namespace; +import org.apache.iceberg.catalog.SupportsNamespaces; +import org.apache.iceberg.catalog.TableIdentifier; +import org.apache.polaris.core.admin.model.Catalog; +import org.apache.polaris.core.admin.model.CatalogRole; +import org.apache.polaris.core.admin.model.GrantResource; +import org.apache.polaris.core.admin.model.PrincipalRole; +import org.apache.polaris.core.admin.model.PrincipalWithCredentials; +import org.apache.polaris.tools.sync.polaris.access.AccessControlService; +import org.apache.polaris.tools.sync.polaris.catalog.BaseTableWithETag; +import org.apache.polaris.tools.sync.polaris.catalog.ETagService; +import org.apache.polaris.tools.sync.polaris.catalog.NotModifiedException; +import org.apache.polaris.tools.sync.polaris.catalog.PolarisCatalog; +import org.apache.polaris.tools.sync.polaris.planning.SynchronizationPlanner; +import org.apache.polaris.tools.sync.polaris.planning.plan.SynchronizationPlan; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Encapsulates idempotent and failure-safe logic to perform Polaris entity syncs. Performs logging + * with configurability and all actions related to the generated sync plans. + */ +public class PolarisSynchronizer { + + private final Logger clientLogger; + + private final SynchronizationPlanner syncPlanner; + + private final PolarisService source; + + private final PolarisService target; + + private final PrincipalWithCredentials sourceOmnipotentPrincipal; + + private final PrincipalWithCredentials targetOmnipotentPrincipal; + + private final PrincipalRole sourceOmnipotentPrincipalRole; + + private final PrincipalRole targetOmnipotentPrincipalRole; + + private final AccessControlService sourceAccessControlService; + + private final AccessControlService targetAccessControlService; + + private final ETagService etagService; + + public PolarisSynchronizer( + Logger clientLogger, + SynchronizationPlanner synchronizationPlanner, + PrincipalWithCredentials sourceOmnipotentPrincipal, + PrincipalWithCredentials targetOmnipotentPrincipal, + PolarisService source, + PolarisService target, + ETagService etagService) { + this.clientLogger = + clientLogger == null ? LoggerFactory.getLogger(PolarisSynchronizer.class) : clientLogger; + this.syncPlanner = synchronizationPlanner; + this.sourceOmnipotentPrincipal = sourceOmnipotentPrincipal; + this.targetOmnipotentPrincipal = targetOmnipotentPrincipal; + this.source = source; + this.target = target; + this.sourceAccessControlService = new AccessControlService(source); + this.targetAccessControlService = new AccessControlService(target); + + this.sourceOmnipotentPrincipalRole = + sourceAccessControlService.getOmnipotentPrincipalRoleForPrincipal( + sourceOmnipotentPrincipal.getPrincipal().getName()); + this.targetOmnipotentPrincipalRole = + targetAccessControlService.getOmnipotentPrincipalRoleForPrincipal( + targetOmnipotentPrincipal.getPrincipal().getName()); + this.etagService = etagService; + } + + /** + * Calculates the total number of sync tasks to complete. + * + * @param plan the plan to scan for cahnges + * @return the nuber of syncs to perform + */ + private int totalSyncsToComplete(SynchronizationPlan<?> plan) { + return plan.entitiesToCreate().size() + + plan.entitiesToOverwrite().size() + + plan.entitiesToRemove().size(); + } + + /** Sync principal roles from source to target. */ + public void syncPrincipalRoles() { + List<PrincipalRole> principalRolesSource; + + try { + principalRolesSource = source.listPrincipalRoles(); + clientLogger.info("Listed {} principal-roles from source.", principalRolesSource.size()); + } catch (Exception e) { + clientLogger.error("Failed to list principal-roles from source.", e); + return; + } + + List<PrincipalRole> principalRolesTarget; + + try { + principalRolesTarget = target.listPrincipalRoles(); + clientLogger.info("Listed {} principal-roles from target.", principalRolesTarget.size()); + } catch (Exception e) { + clientLogger.error("Failed to list principal-roles from target.", e); + return; + } + + SynchronizationPlan<PrincipalRole> principalRoleSyncPlan = + syncPlanner.planPrincipalRoleSync(principalRolesSource, principalRolesTarget); + + principalRoleSyncPlan + .entitiesToSkip() + .forEach( + principalRole -> + clientLogger.info("Skipping principal-role {}.", principalRole.getName())); + + principalRoleSyncPlan + .entitiesNotModified() + .forEach( + principalRole -> + clientLogger.info( + "No change detected for principal-role {}, skipping.", + principalRole.getName())); + + int syncsCompleted = 0; + final int totalSyncsToComplete = totalSyncsToComplete(principalRoleSyncPlan); + + for (PrincipalRole principalRole : principalRoleSyncPlan.entitiesToCreate()) { + try { + target.createPrincipalRole(principalRole, false); + clientLogger.info( + "Created principal-role {} on target. - {}/{}", + principalRole.getName(), + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to create principal-role {} on target. - {}/{}", + principalRole.getName(), + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (PrincipalRole principalRole : principalRoleSyncPlan.entitiesToOverwrite()) { + try { + target.createPrincipalRole(principalRole, true); + clientLogger.info( + "Overwrote principal-role {} on target. - {}/{}", + principalRole.getName(), + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to overwrite principal-role {} on target. - {}/{}", + principalRole.getName(), + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (PrincipalRole principalRole : principalRoleSyncPlan.entitiesToRemove()) { + try { + target.removePrincipalRole(principalRole.getName()); + clientLogger.info( + "Removed principal-role {} on target. - {}/{}", + principalRole.getName(), + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to remove principal-role {} on target. - {}/{}", + principalRole.getName(), + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + } + + /** + * Sync assignments of principal roles to a catalog role. + * + * @param catalogName the catalog that the catalog role is in + * @param catalogRoleName the name of the catalog role + */ + public void syncAssigneePrincipalRolesForCatalogRole(String catalogName, String catalogRoleName) { + List<PrincipalRole> principalRolesSource; + + try { + principalRolesSource = + source.listAssigneePrincipalRolesForCatalogRole(catalogName, catalogRoleName); + clientLogger.info( + "Listed {} assignee principal-roles for catalog-role {} in catalog {} from source.", + principalRolesSource.size(), + catalogRoleName, + catalogName); + } catch (Exception e) { + clientLogger.error( + "Failed to list assignee principal-roles for catalog-role {} in catalog {} from source.", + catalogRoleName, + catalogName, + e); + return; + } + + List<PrincipalRole> principalRolesTarget; + + try { + principalRolesTarget = + target.listAssigneePrincipalRolesForCatalogRole(catalogName, catalogRoleName); + clientLogger.info( + "Listed {} assignee principal-roles for catalog-role {} in catalog {} from target.", + principalRolesTarget.size(), + catalogRoleName, + catalogName); + } catch (Exception e) { + clientLogger.error( + "Failed to list assignee principal-roles for catalog-role {} in catalog {} from target.", + catalogRoleName, + catalogName, + e); + return; + } + + SynchronizationPlan<PrincipalRole> assignedPrincipalRoleSyncPlan = + syncPlanner.planAssignPrincipalRolesToCatalogRolesSync( + catalogName, catalogRoleName, principalRolesSource, principalRolesTarget); + + assignedPrincipalRoleSyncPlan + .entitiesToSkip() + .forEach( + principalRole -> + clientLogger.info( + "Skipping assignment of principal-role {} to catalog-role {} in catalog {}.", + principalRole.getName(), + catalogRoleName, + catalogName)); + + assignedPrincipalRoleSyncPlan + .entitiesNotModified() + .forEach( + principalRole -> + clientLogger.info( + "Principal-role {} is already assigned to catalog-role {} in catalog {}. Skipping.", + principalRole.getName(), + catalogRoleName, + catalogName)); + + int syncsCompleted = 0; + int totalSyncsToComplete = totalSyncsToComplete(assignedPrincipalRoleSyncPlan); + + for (PrincipalRole principalRole : assignedPrincipalRoleSyncPlan.entitiesToCreate()) { + try { + target.assignCatalogRoleToPrincipalRole( + principalRole.getName(), catalogName, catalogRoleName); + clientLogger.info( + "Assigned principal-role {} to catalog-role {} in catalog {}. - {}/{}", + principalRole.getName(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to assign principal-role {} to catalog-role {} in catalog {}. - {}/{}", + principalRole.getName(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (PrincipalRole principalRole : assignedPrincipalRoleSyncPlan.entitiesToOverwrite()) { + try { + target.assignCatalogRoleToPrincipalRole( + principalRole.getName(), catalogName, catalogRoleName); + clientLogger.info( + "Assigned principal-role {} to catalog-role {} in catalog {}. - {}/{}", + principalRole.getName(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to assign principal-role {} to catalog-role {} in catalog {}. - {}/{}", + principalRole.getName(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (PrincipalRole principalRole : assignedPrincipalRoleSyncPlan.entitiesToRemove()) { + try { + target.removeCatalogRoleFromPrincipalRole( + principalRole.getName(), catalogName, catalogRoleName); + clientLogger.info( + "Revoked principal-role {} from catalog-role {} in catalog {}. - {}/{}", + principalRole.getName(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to revoke principal-role {} from catalog-role {} in catalog {}. - {}/{}", + principalRole.getName(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + } + + /** Sync catalogs across the source and target polaris instance. */ + public void syncCatalogs() { + List<Catalog> catalogsSource; + + try { + catalogsSource = source.listCatalogs(); + clientLogger.info("Listed {} catalogs from source.", catalogsSource.size()); + } catch (Exception e) { + clientLogger.error("Failed to list catalogs from source.", e); + return; + } + + List<Catalog> catalogsTarget; + + try { + catalogsTarget = target.listCatalogs(); + clientLogger.info("Listed {} catalogs from target.", catalogsTarget.size()); + } catch (Exception e) { + clientLogger.error("Failed to list catalogs from target.", e); + return; + } + + SynchronizationPlan<Catalog> catalogSyncPlan = + syncPlanner.planCatalogSync(catalogsSource, catalogsTarget); + + catalogSyncPlan + .entitiesToSkip() + .forEach(catalog -> clientLogger.info("Skipping catalog {}.", catalog.getName())); + + catalogSyncPlan + .entitiesToSkipAndSkipChildren() + .forEach( + catalog -> + clientLogger.info( + "Skipping catalog {} and all child entities.", catalog.getName())); + + catalogSyncPlan + .entitiesNotModified() + .forEach( + catalog -> + clientLogger.info( + "No change detected in catalog {}. Skipping.", catalog.getName())); + + int syncsCompleted = 0; + int totalSyncsToComplete = totalSyncsToComplete(catalogSyncPlan); + + for (Catalog catalog : catalogSyncPlan.entitiesToCreate()) { + try { + target.createCatalog(catalog); + clientLogger.info( + "Created catalog {}. - {}/{}", + catalog.getName(), + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to create catalog {}. - {}/{}", + catalog.getName(), + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (Catalog catalog : catalogSyncPlan.entitiesToOverwrite()) { + try { + setupOmnipotentCatalogRoleIfNotExistsTarget(catalog.getName()); + target.overwriteCatalog(catalog, targetOmnipotentPrincipal); + clientLogger.info( + "Overwrote catalog {}. - {}/{}", + catalog.getName(), + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to overwrite catalog {}. - {}/{}", + catalog.getName(), + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (Catalog catalog : catalogSyncPlan.entitiesToRemove()) { + try { + setupOmnipotentCatalogRoleIfNotExistsTarget(catalog.getName()); + target.removeCatalogCascade(catalog.getName(), targetOmnipotentPrincipal); + clientLogger.info( + "Removed catalog {}. - {}/{}", + catalog.getName(), + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to remove catalog {}. - {}/{}", + catalog.getName(), + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (Catalog catalog : catalogSyncPlan.entitiesToSyncChildren()) { + syncCatalogRoles(catalog.getName()); + + org.apache.iceberg.catalog.Catalog sourceIcebergCatalog; + + try { + sourceIcebergCatalog = initializeIcebergCatalogSource(catalog.getName()); + clientLogger.info( + "Initialized Iceberg REST catalog for Polaris catalog {} on source.", + catalog.getName()); + } catch (Exception e) { + clientLogger.error( + "Failed to initialize Iceberg REST catalog for Polaris catalog {} on source.", + catalog.getName(), + e); + continue; + } + + org.apache.iceberg.catalog.Catalog targetIcebergCatalog; + + try { + targetIcebergCatalog = initializeIcebergCatalogTarget(catalog.getName()); + clientLogger.info( + "Initialized Iceberg REST catalog for Polaris catalog {} on target.", + catalog.getName()); + } catch (Exception e) { + clientLogger.error( + "Failed to initialize Iceberg REST catalog for Polaris catalog {} on target.", + catalog.getName(), + e); + continue; + } + + syncNamespaces( + catalog.getName(), Namespace.empty(), sourceIcebergCatalog, targetIcebergCatalog); + } + } + + /** + * Sync catalog roles across the source and polaris instance for a catalog. + * + * @param catalogName the catalog to sync roles for + */ + public void syncCatalogRoles(String catalogName) { + List<CatalogRole> catalogRolesSource; + + try { + catalogRolesSource = source.listCatalogRoles(catalogName); + clientLogger.info( + "Listed {} catalog-roles for catalog {} from source.", + catalogRolesSource.size(), + catalogName); + } catch (Exception e) { + clientLogger.error( + "Failed to list catalog-roles for catalog {} from source.", catalogName, e); + return; + } + + List<CatalogRole> catalogRolesTarget; + + try { + catalogRolesTarget = target.listCatalogRoles(catalogName); + clientLogger.info( + "Listed {} catalog-roles for catalog {} from target.", + catalogRolesTarget.size(), + catalogName); + } catch (Exception e) { + clientLogger.error( + "Failed to list catalog-roles for catalog {} from target.", catalogName, e); + return; + } + + SynchronizationPlan<CatalogRole> catalogRoleSyncPlan = + syncPlanner.planCatalogRoleSync(catalogName, catalogRolesSource, catalogRolesTarget); + + catalogRoleSyncPlan + .entitiesToSkip() + .forEach( + catalogRole -> + clientLogger.info( + "Skipping catalog-role {} in catalog {}.", catalogRole.getName(), catalogName)); + + catalogRoleSyncPlan + .entitiesToSkipAndSkipChildren() + .forEach( + catalogRole -> + clientLogger.info( + "Skipping catalog-role {} in catalog {} and all child entities.", + catalogRole.getName(), + catalogName)); + + catalogRoleSyncPlan + .entitiesNotModified() + .forEach( + catalogRole -> + clientLogger.info( + "No change detected in catalog-role {} in catalog {}. Skipping.", + catalogRole.getName(), + catalogName)); + + int syncsCompleted = 0; + int totalSyncsToComplete = totalSyncsToComplete(catalogRoleSyncPlan); + + for (CatalogRole catalogRole : catalogRoleSyncPlan.entitiesToCreate()) { + try { + target.createCatalogRole(catalogName, catalogRole, false); + clientLogger.info( + "Created catalog-role {} for catalog {}. - {}/{}", + catalogRole.getName(), + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to create catalog-role {} for catalog {}. - {}/{}", + catalogRole.getName(), + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (CatalogRole catalogRole : catalogRoleSyncPlan.entitiesToOverwrite()) { + try { + target.createCatalogRole(catalogName, catalogRole, true); + clientLogger.info( + "Overwrote catalog-role {} for catalog {}. - {}/{}", + catalogRole.getName(), + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to overwrite catalog-role {} for catalog {}. - {}/{}", + catalogRole.getName(), + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (CatalogRole catalogRole : catalogRoleSyncPlan.entitiesToRemove()) { + try { + target.removeCatalogRole(catalogName, catalogRole.getName()); + clientLogger.info( + "Removed catalog-role {} for catalog {}. - {}/{}", + catalogRole.getName(), + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to remove catalog-role {} for catalog {}. - {}/{}", + catalogRole.getName(), + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (CatalogRole catalogRole : catalogRoleSyncPlan.entitiesToSyncChildren()) { + syncAssigneePrincipalRolesForCatalogRole(catalogName, catalogRole.getName()); + syncGrants(catalogName, catalogRole.getName()); + } + } + + /** + * Sync grants for a catalog role across the source and the target. + * + * @param catalogName + * @param catalogRoleName + */ + private void syncGrants(String catalogName, String catalogRoleName) { + List<GrantResource> grantsSource; + + try { + grantsSource = source.listGrants(catalogName, catalogRoleName); + clientLogger.info( + "Listed {} grants for catalog-role {} in catalog {} from source.", + grantsSource.size(), + catalogRoleName, + catalogName); + } catch (Exception e) { + clientLogger.error( + "Failed to list grants for catalog-role {} in catalog {} from source.", + catalogRoleName, + catalogName, + e); + return; + } + + List<GrantResource> grantsTarget; + + try { + grantsTarget = target.listGrants(catalogName, catalogRoleName); + clientLogger.info( + "Listed {} grants for catalog-role {} in catalog {} from target.", + grantsTarget.size(), + catalogRoleName, + catalogName); + } catch (Exception e) { + clientLogger.error( + "Failed to list grants for catalog-role {} in catalog {} from target.", + catalogRoleName, + catalogName, + e); + return; + } + + SynchronizationPlan<GrantResource> grantSyncPlan = + syncPlanner.planGrantSync(catalogName, catalogRoleName, grantsSource, grantsTarget); + + grantSyncPlan + .entitiesToSkip() + .forEach( + grant -> + clientLogger.info( + "Skipping addition of grant {} to catalog-role {} in catalog {}.", + grant.getType(), + catalogRoleName, + catalogName)); + + grantSyncPlan + .entitiesNotModified() + .forEach( + grant -> + clientLogger.info( + "Grant {} was already added to catalog-role {} in catalog {}. Skipping.", + grant.getType(), + catalogRoleName, + catalogName)); + + int syncsCompleted = 0; + int totalSyncsToComplete = totalSyncsToComplete(grantSyncPlan); + + for (GrantResource grant : grantSyncPlan.entitiesToCreate()) { + try { + target.addGrant(catalogName, catalogRoleName, grant); + clientLogger.info( + "Added grant {} to catalog-role {} for catalog {}. - {}/{}", + grant.getType(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to add grant {} to catalog-role {} for catalog {}. - {}/{}", + grant.getType(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (GrantResource grant : grantSyncPlan.entitiesToOverwrite()) { + try { + target.addGrant(catalogName, catalogRoleName, grant); + clientLogger.info( + "Added grant {} to catalog-role {} for catalog {}. - {}/{}", + grant.getType(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to add grant {} to catalog-role {} for catalog {}. - {}/{}", + grant.getType(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + + for (GrantResource grant : grantSyncPlan.entitiesToRemove()) { + try { + target.revokeGrant(catalogName, catalogRoleName, grant); + clientLogger.info( + "Revoked grant {} from catalog-role {} for catalog {}. - {}/{}", + grant.getType(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete); + } catch (Exception e) { + clientLogger.error( + "Failed to revoke grant {} from catalog-role {} for catalog {}. - {}/{}", + grant.getType(), + catalogRoleName, + catalogName, + ++syncsCompleted, + totalSyncsToComplete, + e); + } + } + } + + /** + * Setup an omnipotent principal for the provided catalog on the source Polaris instance. Review Comment: Fixed! ########## polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/catalog/MetadataWrapperTableOperations.java: ########## @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.tools.sync.polaris.catalog; + +import java.util.NoSuchElementException; +import org.apache.iceberg.TableMetadata; +import org.apache.iceberg.TableOperations; +import org.apache.iceberg.io.FileIO; +import org.apache.iceberg.io.LocationProvider; + +/** + * Wrapper table operationw class that just allows fetching a provided table metadata. Used to build Review Comment: Fixed! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
