Package org.apache.polaris.service.admin
Class PolarisAdminService
java.lang.Object
org.apache.polaris.service.admin.PolarisAdminService
Just as an Iceberg Catalog represents the logical model of Iceberg business logic to manage
Namespaces, Tables and Views, abstracted away from Iceberg REST objects, this class represents
the logical model for managing realm-level Catalogs, Principals, Roles, and Grants.
Different API implementers could expose different REST, gRPC, etc., interfaces that delegate to this logical model without being tightly coupled to a single frontend protocol, and can provide different implementations of PolarisEntityManager to abstract away the implementation of the persistence layer.
-
Constructor Summary
ConstructorsConstructorDescriptionPolarisAdminService(org.apache.polaris.core.context.CallContext callContext, org.apache.polaris.core.persistence.resolver.ResolutionManifestFactory resolutionManifestFactory, org.apache.polaris.core.persistence.PolarisMetaStoreManager metaStoreManager, org.apache.polaris.core.secrets.UserSecretsManager userSecretsManager, org.apache.polaris.core.identity.provider.ServiceIdentityProvider serviceIdentityProvider, org.apache.polaris.core.auth.PolarisPrincipal principal, org.apache.polaris.core.auth.PolarisAuthorizer authorizer, ReservedProperties reservedProperties) -
Method Summary
Modifier and TypeMethodDescriptionorg.apache.polaris.core.persistence.dao.entity.PrivilegeResultassignCatalogRoleToPrincipalRole(String principalRoleName, String catalogName, String catalogRoleName) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultassignPrincipalRole(String principalName, String principalRoleName) org.apache.polaris.core.entity.PolarisEntitycreateCatalog(org.apache.polaris.core.admin.model.CreateCatalogRequest catalogRequest) org.apache.polaris.core.entity.PolarisEntitycreateCatalogRole(String catalogName, org.apache.polaris.core.entity.PolarisEntity entity) org.apache.polaris.core.admin.model.PrincipalWithCredentialscreatePrincipal(org.apache.polaris.core.entity.PrincipalEntity entity) org.apache.polaris.core.entity.PolarisEntitycreatePrincipalRole(org.apache.polaris.core.entity.PolarisEntity entity) voiddeleteCatalog(String name) voiddeleteCatalogRole(String catalogName, String name) voiddeletePrincipal(String name) voiddeletePrincipalRole(String name) org.apache.polaris.core.entity.CatalogEntitygetCatalog(String name) org.apache.polaris.core.entity.CatalogRoleEntitygetCatalogRole(String catalogName, String name) org.apache.polaris.core.entity.PrincipalEntitygetPrincipal(String name) org.apache.polaris.core.entity.PrincipalRoleEntitygetPrincipalRole(String name) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultgrantPrivilegeOnCatalogToRole(String catalogName, String catalogRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege) Adds a catalog-level grant oncatalogNametocatalogRoleNamewhich resides within the same catalog on which it is being granted the privilege.org.apache.polaris.core.persistence.dao.entity.PrivilegeResultgrantPrivilegeOnNamespaceToRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.Namespace namespace, org.apache.polaris.core.entity.PolarisPrivilege privilege) Adds a namespace-level grant onnamespacetocatalogRoleName.org.apache.polaris.core.persistence.dao.entity.PrivilegeResultgrantPrivilegeOnPolicyToRole(String catalogName, String catalogRoleName, org.apache.polaris.service.types.PolicyIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultgrantPrivilegeOnRootContainerToPrincipalRole(String principalRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege) Adds a grant on the root container of this realm toprincipalRoleName.org.apache.polaris.core.persistence.dao.entity.PrivilegeResultgrantPrivilegeOnTableToRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.TableIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultgrantPrivilegeOnViewToRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.TableIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege) List<org.apache.polaris.core.entity.PolarisEntity> listAssigneePrincipalRolesForCatalogRole(String catalogName, String catalogRoleName) List<org.apache.polaris.core.entity.PolarisEntity> listAssigneePrincipalsForPrincipalRole(String principalRoleName) List<org.apache.polaris.core.admin.model.CatalogRole> listCatalogRoles(String catalogName) List<org.apache.polaris.core.entity.PolarisEntity> listCatalogRolesForPrincipalRole(String principalRoleName, String catalogName) List<org.apache.polaris.core.admin.model.Catalog> List all catalogs after checking for permission.List<org.apache.polaris.core.admin.model.GrantResource> listGrantsForCatalogRole(String catalogName, String catalogRoleName) Lists all grants on Catalog-level resources (Catalog/Namespace/Table/View) granted to the specified catalogRole.List<org.apache.polaris.core.admin.model.PrincipalRole> List<org.apache.polaris.core.entity.PolarisEntity> listPrincipalRolesAssigned(String principalName) List<org.apache.polaris.core.admin.model.Principal> org.apache.polaris.core.admin.model.PrincipalWithCredentialsresetCredentials(String principalName, org.apache.polaris.core.admin.model.ResetPrincipalRequest resetPrincipalRequest) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultrevokeCatalogRoleFromPrincipalRole(String principalRoleName, String catalogName, String catalogRoleName) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultrevokePrincipalRole(String principalName, String principalRoleName) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultrevokePrivilegeOnCatalogFromRole(String catalogName, String catalogRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege) Removes a catalog-level grant oncatalogNamefromcatalogRoleName.org.apache.polaris.core.persistence.dao.entity.PrivilegeResultrevokePrivilegeOnNamespaceFromRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.Namespace namespace, org.apache.polaris.core.entity.PolarisPrivilege privilege) Removes a namespace-level grant onnamespacefromcatalogRoleName.org.apache.polaris.core.persistence.dao.entity.PrivilegeResultrevokePrivilegeOnPolicyFromRole(String catalogName, String catalogRoleName, org.apache.polaris.service.types.PolicyIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultrevokePrivilegeOnRootContainerFromPrincipalRole(String principalRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege) Revokes a grant on the root container of this realm fromprincipalRoleName.org.apache.polaris.core.persistence.dao.entity.PrivilegeResultrevokePrivilegeOnTableFromRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.TableIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege) org.apache.polaris.core.persistence.dao.entity.PrivilegeResultrevokePrivilegeOnViewFromRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.TableIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege) org.apache.polaris.core.admin.model.PrincipalWithCredentialsrotateCredentials(String principalName) org.apache.polaris.core.entity.CatalogEntityupdateCatalog(String name, org.apache.polaris.core.admin.model.UpdateCatalogRequest updateRequest) org.apache.polaris.core.entity.CatalogRoleEntityupdateCatalogRole(String catalogName, String name, org.apache.polaris.core.admin.model.UpdateCatalogRoleRequest updateRequest) org.apache.polaris.core.entity.PrincipalEntityupdatePrincipal(String name, org.apache.polaris.core.admin.model.UpdatePrincipalRequest updateRequest) org.apache.polaris.core.entity.PrincipalRoleEntityupdatePrincipalRole(String name, org.apache.polaris.core.admin.model.UpdatePrincipalRoleRequest updateRequest)
-
Constructor Details
-
PolarisAdminService
@Inject public PolarisAdminService(@Nonnull org.apache.polaris.core.context.CallContext callContext, @Nonnull org.apache.polaris.core.persistence.resolver.ResolutionManifestFactory resolutionManifestFactory, @Nonnull org.apache.polaris.core.persistence.PolarisMetaStoreManager metaStoreManager, @Nonnull org.apache.polaris.core.secrets.UserSecretsManager userSecretsManager, @Nonnull org.apache.polaris.core.identity.provider.ServiceIdentityProvider serviceIdentityProvider, @Nonnull org.apache.polaris.core.auth.PolarisPrincipal principal, @Nonnull org.apache.polaris.core.auth.PolarisAuthorizer authorizer, @Nonnull ReservedProperties reservedProperties)
-
-
Method Details
-
createCatalog
public org.apache.polaris.core.entity.PolarisEntity createCatalog(org.apache.polaris.core.admin.model.CreateCatalogRequest catalogRequest) -
deleteCatalog
-
getCatalog
-
updateCatalog
@Nonnull public org.apache.polaris.core.entity.CatalogEntity updateCatalog(String name, org.apache.polaris.core.admin.model.UpdateCatalogRequest updateRequest) -
listCatalogs
List all catalogs after checking for permission. -
createPrincipal
public org.apache.polaris.core.admin.model.PrincipalWithCredentials createPrincipal(org.apache.polaris.core.entity.PrincipalEntity entity) -
deletePrincipal
-
getPrincipal
-
updatePrincipal
@Nonnull public org.apache.polaris.core.entity.PrincipalEntity updatePrincipal(String name, org.apache.polaris.core.admin.model.UpdatePrincipalRequest updateRequest) -
rotateCredentials
@Nonnull public org.apache.polaris.core.admin.model.PrincipalWithCredentials rotateCredentials(String principalName) -
resetCredentials
@Nonnull public org.apache.polaris.core.admin.model.PrincipalWithCredentials resetCredentials(String principalName, org.apache.polaris.core.admin.model.ResetPrincipalRequest resetPrincipalRequest) -
listPrincipals
-
createPrincipalRole
public org.apache.polaris.core.entity.PolarisEntity createPrincipalRole(org.apache.polaris.core.entity.PolarisEntity entity) -
deletePrincipalRole
-
getPrincipalRole
-
updatePrincipalRole
@Nonnull public org.apache.polaris.core.entity.PrincipalRoleEntity updatePrincipalRole(String name, org.apache.polaris.core.admin.model.UpdatePrincipalRoleRequest updateRequest) -
listPrincipalRoles
-
createCatalogRole
public org.apache.polaris.core.entity.PolarisEntity createCatalogRole(String catalogName, org.apache.polaris.core.entity.PolarisEntity entity) -
deleteCatalogRole
-
getCatalogRole
-
updateCatalogRole
-
listCatalogRoles
-
assignPrincipalRole
-
revokePrincipalRole
-
listPrincipalRolesAssigned
-
assignCatalogRoleToPrincipalRole
-
revokeCatalogRoleFromPrincipalRole
-
listAssigneePrincipalsForPrincipalRole
-
listCatalogRolesForPrincipalRole
-
grantPrivilegeOnRootContainerToPrincipalRole
public org.apache.polaris.core.persistence.dao.entity.PrivilegeResult grantPrivilegeOnRootContainerToPrincipalRole(String principalRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege) Adds a grant on the root container of this realm toprincipalRoleName. -
revokePrivilegeOnRootContainerFromPrincipalRole
public org.apache.polaris.core.persistence.dao.entity.PrivilegeResult revokePrivilegeOnRootContainerFromPrincipalRole(String principalRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege) Revokes a grant on the root container of this realm fromprincipalRoleName. -
grantPrivilegeOnCatalogToRole
public org.apache.polaris.core.persistence.dao.entity.PrivilegeResult grantPrivilegeOnCatalogToRole(String catalogName, String catalogRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege) Adds a catalog-level grant oncatalogNametocatalogRoleNamewhich resides within the same catalog on which it is being granted the privilege. -
revokePrivilegeOnCatalogFromRole
public org.apache.polaris.core.persistence.dao.entity.PrivilegeResult revokePrivilegeOnCatalogFromRole(String catalogName, String catalogRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege) Removes a catalog-level grant oncatalogNamefromcatalogRoleName. -
grantPrivilegeOnNamespaceToRole
public org.apache.polaris.core.persistence.dao.entity.PrivilegeResult grantPrivilegeOnNamespaceToRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.Namespace namespace, org.apache.polaris.core.entity.PolarisPrivilege privilege) Adds a namespace-level grant onnamespacetocatalogRoleName. -
revokePrivilegeOnNamespaceFromRole
public org.apache.polaris.core.persistence.dao.entity.PrivilegeResult revokePrivilegeOnNamespaceFromRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.Namespace namespace, org.apache.polaris.core.entity.PolarisPrivilege privilege) Removes a namespace-level grant onnamespacefromcatalogRoleName. -
grantPrivilegeOnTableToRole
-
revokePrivilegeOnTableFromRole
-
grantPrivilegeOnViewToRole
-
revokePrivilegeOnViewFromRole
-
grantPrivilegeOnPolicyToRole
-
revokePrivilegeOnPolicyFromRole
-
listAssigneePrincipalRolesForCatalogRole
-
listGrantsForCatalogRole
public List<org.apache.polaris.core.admin.model.GrantResource> listGrantsForCatalogRole(String catalogName, String catalogRoleName) Lists all grants on Catalog-level resources (Catalog/Namespace/Table/View) granted to the specified catalogRole.
-