Package org.apache.polaris.service.admin

Class PolarisAdminService

java.lang.Object
org.apache.polaris.service.admin.PolarisAdminService
public class PolarisAdminService extends Object
Just as an Iceberg Catalog represents the logical model of Iceberg business logic to manage Namespaces, Tables and Views, abstracted away from Iceberg REST objects, this class represents the logical model for managing realm-level Catalogs, Principals, Roles, and Grants.

Different API implementors could expose different REST, gRPC, etc., interfaces that delegate to this logical model without being tightly coupled to a single frontend protocol, and can provide different implementations of PolarisEntityManager to abstract away the implementation of the persistence layer.

  • Constructor Details

    • PolarisAdminService

      public PolarisAdminService(@NotNull @NotNull org.apache.polaris.core.context.CallContext callContext, @NotNull @NotNull org.apache.polaris.core.persistence.PolarisEntityManager entityManager, @NotNull @NotNull org.apache.polaris.core.persistence.PolarisMetaStoreManager metaStoreManager, @NotNull @NotNull org.apache.polaris.core.secrets.UserSecretsManager userSecretsManager, @NotNull @NotNull jakarta.ws.rs.core.SecurityContext securityContext, @NotNull @NotNull org.apache.polaris.core.auth.PolarisAuthorizer authorizer, @NotNull @NotNull ReservedProperties reservedProperties)

  • Method Details

    • createCatalog

      public org.apache.polaris.core.entity.PolarisEntity createCatalog(org.apache.polaris.core.admin.model.CreateCatalogRequest catalogRequest)

    • deleteCatalog

      public void deleteCatalog(String name)

    • getCatalog

      @Nonnull public org.apache.polaris.core.entity.CatalogEntity getCatalog(String name)

    • updateCatalog

      @Nonnull public org.apache.polaris.core.entity.CatalogEntity updateCatalog(String name, org.apache.polaris.core.admin.model.UpdateCatalogRequest updateRequest)

    • listCatalogs

      public List<org.apache.polaris.core.entity.PolarisEntity> listCatalogs()

    • createPrincipal

      public org.apache.polaris.core.admin.model.PrincipalWithCredentials createPrincipal(org.apache.polaris.core.entity.PolarisEntity entity)

    • deletePrincipal

      public void deletePrincipal(String name)

    • getPrincipal

      @Nonnull public org.apache.polaris.core.entity.PrincipalEntity getPrincipal(String name)

    • updatePrincipal

      @Nonnull public org.apache.polaris.core.entity.PrincipalEntity updatePrincipal(String name, org.apache.polaris.core.admin.model.UpdatePrincipalRequest updateRequest)

    • rotateCredentials

      @Nonnull public org.apache.polaris.core.admin.model.PrincipalWithCredentials rotateCredentials(String principalName)

    • resetCredentials

      @Nonnull public org.apache.polaris.core.admin.model.PrincipalWithCredentials resetCredentials(String principalName)

    • listPrincipals

      public List<org.apache.polaris.core.entity.PolarisEntity> listPrincipals()

    • createPrincipalRole

      public org.apache.polaris.core.entity.PolarisEntity createPrincipalRole(org.apache.polaris.core.entity.PolarisEntity entity)

    • deletePrincipalRole

      public void deletePrincipalRole(String name)

    • getPrincipalRole

      @Nonnull public org.apache.polaris.core.entity.PrincipalRoleEntity getPrincipalRole(String name)

    • updatePrincipalRole

      @Nonnull public org.apache.polaris.core.entity.PrincipalRoleEntity updatePrincipalRole(String name, org.apache.polaris.core.admin.model.UpdatePrincipalRoleRequest updateRequest)

    • listPrincipalRoles

      public List<org.apache.polaris.core.entity.PolarisEntity> listPrincipalRoles()

    • createCatalogRole

      public org.apache.polaris.core.entity.PolarisEntity createCatalogRole(String catalogName, org.apache.polaris.core.entity.PolarisEntity entity)

    • deleteCatalogRole

      public void deleteCatalogRole(String catalogName, String name)

    • getCatalogRole

      @Nonnull public org.apache.polaris.core.entity.CatalogRoleEntity getCatalogRole(String catalogName, String name)

    • updateCatalogRole

      @Nonnull public org.apache.polaris.core.entity.CatalogRoleEntity updateCatalogRole(String catalogName, String name, org.apache.polaris.core.admin.model.UpdateCatalogRoleRequest updateRequest)

    • listCatalogRoles

      public List<org.apache.polaris.core.entity.PolarisEntity> listCatalogRoles(String catalogName)

    • assignPrincipalRole

      public boolean assignPrincipalRole(String principalName, String principalRoleName)

    • revokePrincipalRole

      public boolean revokePrincipalRole(String principalName, String principalRoleName)

    • listPrincipalRolesAssigned

      public List<org.apache.polaris.core.entity.PolarisEntity> listPrincipalRolesAssigned(String principalName)

    • assignCatalogRoleToPrincipalRole

      public boolean assignCatalogRoleToPrincipalRole(String principalRoleName, String catalogName, String catalogRoleName)

    • revokeCatalogRoleFromPrincipalRole

      public boolean revokeCatalogRoleFromPrincipalRole(String principalRoleName, String catalogName, String catalogRoleName)

    • listAssigneePrincipalsForPrincipalRole

      public List<org.apache.polaris.core.entity.PolarisEntity> listAssigneePrincipalsForPrincipalRole(String principalRoleName)

    • listCatalogRolesForPrincipalRole

      public List<org.apache.polaris.core.entity.PolarisEntity> listCatalogRolesForPrincipalRole(String principalRoleName, String catalogName)

    • grantPrivilegeOnRootContainerToPrincipalRole

      public boolean grantPrivilegeOnRootContainerToPrincipalRole(String principalRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege)
      Adds a grant on the root container of this realm to principalRoleName.

    • revokePrivilegeOnRootContainerFromPrincipalRole

      public boolean revokePrivilegeOnRootContainerFromPrincipalRole(String principalRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege)
      Revokes a grant on the root container of this realm from principalRoleName.

    • grantPrivilegeOnCatalogToRole

      public boolean grantPrivilegeOnCatalogToRole(String catalogName, String catalogRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege)
      Adds a catalog-level grant on catalogName to catalogRoleName which resides within the same catalog on which it is being granted the privilege.

    • revokePrivilegeOnCatalogFromRole

      public boolean revokePrivilegeOnCatalogFromRole(String catalogName, String catalogRoleName, org.apache.polaris.core.entity.PolarisPrivilege privilege)
      Removes a catalog-level grant on catalogName from catalogRoleName.

    • grantPrivilegeOnNamespaceToRole

      public boolean grantPrivilegeOnNamespaceToRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.Namespace namespace, org.apache.polaris.core.entity.PolarisPrivilege privilege)
      Adds a namespace-level grant on namespace to catalogRoleName.

    • revokePrivilegeOnNamespaceFromRole

      public boolean revokePrivilegeOnNamespaceFromRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.Namespace namespace, org.apache.polaris.core.entity.PolarisPrivilege privilege)
      Removes a namespace-level grant on namespace from catalogRoleName.

    • grantPrivilegeOnTableToRole

      public boolean grantPrivilegeOnTableToRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.TableIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege)

    • revokePrivilegeOnTableFromRole

      public boolean revokePrivilegeOnTableFromRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.TableIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege)

    • grantPrivilegeOnViewToRole

      public boolean grantPrivilegeOnViewToRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.TableIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege)

    • revokePrivilegeOnViewFromRole

      public boolean revokePrivilegeOnViewFromRole(String catalogName, String catalogRoleName, org.apache.iceberg.catalog.TableIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege)

    • grantPrivilegeOnPolicyToRole

      public boolean grantPrivilegeOnPolicyToRole(String catalogName, String catalogRoleName, org.apache.polaris.service.types.PolicyIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege)

    • revokePrivilegeOnPolicyFromRole

      public boolean revokePrivilegeOnPolicyFromRole(String catalogName, String catalogRoleName, org.apache.polaris.service.types.PolicyIdentifier identifier, org.apache.polaris.core.entity.PolarisPrivilege privilege)

    • listAssigneePrincipalRolesForCatalogRole

      public List<org.apache.polaris.core.entity.PolarisEntity> listAssigneePrincipalRolesForCatalogRole(String catalogName, String catalogRoleName)

    • listGrantsForCatalogRole

      public List<org.apache.polaris.core.admin.model.GrantResource> listGrantsForCatalogRole(String catalogName, String catalogRoleName)
      Lists all grants on Catalog-level resources (Catalog/Namespace/Table/View) granted to the specified catalogRole.