-
Notifications
You must be signed in to change notification settings - Fork 252
Policy Store: Add PolicyEntity and PolicyTypes #1133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
967398c
5a5c73e
4cfb7f1
f2f64dd
45dd562
875caf2
444fd1b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.polaris.core.policy; | ||
|
||
import com.fasterxml.jackson.annotation.JsonIgnore; | ||
import com.google.common.base.Preconditions; | ||
import org.apache.iceberg.catalog.Namespace; | ||
import org.apache.iceberg.rest.RESTUtil; | ||
import org.apache.polaris.core.entity.NamespaceEntity; | ||
import org.apache.polaris.core.entity.PolarisBaseEntity; | ||
import org.apache.polaris.core.entity.PolarisEntity; | ||
import org.apache.polaris.core.entity.PolarisEntityType; | ||
|
||
public class PolicyEntity extends PolarisEntity { | ||
|
||
public static final String POLICY_TYPE_CODE_KEY = "policy-type-code"; | ||
public static final String POLICY_DESCRIPTION_KEY = "policy-description"; | ||
public static final String POLICY_VERSION_KEY = "policy-version"; | ||
public static final String POLICY_CONTENT_KEY = "policy-content"; | ||
|
||
PolicyEntity(PolarisBaseEntity sourceEntity) { | ||
super(sourceEntity); | ||
} | ||
|
||
public static PolicyEntity of(PolarisBaseEntity sourceEntity) { | ||
if (sourceEntity != null) { | ||
return new PolicyEntity(sourceEntity); | ||
} | ||
|
||
return null; | ||
} | ||
|
||
@JsonIgnore | ||
public PolicyType getPolicyType() { | ||
return PolicyType.fromCode(getPolicyTypeCode()); | ||
} | ||
|
||
@JsonIgnore | ||
public int getPolicyTypeCode() { | ||
Preconditions.checkArgument( | ||
getPropertiesAsMap().containsKey(POLICY_TYPE_CODE_KEY), | ||
"Invalid policy entity: policy type must exist"); | ||
String policyTypeCode = getPropertiesAsMap().get(POLICY_TYPE_CODE_KEY); | ||
return Integer.parseInt(policyTypeCode); | ||
} | ||
|
||
@JsonIgnore | ||
public String getDescription() { | ||
return getPropertiesAsMap().get(POLICY_DESCRIPTION_KEY); | ||
} | ||
|
||
@JsonIgnore | ||
public String getContent() { | ||
return getPropertiesAsMap().get(POLICY_CONTENT_KEY); | ||
} | ||
|
||
@JsonIgnore | ||
public int getPolicyVersion() { | ||
return Integer.parseInt(getPropertiesAsMap().get(POLICY_VERSION_KEY)); | ||
} | ||
|
||
public static class Builder extends PolarisEntity.BaseBuilder<PolicyEntity, Builder> { | ||
public Builder(Namespace namespace, String policyName, PolicyType policyType) { | ||
super(); | ||
setType(PolarisEntityType.POLICY); | ||
setParentNamespace(namespace); | ||
setName(policyName); | ||
setPolicyType(policyType); | ||
setPolicyVersion(0); | ||
} | ||
|
||
public Builder(PolicyEntity original) { | ||
super(original); | ||
} | ||
|
||
@Override | ||
public PolicyEntity build() { | ||
Preconditions.checkArgument( | ||
properties.containsKey(POLICY_TYPE_CODE_KEY), "Policy type must be specified"); | ||
|
||
return new PolicyEntity(buildBase()); | ||
} | ||
|
||
public Builder setParentNamespace(Namespace namespace) { | ||
if (namespace != null && !namespace.isEmpty()) { | ||
internalProperties.put( | ||
NamespaceEntity.PARENT_NAMESPACE_KEY, RESTUtil.encodeNamespace(namespace)); | ||
} | ||
return this; | ||
} | ||
|
||
public Builder setPolicyType(PolicyType policyType) { | ||
Preconditions.checkArgument(policyType != null, "Policy type must be specified"); | ||
properties.put(POLICY_TYPE_CODE_KEY, Integer.toString(policyType.getCode())); | ||
return this; | ||
} | ||
|
||
public Builder setDescription(String description) { | ||
properties.put(POLICY_DESCRIPTION_KEY, description); | ||
return this; | ||
} | ||
|
||
public Builder setPolicyVersion(int version) { | ||
properties.put(POLICY_VERSION_KEY, Integer.toString(version)); | ||
return this; | ||
} | ||
|
||
public Builder setContent(String content) { | ||
properties.put(POLICY_CONTENT_KEY, content); | ||
return this; | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.polaris.core.policy; | ||
|
||
import com.fasterxml.jackson.annotation.JsonCreator; | ||
import com.fasterxml.jackson.annotation.JsonValue; | ||
import jakarta.annotation.Nullable; | ||
|
||
/** | ||
* Represents a policy type in Polaris. A policy type defines a category of policies that may be | ||
* either predefined or custom (user-defined). | ||
* | ||
* <p>A policy type can be either inheritable or non-inheritable. Inheritable policies are passed | ||
* down to lower-level entities (e.g., from a namespace to a table). | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [doubt] may be a naive question, what stops these policies to inherited from namespace -> view ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Good question, I think that's a valid concern. Currently, our engine determines how policies are enforced, and the TMS service is focused solely on tables. That said, if we later find it necessary to restrict inheritance, we can extend the PolicyType to provide the functionality to limit the valid target types. cc @flyrain There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Thats true for enforcing part, but polaris here is acting as a policy store, which should make sure if such inheritence if they are un-intentional are blocked. So a call to get a TMS policy on view should return nothing. That being said it fine if we want address this later, considering presently the caller just wants TMS on tables and never on a view. |
||
*/ | ||
public interface PolicyType { | ||
|
||
/** | ||
* Retrieves the unique type code associated with this policy type. | ||
* | ||
* @return the type code of the policy type | ||
*/ | ||
@JsonValue | ||
int getCode(); | ||
|
||
/** | ||
* Retrieves the human-readable name of this policy type. | ||
* | ||
* @return the name of the policy type | ||
*/ | ||
String getName(); | ||
|
||
/** | ||
* Determines whether this policy type is inheritable. | ||
* | ||
* @return {@code true} if the policy type is inheritable, otherwise {@code false} | ||
*/ | ||
boolean isInheritable(); | ||
|
||
/** | ||
* Retrieves a {@link PolicyType} instance corresponding to the given type code. | ||
* | ||
* <p>This method searches for the policy type in predefined policy types. If a custom policy type | ||
* storage mechanism is implemented in the future, it may also check registered custom policy | ||
* types. | ||
* | ||
* @param code the type code of the policy type | ||
* @return the corresponding {@link PolicyType}, or {@code null} if no matching type is found | ||
*/ | ||
@JsonCreator | ||
static @Nullable PolicyType fromCode(int code) { | ||
return PredefinedPolicyTypes.fromCode(code); | ||
} | ||
|
||
/** | ||
* Retrieves a {@link PolicyType} instance corresponding to the given policy name. | ||
* | ||
* <p>This method searches for the policy type in predefined policy types. If a custom policy type | ||
* storage mechanism is implemented in the future, it may also check registered custom policy | ||
* types. | ||
* | ||
* @param name the name of the policy type | ||
* @return the corresponding {@link PolicyType}, or {@code null} if no matching type is found | ||
*/ | ||
static @Nullable PolicyType fromName(String name) { | ||
return PredefinedPolicyTypes.fromName(name); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.polaris.core.policy; | ||
|
||
import com.fasterxml.jackson.annotation.JsonCreator; | ||
import com.fasterxml.jackson.annotation.JsonValue; | ||
import com.google.common.collect.ImmutableMap; | ||
import jakarta.annotation.Nullable; | ||
|
||
/* Represents all predefined policy types in Polaris */ | ||
public enum PredefinedPolicyTypes implements PolicyType { | ||
DATA_COMPACTION(0, "system.data-compaction", true), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [doubt] I might be late to this, but why There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The prefix is to make it consistent with the path of the content schema of these policies, introduced in #969. |
||
METADATA_COMPACTION(1, "system.metadata-compaction", true), | ||
ORPHAN_FILE_REMOVAL(2, "system.orphan-file-removal", true), | ||
SNAPSHOT_RETENTION(3, "system.snapshot-retention", true); | ||
|
||
private final int code; | ||
private final String name; | ||
private final boolean isInheritable; | ||
private static final PredefinedPolicyTypes[] REVERSE_CODE_MAPPING_ARRAY; | ||
private static final ImmutableMap<String, PredefinedPolicyTypes> REVERSE_NAME_MAPPING_ARRAY; | ||
|
||
static { | ||
int maxId = 0; | ||
for (PredefinedPolicyTypes policyType : PredefinedPolicyTypes.values()) { | ||
if (maxId < policyType.code) { | ||
maxId = policyType.code; | ||
} | ||
} | ||
|
||
REVERSE_CODE_MAPPING_ARRAY = new PredefinedPolicyTypes[maxId + 1]; | ||
ImmutableMap.Builder<String, PredefinedPolicyTypes> builder = ImmutableMap.builder(); | ||
// populate both | ||
for (PredefinedPolicyTypes policyType : PredefinedPolicyTypes.values()) { | ||
REVERSE_CODE_MAPPING_ARRAY[policyType.code] = policyType; | ||
builder.put(policyType.name, policyType); | ||
} | ||
REVERSE_NAME_MAPPING_ARRAY = builder.build(); | ||
} | ||
|
||
PredefinedPolicyTypes(int code, String name, boolean isInheritable) { | ||
this.code = code; | ||
this.name = name; | ||
this.isInheritable = isInheritable; | ||
} | ||
|
||
/** {@inheritDoc} */ | ||
@Override | ||
@JsonValue | ||
public int getCode() { | ||
return code; | ||
} | ||
|
||
/** {@inheritDoc} */ | ||
@Override | ||
public String getName() { | ||
return name; | ||
} | ||
|
||
/** {@inheritDoc} */ | ||
@Override | ||
public boolean isInheritable() { | ||
return isInheritable; | ||
} | ||
|
||
/** | ||
* Retrieves a {@link PredefinedPolicyTypes} instance corresponding to the given type code. | ||
* | ||
* @param code the type code of the predefined policy type | ||
* @return the corresponding {@link PredefinedPolicyTypes}, or {@code null} if no matching type is | ||
* found | ||
*/ | ||
@JsonCreator | ||
public static @Nullable PredefinedPolicyTypes fromCode(int code) { | ||
if (code >= REVERSE_CODE_MAPPING_ARRAY.length) { | ||
return null; | ||
} | ||
|
||
return REVERSE_CODE_MAPPING_ARRAY[code]; | ||
} | ||
|
||
/** | ||
* Retrieves a {@link PredefinedPolicyTypes} instance corresponding to the given policy name. | ||
* | ||
* @param name the name of the predefined policy type | ||
* @return the corresponding {@link PredefinedPolicyTypes}, or {@code null} if no matching type is | ||
* found | ||
*/ | ||
public static @Nullable PredefinedPolicyTypes fromName(String name) { | ||
return REVERSE_NAME_MAPPING_ARRAY.get(name); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We will need policy type to be a top-level field instead of hidden in property map in the future, but it's fine now.