in polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/PolarisSynchronizer.java [811:944]
private void syncGrants(String catalogName, String catalogRoleName) {
List<GrantResource> grantsSource;
try {
grantsSource = source.listGrants(catalogName, catalogRoleName);
clientLogger.info(
"Listed {} grants for catalog-role {} in catalog {} from source.",
grantsSource.size(),
catalogRoleName,
catalogName);
} catch (Exception e) {
if (haltOnFailure) throw e;
clientLogger.error(
"Failed to list grants for catalog-role {} in catalog {} from source.",
catalogRoleName,
catalogName,
e);
return;
}
List<GrantResource> grantsTarget;
try {
grantsTarget = target.listGrants(catalogName, catalogRoleName);
clientLogger.info(
"Listed {} grants for catalog-role {} in catalog {} from target.",
grantsTarget.size(),
catalogRoleName,
catalogName);
} catch (Exception e) {
if (haltOnFailure) throw e;
clientLogger.error(
"Failed to list grants for catalog-role {} in catalog {} from target.",
catalogRoleName,
catalogName,
e);
return;
}
SynchronizationPlan<GrantResource> grantSyncPlan =
syncPlanner.planGrantSync(catalogName, catalogRoleName, grantsSource, grantsTarget);
grantSyncPlan
.entitiesToSkip()
.forEach(
grant ->
clientLogger.info(
"Skipping addition of grant {} to catalog-role {} in catalog {}.",
grant.getType(),
catalogRoleName,
catalogName));
grantSyncPlan
.entitiesNotModified()
.forEach(
grant ->
clientLogger.info(
"Grant {} was already added to catalog-role {} in catalog {}. Skipping.",
grant.getType(),
catalogRoleName,
catalogName));
int syncsCompleted = 0;
int totalSyncsToComplete = totalSyncsToComplete(grantSyncPlan);
for (GrantResource grant : grantSyncPlan.entitiesToCreate()) {
try {
target.addGrant(catalogName, catalogRoleName, grant);
clientLogger.info(
"Added grant {} to catalog-role {} for catalog {}. - {}/{}",
grant.getType(),
catalogRoleName,
catalogName,
++syncsCompleted,
totalSyncsToComplete);
} catch (Exception e) {
if (haltOnFailure) throw e;
clientLogger.error(
"Failed to add grant {} to catalog-role {} for catalog {}. - {}/{}",
grant.getType(),
catalogRoleName,
catalogName,
++syncsCompleted,
totalSyncsToComplete,
e);
}
}
for (GrantResource grant : grantSyncPlan.entitiesToOverwrite()) {
try {
target.addGrant(catalogName, catalogRoleName, grant);
clientLogger.info(
"Added grant {} to catalog-role {} for catalog {}. - {}/{}",
grant.getType(),
catalogRoleName,
catalogName,
++syncsCompleted,
totalSyncsToComplete);
} catch (Exception e) {
if (haltOnFailure) throw e;
clientLogger.error(
"Failed to add grant {} to catalog-role {} for catalog {}. - {}/{}",
grant.getType(),
catalogRoleName,
catalogName,
++syncsCompleted,
totalSyncsToComplete,
e);
}
}
for (GrantResource grant : grantSyncPlan.entitiesToRemove()) {
try {
target.revokeGrant(catalogName, catalogRoleName, grant);
clientLogger.info(
"Revoked grant {} from catalog-role {} for catalog {}. - {}/{}",
grant.getType(),
catalogRoleName,
catalogName,
++syncsCompleted,
totalSyncsToComplete);
} catch (Exception e) {
if (haltOnFailure) throw e;
clientLogger.error(
"Failed to revoke grant {} from catalog-role {} for catalog {}. - {}/{}",
grant.getType(),
catalogRoleName,
catalogName,
++syncsCompleted,
totalSyncsToComplete,
e);
}
}
}