in polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/planning/AccessControlAwarePlanner.java [42:91]
public SynchronizationPlan<Principal> planPrincipalSync(
List<Principal> principalsOnSource, List<Principal> principalsOnTarget) {
List<Principal> skippedPrincipals = new ArrayList<>();
List<Principal> filteredPrincipalsSource = new ArrayList<>();
List<Principal> filteredPrincipalsTarget = new ArrayList<>();
for (Principal principal : principalsOnSource) {
// if the principal is the omnipotent principal do not sync it to target
if (principal.getProperties() != null
&& principal.getProperties().containsKey(AccessControlConstants.OMNIPOTENCE_PROPERTY)) {
skippedPrincipals.add(principal);
continue;
}
// do not modify root principal
if (principal.getName().equals("root")) {
skippedPrincipals.add(principal);
continue;
}
filteredPrincipalsSource.add(principal);
}
for (Principal principal : principalsOnTarget) {
// if the principal is the omnipotent principal, ensure it is not modified
// on the target
if (principal.getProperties() != null
&& principal.getProperties().containsKey(AccessControlConstants.OMNIPOTENCE_PROPERTY)) {
skippedPrincipals.add(principal);
continue;
}
// do not modify root principal
if (principal.getName().equals("root")) {
skippedPrincipals.add(principal);
continue;
}
filteredPrincipalsTarget.add(principal);
}
SynchronizationPlan<Principal> delegatedPlan =
delegate.planPrincipalSync(filteredPrincipalsSource, filteredPrincipalsTarget);
for (Principal principal : skippedPrincipals) {
delegatedPlan.skipEntityAndSkipChildren(principal);
}
return delegatedPlan;
}