in polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/planning/AccessControlAwarePlanner.java [94:146]
public SynchronizationPlan<PrincipalRole> planAssignPrincipalsToPrincipalRolesSync(
String principalName,
List<PrincipalRole> assignedPrincipalRolesOnSource,
List<PrincipalRole> assignedPrincipalRolesOnTarget
) {
List<PrincipalRole> skippedRoles = new ArrayList<>();
List<PrincipalRole> filteredRolesSource = new ArrayList<>();
List<PrincipalRole> filteredRolesTarget = new ArrayList<>();
for (PrincipalRole role : assignedPrincipalRolesOnSource) {
// filter out assignment to omnipotent principal role
if (role.getProperties() != null
&& role.getProperties().containsKey(AccessControlConstants.OMNIPOTENCE_PROPERTY)) {
skippedRoles.add(role);
continue;
}
// filter out assignment to service admin
if (role.getName().equals("service_admin")) {
skippedRoles.add(role);
continue;
}
filteredRolesSource.add(role);
}
for (PrincipalRole role : assignedPrincipalRolesOnTarget) {
// filer out assignment to omnipotent principal role
if (role.getProperties() != null
&& role.getProperties().containsKey(AccessControlConstants.OMNIPOTENCE_PROPERTY)) {
skippedRoles.add(role);
continue;
}
// filter out assignment to service admin
if (role.getName().equals("service_admin")) {
skippedRoles.add(role);
continue;
}
filteredRolesTarget.add(role);
}
SynchronizationPlan<PrincipalRole> delegatedPlan =
this.delegate.planAssignPrincipalsToPrincipalRolesSync(
principalName, filteredRolesSource, filteredRolesTarget);
for (PrincipalRole role : skippedRoles) {
delegatedPlan.skipEntity(role);
}
return delegatedPlan;
}