in polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/access/AccessControlService.java [62:90]
public PrincipalWithCredentials createOmnipotentPrincipal(boolean replace) {
List<Principal> principals = polaris.listPrincipals();
Principal omnipotentPrincipalPrototype =
new Principal()
.name(OMNIPOTENT_PRINCIPAL_NAME_PREFIX + System.currentTimeMillis())
.putPropertiesItem(
OMNIPOTENCE_PROPERTY, ""); // this property identifies the omnipotent principal
for (Principal principal : principals) {
if (principal.getProperties() != null
&& principal.getProperties().containsKey(OMNIPOTENCE_PROPERTY)) {
if (replace) {
// drop existing omnipotent principal in preparation for replacement
polaris.dropPrincipal(principal.getName());
} else {
// we cannot create another omnipotent principal and cannot replace the existing, fail
throw new IllegalStateException(
"Not permitted to replace existing omnipotent principal, but omnipotent "
+ "principal with property "
+ OMNIPOTENCE_PROPERTY
+ " already exists");
}
}
}
// existing principal with identifying property does not exist, create a new one
return polaris.createPrincipal(omnipotentPrincipalPrototype);
}