in polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/access/AccessControlService.java [166:194]
public CatalogRole createAndAssignCatalogRole(
String catalogName, PrincipalRole omnipotentPrincipalRole, boolean replace) {
List<CatalogRole> catalogRoles = polaris.listCatalogRoles(catalogName);
for (CatalogRole catalogRole : catalogRoles) {
if (catalogRole.getProperties() != null
&& catalogRole.getProperties().containsKey(OMNIPOTENCE_PROPERTY)) {
if (replace) {
polaris.dropCatalogRole(catalogName, catalogRole.getName());
} else {
throw new IllegalStateException(
"Not permitted to replace existing omnipotent catalog role for catalog "
+ catalogName
+ ", but omnipotent principal with property "
+ OMNIPOTENCE_PROPERTY
+ " already exists");
}
}
}
CatalogRole omnipotentCatalogRole =
new CatalogRole()
.name(omnipotentPrincipalRole.getName())
.putPropertiesItem(OMNIPOTENCE_PROPERTY, "");
polaris.createCatalogRole(catalogName, omnipotentCatalogRole);
polaris.assignCatalogRole(omnipotentPrincipalRole.getName(), catalogName, omnipotentCatalogRole.getName());
return omnipotentCatalogRole;
}