public void testPrivileges()

in polaris-core/src/testFixtures/java/org/apache/polaris/core/persistence/PolarisTestMetaStoreManager.java [2408:2488]

• 58 lines of code
• 1 McCabe index (conditional complexity)

  public void testPrivileges() {
    // create test catalog
    PolarisBaseEntity catalog = this.createTestCatalog("test");
    Assertions.assertThat(catalog).isNotNull();

    // get catalog role R1
    PolarisBaseEntity R1 =
        this.ensureExistsByName(List.of(catalog), PolarisEntityType.CATALOG_ROLE, "R1");

    // get principal role PR1
    PolarisBaseEntity PR1 = this.ensureExistsByName(null, PolarisEntityType.PRINCIPAL_ROLE, "PR1");

    // get principal P1
    PolarisBaseEntity P1 = this.ensureExistsByName(null, PolarisEntityType.PRINCIPAL, "P1");

    // test revoking usage on catalog/principal roles
    this.revokeToGrantee(catalog, R1, PR1, PolarisPrivilege.CATALOG_ROLE_USAGE);
    this.revokeToGrantee(null, PR1, P1, PolarisPrivilege.PRINCIPAL_ROLE_USAGE);

    // remove some privileges
    PolarisBaseEntity N1 =
        this.ensureExistsByName(List.of(catalog), PolarisEntityType.NAMESPACE, "N1");
    PolarisBaseEntity N1_N2 =
        this.ensureExistsByName(List.of(catalog, N1), PolarisEntityType.NAMESPACE, "N2");
    PolarisBaseEntity N5 =
        this.ensureExistsByName(List.of(catalog), PolarisEntityType.NAMESPACE, "N5");
    PolarisBaseEntity N5_N6 =
        this.ensureExistsByName(
            List.of(catalog, N5),
            PolarisEntityType.NAMESPACE,
            PolarisEntitySubType.ANY_SUBTYPE,
            "N6");
    PolarisBaseEntity N5_N6_T5 =
        this.ensureExistsByName(
            List.of(catalog, N5, N5_N6),
            PolarisEntityType.TABLE_LIKE,
            PolarisEntitySubType.ANY_SUBTYPE,
            "T5");

    // revoke grants
    this.revokePrivilege(R1, List.of(catalog, N1), N1_N2, PolarisPrivilege.TABLE_READ_DATA);

    // revoke priv from the catalog itself
    this.revokePrivilege(R1, List.of(catalog), catalog, PolarisPrivilege.VIEW_CREATE);

    // revoke privs from securables inside the catalog itself
    this.revokePrivilege(R1, List.of(catalog), N5, PolarisPrivilege.TABLE_LIST);
    this.revokePrivilege(R1, List.of(catalog, N5, N5_N6), N5_N6_T5, PolarisPrivilege.TABLE_DROP);

    // test with some entity ids which are prefixes of other entity ids
    PolarisBaseEntity PR900 =
        this.createEntity(
            null,
            PolarisEntityType.PRINCIPAL_ROLE,
            PolarisEntitySubType.NULL_SUBTYPE,
            "PR900",
            900L);
    PolarisBaseEntity PR9000 =
        this.createEntity(
            null,
            PolarisEntityType.PRINCIPAL_ROLE,
            PolarisEntitySubType.NULL_SUBTYPE,
            "PR9000",
            9000L);

    // assign catalog role to PR9000
    grantToGrantee(catalog, R1, PR9000, PolarisPrivilege.CATALOG_ROLE_USAGE);

    LoadGrantsResult loadGrantsResult =
        polarisMetaStoreManager.loadGrantsToGrantee(this.polarisCallContext, PR9000);
    this.validateLoadedGrants(loadGrantsResult, true);
    Assertions.assertThat(loadGrantsResult.getGrantRecords()).hasSize(1);
    Assertions.assertThat(loadGrantsResult.getGrantRecords().get(0).getSecurableCatalogId())
        .isEqualTo(R1.getCatalogId());
    Assertions.assertThat(loadGrantsResult.getGrantRecords().get(0).getSecurableId())
        .isEqualTo(R1.getId());

    loadGrantsResult = polarisMetaStoreManager.loadGrantsToGrantee(this.polarisCallContext, PR900);
    Assertions.assertThat(loadGrantsResult).isNotNull();
    Assertions.assertThat(loadGrantsResult.getGrantRecords()).hasSize(0);
  }