Add findPrincipalById helper #2810
Conversation
12d7889 to
3fb8c4c
Compare
| return findPrincipalByName(polarisCallContext, PolarisEntityConstants.getRootPrincipalName()); | ||
| } | ||
|
|
||
| default Optional<PrincipalEntity> findPrincipalById( |
There was a problem hiding this comment.
Having this helper method in principle SGTM. However, given that PolarisMetaStoreManager is one of the main plugin / integrations points, I'm not sure about expanding its API surface with one more method.
There was a problem hiding this comment.
why do you think its expanding the API surface?
its implementation is just reusing existing methods but encodes more information about the proper way to use them and about the type of entity they will return.
also simplifying code around "exception" handling.
these defaults methods probably never need to be re-implemented by actual classes.
There was a problem hiding this comment.
It gives callers two options: 1) use the old method 2) use the helper methods... In my mind that expands the API.
I'm thinking that adding methods like this is probably an indication that we may need to rework the interface as a whole.
This is more of a point for thinking about, not an objection, really.
dimas-b
left a comment
There was a problem hiding this comment.
Code change LGTM 👍
Given that we already have other find* method in the metastore manager interface, this PR is probably fine to merge.
In general, I think we need to resume work on untangling different API concerns currently mixed in PolarisMetaStoreManager.
in what way is looking up a principal a different api concern in this case? |
Principal is an Entity, but has dedicated access methods that are not applicable to other entities. |
| PrincipalEntity newPrincipal = | ||
| metaStoreManager | ||
| .findPrincipalById(getCurrentPolarisContext(), currentPrincipalEntity.getId()) | ||
| .orElseThrow(); |
There was a problem hiding this comment.
Are we supposed to throw here? If yes, can we make the error message a bit more specific?
No value present --> Failed to find the principal by id: {}
There was a problem hiding this comment.
ok i've added a commit to provide a more detailed error message.
however looking at the code in the beginning we do:
PrincipalEntity currentPrincipalEntity = getPrincipalByName(resolutionManifest, principalName);
which would fail hard if the principal did not exist.
and then in rotatePrincipalSecrets we are updating the principal behind currentPrincipalEntity.getId().
so we can be quite sure that another call to findPrincipalById will return a non-empty result.
only if someone externally was dropping the principal with precise timing could we hit this scenario and the old code would have resulted in an NPE in this case.
on that note, seems like all callers of rotatePrincipalSecrets are looking up the updated principal afterwards... makes me wonder whether the method should just return it directly (it loads it already internally).
this simplifies frequent usage of the lower level `loadEntity` api (similar to the existing `findPrincipalByName` helper)
3fb8c4c to
a6710d4
Compare
* Update Quarkus Platform and Group to v3.28.4 (apache#2786) * Update dependency org.testcontainers:testcontainers-bom to v2.0.1 (apache#2830) * Build/polaris-core: Remove outdated `constraint`s (apache#2818) The `:polaris-core` build scripts contains (soft) version-constraints for some dependencies with a vague reason "Vulnerability detected in ..." (concrete CVE/reason not mentioned) referencing specific dependency versions. The mentioned versions are all quite outdated, some are even not transitively referenced. Hence, removing those constraings, as those seem no longer relevant. Effective dependency versions can be inspected via `./gradlew :polaris-core:dependencies --configuration runtimeClasspath`. * Add Community Meetings for 2025-10-02 and 2025-10-16 (apache#2832) * Update docker.io/prom/prometheus Docker tag to v3.7.1 (apache#2834) * testcontainers v2: tackle deprecation warnings (apache#2835) * Add findPrincipalById helper (apache#2810) * Add findPrincipalById helper this simplifies frequent usage of the lower level `loadEntity` api (similar to the existing `findPrincipalByName` helper) * [Python] Add more tests cases for policy CLI (apache#2831) * Update dependency software.amazon.awssdk:bom to v2.35.10 (apache#2840) * Update dependency ch.qos.logback:logback-classic to v1.5.20 (apache#2839) * Reproducible builds: make parent pom content reproducible (apache#2826) The parent pom contains the `<developer>` and `<contributor>` elements. The former is populated from ASF people information including role information (champion, mentor, chair, (P)PMC member, committer). The latter is retrieved from a GitHub API endpoint, ordered by number contributions. Especially the latter list is prone to vary between builds, which makes the parent pom not reproducible as the locally built one is likely different from the one that was built by the release managed (staged artifact). This change removes both lists, leaving a single static `<developer>` entry pointing to `https://polaris.apache.org/community/`. Related build-script code has been updated and no longer retrieves people information. * Log root cause exceptions in mappers (apache#2837) Fix `IcebergExceptionMapper` and `PolarisExceptionMapper` to pass exceptions as "cause" to the logger (as opposed to unreferenced log parameters). * Remove credential flag from `StorageAccessProperty.CLIENT_REGION` (apache#2838) `CLIENT_REGION` is not a credential value, which is in line with Iceberg's `VendedCredentialsProvider` code. Cf. apache/iceberg#11389 * CI: Let all workflows use GitHub's docker.io mirror (apache#2841) * Correct template rendering for authentication options (apache#2808) * Correct template rendering for authentication options * Added tpl back * Increase javadoc visibility in `:polaris-async-vertx` (apache#2745) This is to fix javadoc error: `No public or protected classes found to document` * Update slack invite url (apache#2846) * Remove unused ConcurrentLinkedQueueWithApproximateSize (apache#2849) * Merge AwsCloudWatchConfiguration and QuarkusAwsCloudWatchConfiguration (apache#2848) For some reason, these two classes weren't properly merged when the runtime-service and service-common modules were merged. This PR fixes that. This PR also adds some examples of AWS Cloud Watch configuration to the default application.properties file. * Move TestPolarisEventListener to test fixtures (apache#2850) * Update dependency com.google.cloud:google-cloud-storage-bom to v2.59.0 (apache#2857) * Update actions/stale digest to e46bbab (apache#2856) * Servcie: Remove a duplicated config (apache#2854) * Update docker.io/prom/prometheus Docker tag to v3.7.2 (apache#2858) * Update Quarkus Platform and Group to v3.28.5 (apache#2859) * Update dependency com.google.errorprone:error_prone_core to v2.43.0 (apache#2860) * Add --no-sts to CLI (apache#2855) * Add --no-sts to CLI Following up on apache#2672, add new `--no-sts` option to CLI to allow configuring `stsUnavailable` in `AwsStorageConfigInfo` * Use AccessConfigProvider.getAccessConfig in DefaultFileIOFactory (apache#2852) * CLI: Remove the trailing comma (apache#2863) * Update dependency pip-licenses-cli to v3 (apache#2842) * Update dependency pip-licenses-cli to v3 * Update pip-licenses-cli version format * Fix pip-licenses-cli version specification --------- Co-authored-by: Yong Zheng <yongzheng0809@gmail.com> * Update quay.io/keycloak/keycloak Docker tag to v26.4.2 (apache#2868) * Bump main to 1.3.0-SNAPSHOT (apache#2870) * Add properties from TableMetadata into Table entity internalProperties (apache#2735) * Add properties from TableMetadata into Table entity internalProperties * Made table properties constants and pulled out static utility method * Update dependency io.smallrye:jandex to v3.5.1 (apache#2872) * Fix exec flags on getting-started scripts (apache#2878) * Add `+x` to script source files * Remove (unnecessary) `chmod` from docs * Update plugin jcstress to v0.9.0 (apache#2882) * Update registry.access.redhat.com/ubi9/openjdk-21-runtime Docker tag to v1.23-6.1761164966 (apache#2874) * Update dependency openapi-generator-cli to v7.16.0 (apache#2703) * Update Gradle to v9 (apache#2226) * Update Gradle to v9 * adopt gradlew --------- Co-authored-by: Robert Stupp <snazy@snazy.de> * Last merged commit 7892540 --------- Co-authored-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: JB Onofré <jbonofre@apache.org> Co-authored-by: Christopher Lambert <xn137@gmx.de> Co-authored-by: Nuoya Jiang <98131931+NuoyaJiang@users.noreply.github.com> Co-authored-by: Dmitri Bourlatchkov <dmitri.bourlatchkov@gmail.com> Co-authored-by: Yong Zheng <yongzheng0809@gmail.com> Co-authored-by: Honah (Jonas) J. <honahx@apache.org> Co-authored-by: Alexandre Dutra <adutra@apache.org> Co-authored-by: Yufei Gu <yufei@apache.org> Co-authored-by: Nuoya Jiang <98131931+CodingBangboo@users.noreply.github.com> Co-authored-by: Michael Collado <40346148+collado-mike@users.noreply.github.com>
this simplifies frequent usage of the lower level
loadEntityapi (similar to theexisting
findPrincipalByNamehelper)