Merge branch 'main' of github.com:datastrato/graviton into issue_6570

Author: yuqi1129

core/src/main/java/org/apache/gravitino/authorization/AccessControlManager.java

@@ -25,6 +25,7 @@
 import org.apache.gravitino.Configs;
 import org.apache.gravitino.EntityStore;
 import org.apache.gravitino.MetadataObject;
+import org.apache.gravitino.NameIdentifier;
 import org.apache.gravitino.exceptions.GroupAlreadyExistsException;
 import org.apache.gravitino.exceptions.IllegalRoleException;
 import org.apache.gravitino.exceptions.NoSuchGroupException;
@@ -34,7 +35,10 @@
 import org.apache.gravitino.exceptions.NoSuchUserException;
 import org.apache.gravitino.exceptions.RoleAlreadyExistsException;
 import org.apache.gravitino.exceptions.UserAlreadyExistsException;
+import org.apache.gravitino.lock.LockType;
+import org.apache.gravitino.lock.TreeLockUtils;
 import org.apache.gravitino.storage.IdGenerator;
+import org.apache.gravitino.utils.MetadataObjectUtil;
 
 /**
  * AccessControlManager is used for manage users, roles, grant information, this class is an
@@ -57,78 +61,120 @@ public AccessControlManager(EntityStore store, IdGenerator idGenerator, Config c
   @Override
   public User addUser(String metalake, String user)
       throws UserAlreadyExistsException, NoSuchMetalakeException {
-    return userGroupManager.addUser(metalake, user);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofUserNamespace(metalake).levels()),
+        LockType.WRITE,
+        () -> userGroupManager.addUser(metalake, user));
   }
 
   @Override
   public boolean removeUser(String metalake, String user) throws NoSuchMetalakeException {
-    return userGroupManager.removeUser(metalake, user);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofUserNamespace(metalake).levels()),
+        LockType.WRITE,
+        () -> userGroupManager.removeUser(metalake, user));
   }
 
   @Override
   public User getUser(String metalake, String user)
       throws NoSuchUserException, NoSuchMetalakeException {
-    return userGroupManager.getUser(metalake, user);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofUser(metalake, user),
+        LockType.READ,
+        () -> userGroupManager.getUser(metalake, user));
   }
 
   @Override
   public String[] listUserNames(String metalake) throws NoSuchMetalakeException {
-    return userGroupManager.listUserNames(metalake);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofUserNamespace(metalake).levels()),
+        LockType.READ,
+        () -> userGroupManager.listUserNames(metalake));
   }
 
   @Override
   public User[] listUsers(String metalake) throws NoSuchMetalakeException {
-    return userGroupManager.listUsers(metalake);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofUserNamespace(metalake).levels()),
+        LockType.READ,
+        () -> userGroupManager.listUsers(metalake));
   }
 
   public Group addGroup(String metalake, String group)
       throws GroupAlreadyExistsException, NoSuchMetalakeException {
-    return userGroupManager.addGroup(metalake, group);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofGroupNamespace(metalake).levels()),
+        LockType.WRITE,
+        () -> userGroupManager.addGroup(metalake, group));
   }
 
   @Override
   public boolean removeGroup(String metalake, String group) throws NoSuchMetalakeException {
-    return userGroupManager.removeGroup(metalake, group);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofGroupNamespace(metalake).levels()),
+        LockType.WRITE,
+        () -> userGroupManager.removeGroup(metalake, group));
   }
 
   @Override
   public Group getGroup(String metalake, String group)
       throws NoSuchGroupException, NoSuchMetalakeException {
-    return userGroupManager.getGroup(metalake, group);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofGroup(metalake, group),
+        LockType.READ,
+        () -> userGroupManager.getGroup(metalake, group));
   }
 
   @Override
   public Group[] listGroups(String metalake) throws NoSuchMetalakeException {
-    return userGroupManager.listGroups(metalake);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofGroupNamespace(metalake).levels()),
+        LockType.READ,
+        () -> userGroupManager.listGroups(metalake));
   }
 
   @Override
   public String[] listGroupNames(String metalake) throws NoSuchMetalakeException {
-    return userGroupManager.listGroupNames(metalake);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofGroupNamespace(metalake).levels()),
+        LockType.READ,
+        () -> userGroupManager.listGroupNames(metalake));
   }
 
   @Override
   public User grantRolesToUser(String metalake, List<String> roles, String user)
       throws NoSuchUserException, IllegalRoleException, NoSuchMetalakeException {
-    return permissionManager.grantRolesToUser(metalake, roles, user);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofUser(metalake, user),
+        LockType.WRITE,
+        () -> permissionManager.grantRolesToUser(metalake, roles, user));
   }
 
   @Override
   public Group grantRolesToGroup(String metalake, List<String> roles, String group)
       throws NoSuchGroupException, IllegalRoleException, NoSuchMetalakeException {
-    return permissionManager.grantRolesToGroup(metalake, roles, group);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofGroup(metalake, group),
+        LockType.WRITE,
+        () -> permissionManager.grantRolesToGroup(metalake, roles, group));
   }
 
   @Override
   public Group revokeRolesFromGroup(String metalake, List<String> roles, String group)
       throws NoSuchGroupException, IllegalRoleException, NoSuchMetalakeException {
-    return permissionManager.revokeRolesFromGroup(metalake, roles, group);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofGroup(metalake, group),
+        LockType.WRITE,
+        () -> permissionManager.revokeRolesFromGroup(metalake, roles, group));
   }
 
   @Override
   public User revokeRolesFromUser(String metalake, List<String> roles, String user)
       throws NoSuchUserException, IllegalRoleException, NoSuchMetalakeException {
-    return permissionManager.revokeRolesFromUser(metalake, roles, user);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofUser(metalake, user),
+        LockType.WRITE,
+        () -> permissionManager.revokeRolesFromUser(metalake, roles, user));
   }
 
   @Override
@@ -143,42 +189,62 @@ public Role createRole(
       Map<String, String> properties,
       List<SecurableObject> securableObjects)
       throws RoleAlreadyExistsException, NoSuchMetalakeException {
-    return roleManager.createRole(metalake, role, properties, securableObjects);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofRoleNamespace(metalake).levels()),
+        LockType.WRITE,
+        () -> roleManager.createRole(metalake, role, properties, securableObjects));
   }
 
   @Override
   public Role getRole(String metalake, String role)
       throws NoSuchRoleException, NoSuchMetalakeException {
-    return roleManager.getRole(metalake, role);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofRole(metalake, role),
+        LockType.READ,
+        () -> roleManager.getRole(metalake, role));
   }
 
   @Override
   public boolean deleteRole(String metalake, String role) throws NoSuchMetalakeException {
-    return roleManager.deleteRole(metalake, role);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofRoleNamespace(metalake).levels()),
+        LockType.WRITE,
+        () -> roleManager.deleteRole(metalake, role));
   }
 
   @Override
   public String[] listRoleNames(String metalake) throws NoSuchMetalakeException {
-    return roleManager.listRoleNames(metalake);
+    return TreeLockUtils.doWithTreeLock(
+        NameIdentifier.of(AuthorizationUtils.ofRoleNamespace(metalake).levels()),
+        LockType.READ,
+        () -> roleManager.listRoleNames(metalake));
   }
 
   @Override
   public String[] listRoleNamesByObject(String metalake, MetadataObject object)
       throws NoSuchMetalakeException, NoSuchMetadataObjectException {
-    return roleManager.listRoleNamesByObject(metalake, object);
+    NameIdentifier identifier = MetadataObjectUtil.toEntityIdent(metalake, object);
+    return TreeLockUtils.doWithTreeLock(
+        identifier, LockType.READ, () -> roleManager.listRoleNamesByObject(metalake, object));
   }
 
   @Override
   public Role grantPrivilegeToRole(
       String metalake, String role, MetadataObject object, Set<Privilege> privileges)
       throws NoSuchRoleException, NoSuchMetalakeException {
-    return permissionManager.grantPrivilegesToRole(metalake, role, object, privileges);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofRole(metalake, role),
+        LockType.WRITE,
+        () -> permissionManager.grantPrivilegesToRole(metalake, role, object, privileges));
   }
 
   @Override
   public Role revokePrivilegesFromRole(
       String metalake, String role, MetadataObject object, Set<Privilege> privileges)
       throws NoSuchRoleException, NoSuchMetalakeException {
-    return permissionManager.revokePrivilegesFromRole(metalake, role, object, privileges);
+    return TreeLockUtils.doWithTreeLock(
+        AuthorizationUtils.ofRole(metalake, role),
+        LockType.WRITE,
+        () -> permissionManager.revokePrivilegesFromRole(metalake, role, object, privileges));
   }
 }

core/src/main/java/org/apache/gravitino/authorization/OwnerManager.java

@@ -60,12 +60,12 @@ public OwnerManager(EntityStore store) {
 
   public void setOwner(
       String metalake, MetadataObject metadataObject, String ownerName, Owner.Type ownerType) {
+
+    NameIdentifier objectIdent = MetadataObjectUtil.toEntityIdent(metalake, metadataObject);
     try {
       Optional<Owner> originOwner = getOwner(metalake, metadataObject);
 
-      NameIdentifier objectIdent = MetadataObjectUtil.toEntityIdent(metalake, metadataObject);
       OwnerImpl newOwner = new OwnerImpl();
-
       if (ownerType == Owner.Type.USER) {
         NameIdentifier ownerIdent = AuthorizationUtils.ofUser(metalake, ownerName);
         TreeLockUtils.doWithTreeLock(
@@ -129,16 +129,20 @@ public void setOwner(
   }
 
   public Optional<Owner> getOwner(String metalake, MetadataObject metadataObject) {
+    NameIdentifier ident = MetadataObjectUtil.toEntityIdent(metalake, metadataObject);
+    OwnerImpl owner = new OwnerImpl();
     try {
-      OwnerImpl owner = new OwnerImpl();
-      NameIdentifier ident = MetadataObjectUtil.toEntityIdent(metalake, metadataObject);
       List<? extends Entity> entities =
-          store
-              .relationOperations()
-              .listEntitiesByRelation(
-                  SupportsRelationOperations.Type.OWNER_REL,
-                  ident,
-                  MetadataObjectUtil.toEntityType(metadataObject));
+          TreeLockUtils.doWithTreeLock(
+              ident,
+              LockType.READ,
+              () ->
+                  store
+                      .relationOperations()
+                      .listEntitiesByRelation(
+                          SupportsRelationOperations.Type.OWNER_REL,
+                          ident,
+                          MetadataObjectUtil.toEntityType(metadataObject)));
 
       if (entities.isEmpty()) {
         return Optional.empty();

core/src/main/java/org/apache/gravitino/authorization/PermissionManager.java

@@ -39,6 +39,8 @@
 import org.apache.gravitino.exceptions.NoSuchGroupException;
 import org.apache.gravitino.exceptions.NoSuchRoleException;
 import org.apache.gravitino.exceptions.NoSuchUserException;
+import org.apache.gravitino.lock.LockType;
+import org.apache.gravitino.lock.TreeLockUtils;
 import org.apache.gravitino.meta.AuditInfo;
 import org.apache.gravitino.meta.GroupEntity;
 import org.apache.gravitino.meta.RoleEntity;
@@ -67,7 +69,10 @@ User grantRolesToUser(String metalake, List<String> roles, String user) {
     try {
       List<RoleEntity> roleEntitiesToGrant = Lists.newArrayList();
       for (String role : roles) {
-        roleEntitiesToGrant.add(roleManager.getRole(metalake, role));
+        TreeLockUtils.doWithTreeLock(
+            AuthorizationUtils.ofRole(metalake, role),
+            LockType.READ,
+            () -> roleEntitiesToGrant.add(roleManager.getRole(metalake, role)));
       }
 
       User updatedUser =
@@ -153,7 +158,10 @@ Group grantRolesToGroup(String metalake, List<String> roles, String group) {
     try {
       List<RoleEntity> roleEntitiesToGrant = Lists.newArrayList();
       for (String role : roles) {
-        roleEntitiesToGrant.add(roleManager.getRole(metalake, role));
+        TreeLockUtils.doWithTreeLock(
+            AuthorizationUtils.ofRole(metalake, role),
+            LockType.READ,
+            () -> roleEntitiesToGrant.add(roleManager.getRole(metalake, role)));
       }
 
       Group updatedGroup =
@@ -239,7 +247,10 @@ Group revokeRolesFromGroup(String metalake, List<String> roles, String group) {
     try {
       List<RoleEntity> roleEntitiesToRevoke = Lists.newArrayList();
       for (String role : roles) {
-        roleEntitiesToRevoke.add(roleManager.getRole(metalake, role));
+        TreeLockUtils.doWithTreeLock(
+            AuthorizationUtils.ofRole(metalake, role),
+            LockType.READ,
+            () -> roleEntitiesToRevoke.add(roleManager.getRole(metalake, role)));
       }
 
       Group updatedGroup =
@@ -325,7 +336,10 @@ User revokeRolesFromUser(String metalake, List<String> roles, String user) {
     try {
       List<RoleEntity> roleEntitiesToRevoke = Lists.newArrayList();
       for (String role : roles) {
-        roleEntitiesToRevoke.add(roleManager.getRole(metalake, role));
+        TreeLockUtils.doWithTreeLock(
+            AuthorizationUtils.ofRole(metalake, role),
+            LockType.READ,
+            () -> roleEntitiesToRevoke.add(roleManager.getRole(metalake, role)));
       }
 
       User updatedUser =