apache · RussellSpitzer · Aug 26, 2024 · Aug 8, 2024
@@ -80,7 +80,6 @@ public EnumMap<PolarisCredentialProperty, String> getSubscopedCreds(
     } catch (IOException e) {
       throw new RuntimeException("Unable to refresh GCP credentials", e);
     }
-    AccessToken sourceCredentialsAccessToken = this.sourceCredentials.getAccessToken();
 
     CredentialAccessBoundary accessBoundary =
         generateAccessBoundaryRules(

@@ -89,7 +89,7 @@ public void testValidateAccessToLocationsWithWildcard() {
               }
             },
             Clock.systemUTC());
-    try (CallContext cc =
+    try (CallContext ignored =
         CallContext.setCurrentContext(CallContext.of(() -> "realm", polarisCallContext))) {
       Map<String, Map<PolarisStorageActions, PolarisStorageIntegration.ValidationResult>> result =
           storage.validateAccessToLocations(

@@ -222,14 +222,13 @@ public void testCacheGenerateNewEntries() {
     int cacheSize = 0;
     // different catalog will generate new cache entries
     for (PolarisEntity entity : entityList) {
-      Map<String, String> res =
-          storageCredentialCache.getOrGenerateSubScopeCreds(
-              metaStoreManager,
-              callCtx,
-              entity,
-              true,
-              new HashSet<>(Arrays.asList("s3://bucket1/path", "s3://bucket2/path")),
-              new HashSet<>(Arrays.asList("s3://bucket/path")));
+      storageCredentialCache.getOrGenerateSubScopeCreds(
+          metaStoreManager,
+          callCtx,
+          entity,
+          true,
+          new HashSet<>(Arrays.asList("s3://bucket1/path", "s3://bucket2/path")),
+          new HashSet<>(Arrays.asList("s3://bucket/path")));
       Assertions.assertThat(storageCredentialCache.getEstimatedSize()).isEqualTo(++cacheSize);
     }
     // update the entity's storage config, since StorageConfig changed, cache will generate new

@@ -1573,9 +1573,9 @@ public List<PolarisEntity> listAssigneePrincipalRolesForCatalogRole(
         PolarisAuthorizableOperation.LIST_ASSIGNEE_PRINCIPAL_ROLES_FOR_CATALOG_ROLE;
     authorizeBasicCatalogRoleOperationOrThrow(op, catalogName, catalogRoleName);
 
-    PolarisEntity catalogEntity =
-        findCatalogByName(catalogName)
-            .orElseThrow(() -> new NotFoundException("Parent catalog %s not found", catalogName));
+    if (findCatalogByName(catalogName).isEmpty()) {
+      throw new NotFoundException("Parent catalog %s not found", catalogName);
+    }
     PolarisEntity catalogRoleEntity =
         findCatalogRoleByName(catalogName, catalogRoleName)
             .orElseThrow(() -> new NotFoundException("CatalogRole %s not found", catalogRoleName));
@@ -1703,9 +1703,9 @@ private boolean grantPrivilegeOnTableLikeToRole(
       TableIdentifier identifier,
       PolarisEntitySubType subType,
       PolarisPrivilege privilege) {
-    PolarisEntity catalogEntity =
-        findCatalogByName(catalogName)
-            .orElseThrow(() -> new NotFoundException("Parent catalog %s not found", catalogName));
+    if (findCatalogByName(catalogName).isEmpty()) {
+      throw new NotFoundException("Parent catalog %s not found", catalogName);
+    }
     PolarisEntity catalogRoleEntity =
         findCatalogRoleByName(catalogName, catalogRoleName)
             .orElseThrow(() -> new NotFoundException("CatalogRole %s not found", catalogRoleName));
@@ -1742,9 +1742,9 @@ private boolean revokePrivilegeOnTableLikeFromRole(
       TableIdentifier identifier,
       PolarisEntitySubType subType,
       PolarisPrivilege privilege) {
-    PolarisEntity catalogEntity =
-        findCatalogByName(catalogName)
-            .orElseThrow(() -> new NotFoundException("Parent catalog %s not found", catalogName));
+    if (findCatalogByName(catalogName).isEmpty()) {
+      throw new NotFoundException("Parent catalog %s not found", catalogName);
+    }
     PolarisEntity catalogRoleEntity =
         findCatalogRoleByName(catalogName, catalogRoleName)
             .orElseThrow(() -> new NotFoundException("CatalogRole %s not found", catalogRoleName));

@@ -33,7 +33,6 @@
 import java.util.function.Supplier;
 import org.apache.iceberg.BaseMetadataTable;
 import org.apache.iceberg.BaseTable;
-import org.apache.iceberg.BaseTransaction;
 import org.apache.iceberg.MetadataUpdate;
 import org.apache.iceberg.PartitionSpec;
 import org.apache.iceberg.SortOrder;
@@ -968,8 +967,6 @@ public void commitTransaction(CommitTransactionRequest commitTransactionRequest)
                   Transaction transaction =
                       Transactions.newTransaction(
                           change.identifier().toString(), ((BaseTable) table).operations());
-                  BaseTransaction.TransactionTable txTable =
-                      (BaseTransaction.TransactionTable) transaction.table();
                   CatalogHandlers.updateTable(baseCatalog, change.identifier(), change);
                   return transaction;
                 })

@@ -169,16 +169,16 @@ public static void setup(
 
   @AfterAll
   public static void deletePrincipalRole() {
-    try (Response deletePrResponse =
-        EXT.client()
-            .target(
-                String.format(
-                    "http://localhost:%d/api/management/v1/principal-roles/%s",
-                    EXT.getLocalPort(), PRINCIPAL_ROLE_NAME))
-            .request("application/json")
-            .header("Authorization", "Bearer " + userToken)
-            .header(REALM_PROPERTY_KEY, realm)
-            .delete()) {}
+    EXT.client()
+        .target(
+            String.format(
+                "http://localhost:%d/api/management/v1/principal-roles/%s",
+                EXT.getLocalPort(), PRINCIPAL_ROLE_NAME))
+        .request("application/json")
+        .header("Authorization", "Bearer " + userToken)
+        .header(REALM_PROPERTY_KEY, realm)
+        .delete()
+        .close();
   }
 
   /**

@@ -58,7 +58,6 @@
 import org.apache.polaris.core.entity.PrincipalRoleEntity;
 import org.apache.polaris.core.persistence.PolarisEntityManager;
 import org.apache.polaris.core.persistence.PolarisMetaStoreManager;
-import org.apache.polaris.core.persistence.PolarisTreeMapStore;
 import org.apache.polaris.core.persistence.resolver.PolarisResolutionManifest;
 import org.apache.polaris.core.storage.cache.StorageCredentialCache;
 import org.apache.polaris.service.catalog.BasePolarisCatalog;
@@ -145,7 +144,6 @@ public abstract class PolarisAuthzTestBase {
   @SuppressWarnings("unchecked")
   public void before() {
     PolarisDiagnostics diagServices = new PolarisDefaultDiagServiceImpl();
-    PolarisTreeMapStore backingStore = new PolarisTreeMapStore(diagServices);
     InMemoryPolarisMetaStoreManagerFactory managerFactory =
         new InMemoryPolarisMetaStoreManagerFactory();
     managerFactory.setStorageIntegrationProvider(

@@ -109,12 +109,10 @@ public void tearDown() {
     try (Response response = newRequest("http://localhost:%d/api/management/v1/catalogs").get()) {
       response.readEntity(Catalogs.class).getCatalogs().stream()
           .forEach(
-              catalog -> {
-                try (Response innerResponse =
-                    newRequest(
-                            "http://localhost:%d/api/management/v1/catalogs/" + catalog.getName())
-                        .delete()) {}
-              });
+              catalog ->
+                  newRequest("http://localhost:%d/api/management/v1/catalogs/" + catalog.getName())
+                      .delete()
+                      .close());
     }
     try (Response response = newRequest("http://localhost:%d/api/management/v1/principals").get()) {
       response.readEntity(Principals.class).getPrincipals().stream()
@@ -123,11 +121,10 @@ public void tearDown() {
                   !principal.getName().equals(PolarisEntityConstants.getRootPrincipalName()))
           .forEach(
               principal -> {
-                try (Response innerResponse =
-                    newRequest(
-                            "http://localhost:%d/api/management/v1/principals/"
-                                + principal.getName())
-                        .delete()) {}
+                newRequest(
+                        "http://localhost:%d/api/management/v1/principals/" + principal.getName())
+                    .delete()
+                    .close();
               });
     }
     try (Response response =
@@ -140,11 +137,11 @@ public void tearDown() {
                       .equals(PolarisEntityConstants.getNameOfPrincipalServiceAdminRole()))
           .forEach(
               principalRole -> {
-                try (Response innerResponse =
-                    newRequest(
-                            "http://localhost:%d/api/management/v1/principal-roles/"
-                                + principalRole.getName())
-                        .delete()) {}
+                newRequest(
+                        "http://localhost:%d/api/management/v1/principal-roles/"
+                            + principalRole.getName())
+                    .delete()
+                    .close();
               });
     }
   }
@@ -215,21 +212,6 @@ public void testListCatalogsUnauthorized() {
 
   @Test
   public void testCreateCatalog() {
-    AwsStorageConfigInfo awsConfigModel =
-        AwsStorageConfigInfo.builder()
-            .setRoleArn("arn:aws:iam::123456789012:role/my-role")
-            .setExternalId("externalId")
-            .setUserArn("userArn")
-            .setStorageType(StorageConfigInfo.StorageTypeEnum.S3)
-            .setAllowedLocations(List.of("s3://my-old-bucket/path/to/data"))
-            .build();
-    Catalog catalog =
-        PolarisCatalog.builder()
-            .setType(Catalog.TypeEnum.INTERNAL)
-            .setName("my-catalog")
-            .setProperties(new CatalogProperties("s3://my-bucket/path/to/data"))
-            .setStorageConfigInfo(awsConfigModel)
-            .build();
     try (Response response =
         newRequest("http://localhost:%d/api/management/v1/catalogs")
             .post(

@@ -559,7 +559,6 @@ public void testCreateTableDirectAllSufficientPrivileges() {
 
   @Test
   public void testCreateTableDirectInsufficientPermissions() {
-    final TableIdentifier newtable = TableIdentifier.of(NS2, "newtable");
     final CreateTableRequest createRequest =
         CreateTableRequest.builder().withName("newtable").withSchema(SCHEMA).build();
 
@@ -792,7 +791,6 @@ public void testRegisterTableInsufficientPermissions() {
     // To get a handy metadata file we can use one from another table.
     final String metadataLocation = newWrapper().loadTable(TABLE_NS1_1, "all").metadataLocation();
 
-    final TableIdentifier newtable = TableIdentifier.of(NS2, "newtable");
     final RegisterTableRequest registerRequest =
         new RegisterTableRequest() {
           @Override
@@ -1345,8 +1343,6 @@ public void testCreateViewAllSufficientPrivileges() {
 
   @Test
   public void testCreateViewInsufficientPermissions() {
-    final TableIdentifier newview = TableIdentifier.of(NS2, "newview");
-
     final CreateViewRequest createRequest =
         ImmutableCreateViewRequest.builder()
             .name("newview")

@@ -232,7 +232,7 @@ public void before(
                 assertThat(response)
                     .returns(Response.Status.OK.getStatusCode(), Response::getStatus);
                 CatalogRole catalogRole = response.readEntity(CatalogRole.class);
-                try (Response assignResponse =
+                try (Response ignore =
                     EXT.client()
                         .target(
                             String.format(

@@ -183,29 +183,29 @@ public void afterAll(ExtensionContext extensionContext) throws Exception {
             adminSecrets.getMainSecret(),
             realm);
 
-    try (Response deletePrResponse =
-        dropwizard
-            .client()
-            .target(
-                String.format(
-                    "http://localhost:%d/api/management/v1/principal-roles/%s",
-                    dropwizard.getLocalPort(), "catalog-admin"))
-            .request("application/json")
-            .header("Authorization", "Bearer " + userToken)
-            .header(REALM_PROPERTY_KEY, realm)
-            .delete()) {}
-
-    try (Response deleteResponse =
-        dropwizard
-            .client()
-            .target(
-                String.format(
-                    "http://localhost:%d/api/management/v1/principals/%s",
-                    dropwizard.getLocalPort(), "snowman"))
-            .request("application/json")
-            .header("Authorization", "Bearer " + userToken)
-            .header(REALM_PROPERTY_KEY, realm)
-            .delete()) {}
+    dropwizard
+        .client()
+        .target(
+            String.format(
+                "http://localhost:%d/api/management/v1/principal-roles/%s",
+                dropwizard.getLocalPort(), "catalog-admin"))
+        .request("application/json")
+        .header("Authorization", "Bearer " + userToken)
+        .header(REALM_PROPERTY_KEY, realm)
+        .delete()
+        .close();
+
+    dropwizard
+        .client()
+        .target(
+            String.format(
+                "http://localhost:%d/api/management/v1/principals/%s",
+                dropwizard.getLocalPort(), "snowman"))
+        .request("application/json")
+        .header("Authorization", "Bearer " + userToken)
+        .header(REALM_PROPERTY_KEY, realm)
+        .delete()
+        .close();
   }
 
   // FIXME - this would be better done with a Credentials-specific annotation processor so