yuqi1129 opened a new pull request, #10774: URL: https://github.com/apache/gravitino/pull/10774
### What changes were proposed in this pull request? - Add `securable_objects_version` column to `role_meta` table (default 0, bumped on every securable-object grant/revoke) - Add `role_grants_version` column to `user_meta` and `group_meta` tables (default 0, bumped on every role grant/revoke) - Add typed mapper projections: `UserVersionInfoPO`, `RoleVersionInfoPO`, `OwnerRelInfoPO` - Add mapper queries: `getUserVersionInfo`, `batchGetSecurableObjectsVersions`, `selectOwnerByMetadataObjectId` - Update DDL scripts (MySQL, H2, PostgreSQL) and schema upgrade scripts (1.2.0 → 1.3.0) ### Why are the changes needed? These schema changes are the foundation for a version-validated authorization cache (follow-up PRs #10771 and #10772). Instead of evicting cache entries based on TTL, the cache compares stored version numbers against DB values to detect staleness on every access, improving security correctness. Fix: #10770 ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Existing mapper unit tests and service tests continue to pass. New mapper methods are exercised by the integration tests in the follow-up PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
