yuqi1129 opened a new pull request, #10796:
URL: https://github.com/apache/gravitino/pull/10796
## What changes were proposed in this pull request?
- Changes `loadedRoles` from `Cache<Long, Boolean>` to `GravitinoCache<Long,
Long>` (stores `updated_at` timestamp for version-validated strong consistency)
- Removes Caffeine removal listener from `loadedRoles`; moves enforcer role
cleanup directly into `handleRolePrivilegeChange`
- Fixes double `MetadataIdConverter.getID()` call in `isOwner()` (was
invoked redundantly before and after `getUserEntity`)
- Wires `ownerRelCache` as the primary owner lookup in `isOwner()`, with
fallback to the legacy TTL `ownerRel` cache; populates both caches in
`loadOwnerPolicy()`
- Adds `loadedRoles.close()` in `close()`
- Adds write-path `touchUpdatedAt` hooks:
- `RoleMetaService.updateRole` — bumps `updated_at` on privilege
grant/revoke
- `UserMetaService.updateUser` — bumps `updated_at` on role assign/revoke
- `GroupMetaService.updateGroup` — bumps `updated_at` on role assign/revoke
Builds on: #10795
## Why are the changes needed?
Completes the version-validated auth cache design: the `updated_at`
timestamp stored in `loadedRoles` will be compared against the DB value on
future requests to avoid unnecessary enforcer reloads. The write-path hooks
ensure the version counter advances on every privilege mutation.
## Does this PR introduce _any_ user-facing changes?
No.
## How was this patch tested?
- [ ] `./gradlew :core:test :server-common:test -PskipITs`
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
