jarredhj0214 opened a new issue, #10804:
URL: https://github.com/apache/gravitino/issues/10804
### Describe the feature
## Background
When an external business system syncs a batch of users and roles into
Gravitino's authorization module and the imported data turns out to be
incorrect, there is no way to clean them up in bulk. Every entity must be
removed individually via a separate HTTP request, which is inefficient and
error-prone at scale.
## Current behavior
The existing REST endpoints in `UserOperations` and `RoleOperations` only
support single-entity removal via path parameters:
```
DELETE /api/metalakes/{metalake}/users/{user} // removes one user per call
DELETE /api/metalakes/{metalake}/roles/{role} // removes one role per call
```
To remove N entities, N sequential or parallel HTTP calls are required.
There is no batch endpoint.
## Proposed solution
Add bulk-remove endpoints for both users and roles. The request body pattern
already used in `UserAddRequest` / `RoleCreateRequest` (POST handlers) can be
followed for consistency.
**Bulk remove users:**
```http
DELETE /api/metalakes/{metalake}/users
Content-Type: application/json
{
"userNames": ["alice", "bob", "charlie"]
}
```
**Bulk remove roles:**
```http
DELETE /api/metalakes/{metalake}/roles
Content-Type: application/json
{
"roleNames": ["role_analyst", "role_viewer"]
}
```
**Suggested response** — mirrors the existing `RemoveResponse` /
`DropResponse` pattern but extended for partial results:
```json
{
"removed": ["alice", "bob"],
"failed": [{ "name": "charlie", "reason": "NoSuchUserException" }]
}
```
Authorization should reuse the existing permission expressions:
- Users: `METALAKE::OWNER || METALAKE::MANAGE_USERS`
- Roles: `METALAKE::OWNER || ROLE::OWNER`
The metalake-owner guard (checking whether a user is the metalake owner
before removal) that exists in the current single-delete path should also be
applied per-entity in the bulk path.
## Additional context
- Files to change: `UserOperations.java`, `RoleOperations.java`, and
corresponding DTO / dispatcher interfaces
- A matching Java SDK / Python client method would also be appreciated
- Gravitino version: (please fill in)
### Motivation
_No response_
### Describe the solution
_No response_
### Additional context
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
