refactor

Author: singhpk234

persistence/relational-jdbc/src/main/java/org/apache/polaris/persistence/relational/jdbc/DatasourceOperations.java

@@ -143,8 +143,8 @@ public <T> void executeSelectOverStream(
     withRetries(
         () -> {
           try (Connection connection = borrowConnection();
-              PreparedStatement statement = connection.prepareStatement(query.getSql())) {
-            List<Object> params = query.getParameters();
+              PreparedStatement statement = connection.prepareStatement(query.sql())) {
+            List<Object> params = query.parameters();
             for (int i = 0; i < params.size(); i++) {
               statement.setObject(i + 1, params.get(i));
             }
@@ -168,9 +168,8 @@ public int executeUpdate(QueryGenerator.PreparedQuery preparedQuery) throws SQLE
     return withRetries(
         () -> {
           try (Connection connection = borrowConnection();
-              PreparedStatement statement = connection.prepareStatement(preparedQuery.getSql())) {
-
-            List<Object> params = preparedQuery.getParameters();
+              PreparedStatement statement = connection.prepareStatement(preparedQuery.sql())) {
+            List<Object> params = preparedQuery.parameters();
             for (int i = 0; i < params.size(); i++) {
               statement.setObject(i + 1, params.get(i));
             }
@@ -218,8 +217,8 @@ public void runWithinTransaction(TransactionCallback callback) throws SQLExcepti
 
   public Integer execute(Connection connection, QueryGenerator.PreparedQuery preparedQuery)
       throws SQLException {
-    try (PreparedStatement statement = connection.prepareStatement(preparedQuery.getSql())) {
-      List<Object> params = preparedQuery.getParameters();
+    try (PreparedStatement statement = connection.prepareStatement(preparedQuery.sql())) {
+      List<Object> params = preparedQuery.parameters();
       for (int i = 0; i < params.size(); i++) {
         statement.setObject(i + 1, params.get(i));
       }

persistence/relational-jdbc/src/main/java/org/apache/polaris/persistence/relational/jdbc/JdbcBasePersistenceImpl.java

@@ -127,8 +127,7 @@ private DatasourceOperations getDatasourceOperations(
         new DatasourceOperations(dataSource.get(), relationalJdbcConfiguration);
     if (isBootstrap) {
       try {
-        databaseOperations.executeScript(
-            String.format("%s/schema-v1.sql", databaseType.getDisplayName()));
+        databaseOperations.executeScript(databaseType.getInitScriptResource());
       } catch (SQLException e) {
         throw new RuntimeException(
             String.format("Error executing sql script: %s", e.getMessage()), e);

persistence/relational-jdbc/src/main/java/org/apache/polaris/persistence/relational/jdbc/JdbcMetaStoreManagerFactory.java

@@ -23,218 +23,207 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
-import org.apache.polaris.core.entity.PolarisBaseEntity;
 import org.apache.polaris.core.entity.PolarisEntityCore;
 import org.apache.polaris.core.entity.PolarisEntityId;
-import org.apache.polaris.core.entity.PolarisEntityType;
-import org.apache.polaris.core.policy.PolicyEntity;
-import org.apache.polaris.persistence.relational.jdbc.models.Converter;
 import org.apache.polaris.persistence.relational.jdbc.models.ModelEntity;
 import org.apache.polaris.persistence.relational.jdbc.models.ModelGrantRecord;
-import org.apache.polaris.persistence.relational.jdbc.models.ModelPolicyMappingRecord;
-import org.apache.polaris.persistence.relational.jdbc.models.ModelPrincipalAuthenticationData;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
+/**
+ * Utility class to generate parameterized SQL queries (SELECT, INSERT, UPDATE, DELETE). Ensures
+ * consistent SQL generation and protects against injection by managing parameters separately.
+ */
 public class QueryGenerator {
-  private static final Logger log = LoggerFactory.getLogger(QueryGenerator.class);
   private final DatabaseType databaseType;
 
   public QueryGenerator(DatabaseType databaseType) {
     this.databaseType = databaseType;
   }
 
+  /**
+   * @return The configured database type.
+   */
   public DatabaseType getDatabaseType() {
     return databaseType;
   }
 
-  public static class PreparedQuery {
-    private final String sql;
-    private final List<Object> parameters;
-
-    public PreparedQuery(String sql, List<Object> parameters) {
-      this.sql = sql;
-      this.parameters = parameters;
-    }
-
-    public String getSql() {
-      return sql;
-    }
-
-    public List<Object> getParameters() {
-      return parameters;
-    }
-  }
-
-  public <T> PreparedQuery generateSelectQuery(
-      @Nonnull Converter<T> entity, @Nonnull Map<String, Object> whereClause) {
-
-    String tableName = getTableName(entity.getClass());
-    Map<String, Object> objectMap = entity.toMap(databaseType);
-    checkInvalidColumns(objectMap, whereClause);
-
-    String columns = String.join(", ", objectMap.keySet());
-    PreparedQuery whereClauseQuery = generateWhereClause(whereClause);
-    String sql = "SELECT " + columns + " FROM " + tableName + whereClauseQuery.getSql();
-
-    return new PreparedQuery(sql, whereClauseQuery.getParameters());
+  /** A container for the SQL string and the ordered parameter values. */
+  public record PreparedQuery(String sql, List<Object> parameters) {}
+
+  /**
+   * Generates a SELECT query with projection and filtering.
+   *
+   * @param projections List of columns to retrieve.
+   * @param tableName Target table name.
+   * @param whereClause Column-value pairs used in WHERE filtering.
+   * @return A parameterized SELECT query.
+   * @throws IllegalArgumentException if any whereClause column isn't in projections.
+   */
+  public PreparedQuery generateSelectQuery(
+      @Nonnull List<String> projections,
+      @Nonnull String tableName,
+      @Nonnull Map<String, Object> whereClause) {
+    checkInvalidColumns(projections, whereClause);
+    PreparedQuery where = generateWhereClause(whereClause);
+    PreparedQuery query = generateSelectQuery(projections, tableName, where.sql());
+    return new PreparedQuery(query.sql(), where.parameters());
   }
 
+  /**
+   * Builds a DELETE query to remove grant records for a given entity.
+   *
+   * @param entity The target entity (either grantee or securable).
+   * @param realmId The associated realm.
+   * @return A DELETE query removing all grants for this entity.
+   */
   public PreparedQuery generateDeleteQueryForEntityGrantRecords(
       @Nonnull PolarisEntityCore entity, @Nonnull String realmId) {
     String where =
-        " WHERE (grantee_id = ? AND grantee_catalog_id = ? OR securable_id = ? AND securable_catalog_id = ?) AND realm_id = ?";
+        " WHERE ((grantee_id = ? AND grantee_catalog_id = ?) OR (securable_id = ? AND securable_catalog_id = ?)) AND realm_id = ?";
     List<Object> params =
         Arrays.asList(
             entity.getId(), entity.getCatalogId(), entity.getId(), entity.getCatalogId(), realmId);
-
-    return new PreparedQuery("DELETE FROM " + getTableName(ModelGrantRecord.class) + where, params);
-  }
-
-  public PreparedQuery generateDeleteQueryForEntityPolicyMappingRecords(
-      @Nonnull PolarisBaseEntity entity, @Nonnull String realmId) {
-    Map<String, Object> queryParams = new LinkedHashMap<>();
-    if (entity.getType() == PolarisEntityType.POLICY) {
-      PolicyEntity policyEntity = PolicyEntity.of(entity);
-      queryParams.put("policy_type_code", policyEntity.getPolicyTypeCode());
-      queryParams.put("policy_catalog_id", policyEntity.getCatalogId());
-      queryParams.put("policy_id", policyEntity.getId());
-    } else {
-      queryParams.put("target_catalog_id", entity.getCatalogId());
-      queryParams.put("target_id", entity.getId());
-    }
-    queryParams.put("realm_id", realmId);
-
-    return generateDeleteQuery(new ModelPolicyMappingRecord(), queryParams);
+    return new PreparedQuery(
+        "DELETE FROM " + getFullyQualifiedTableName(ModelGrantRecord.TABLE_NAME) + where, params);
   }
 
+  /**
+   * Builds a SELECT query using a list of entity ID pairs (catalog_id, id).
+   *
+   * @param realmId Realm to filter by.
+   * @param entityIds List of PolarisEntityId pairs.
+   * @return SELECT query to retrieve matching entities.
+   * @throws IllegalArgumentException if entityIds is empty.
+   */
   public PreparedQuery generateSelectQueryWithEntityIds(
       @Nonnull String realmId, @Nonnull List<PolarisEntityId> entityIds) {
     if (entityIds.isEmpty()) {
       throw new IllegalArgumentException("Empty entity ids");
     }
-
     String placeholders = entityIds.stream().map(e -> "(?, ?)").collect(Collectors.joining(", "));
     List<Object> params = new ArrayList<>();
     for (PolarisEntityId id : entityIds) {
       params.add(id.getCatalogId());
       params.add(id.getId());
     }
     params.add(realmId);
-
     String where = " WHERE (catalog_id, id) IN (" + placeholders + ") AND realm_id = ?";
-    return new PreparedQuery(generateSelectQuery(new ModelEntity(), where).getSql(), params);
+    return new PreparedQuery(
+        generateSelectQuery(ModelEntity.ALL_COLUMNS, ModelEntity.TABLE_NAME, where).sql(), params);
   }
 
+  /**
+   * Generates an INSERT query for a given table.
+   *
+   * @param allColumns Columns to insert values into.
+   * @param tableName Target table name.
+   * @param values Values for each column (must match order of columns).
+   * @param realmId Realm value to append.
+   * @return INSERT query with value bindings.
+   */
   public <T> PreparedQuery generateInsertQuery(
-      @Nonnull Converter<T> entity, @Nonnull String realmId) {
-    String tableName = getTableName(entity.getClass());
-    Map<String, Object> obj = entity.toMap(databaseType);
-    List<String> columnNames = new ArrayList<>(obj.keySet());
-    List<Object> parameters = new ArrayList<>(obj.values());
-
-    columnNames.add("realm_id");
-    parameters.add(realmId);
-
-    String columns = String.join(", ", columnNames);
-    String placeholders = columnNames.stream().map(c -> "?").collect(Collectors.joining(", "));
-
-    String sql = "INSERT INTO " + tableName + " (" + columns + ") VALUES (" + placeholders + ")";
-    return new PreparedQuery(sql, parameters);
+      @Nonnull List<String> allColumns,
+      @Nonnull String tableName,
+      List<Object> values,
+      String realmId) {
+    List<String> finalColumns = new ArrayList<>(allColumns);
+    List<Object> finalValues = new ArrayList<>(values);
+    finalColumns.add("realm_id");
+    finalValues.add(realmId);
+    String columns = String.join(", ", finalColumns);
+    String placeholders = finalColumns.stream().map(c -> "?").collect(Collectors.joining(", "));
+    String sql =
+        "INSERT INTO "
+            + getFullyQualifiedTableName(tableName)
+            + " ("
+            + columns
+            + ") VALUES ("
+            + placeholders
+            + ")";
+    return new PreparedQuery(sql, finalValues);
   }
 
+  /**
+   * Builds an UPDATE query.
+   *
+   * @param allColumns Columns to update.
+   * @param tableName Target table.
+   * @param values New values (must match columns in order).
+   * @param whereClause Conditions for filtering rows to update.
+   * @return UPDATE query with parameter values.
+   */
   public <T> PreparedQuery generateUpdateQuery(
-      @Nonnull Converter<T> entity, @Nonnull Map<String, Object> whereClause) {
-    String tableName = getTableName(entity.getClass());
-    Map<String, Object> obj = entity.toMap(databaseType);
-    checkInvalidColumns(obj, whereClause);
-
-    List<String> setClauses = new ArrayList<>();
-    List<Object> parameters = new ArrayList<>();
-
-    for (Map.Entry<String, Object> entry : obj.entrySet()) {
-      setClauses.add(entry.getKey() + " = ?");
-      parameters.add(entry.getValue());
-    }
-
-    List<String> whereConditions = new ArrayList<>();
-    for (Map.Entry<String, Object> entry : whereClause.entrySet()) {
-      whereConditions.add(entry.getKey() + " = ?");
-      parameters.add(entry.getValue());
-    }
-
-    String sql = "UPDATE " + tableName + " SET " + String.join(", ", setClauses);
-    if (!whereConditions.isEmpty()) {
-      sql += " WHERE " + String.join(" AND ", whereConditions);
-    }
-
-    return new PreparedQuery(sql, parameters);
+      @Nonnull List<String> allColumns,
+      @Nonnull String tableName,
+      @Nonnull List<Object> values,
+      @Nonnull Map<String, Object> whereClause) {
+    checkInvalidColumns(allColumns, whereClause);
+    List<Object> bindingParams = new ArrayList<>(values);
+    PreparedQuery where = generateWhereClause(whereClause);
+    String setClause = allColumns.stream().map(c -> c + " = ?").collect(Collectors.joining(", "));
+    String sql =
+        "UPDATE " + getFullyQualifiedTableName(tableName) + " SET " + setClause + where.sql();
+    bindingParams.addAll(where.parameters());
+    return new PreparedQuery(sql, bindingParams);
   }
 
-  public <T> PreparedQuery generateDeleteQuery(
-      @Nonnull Converter<T> entity, @Nonnull Map<String, Object> whereClause) {
-    checkInvalidColumns(entity.toMap(databaseType), whereClause);
-    PreparedQuery preparedQuery = generateWhereClause(whereClause);
+  /**
+   * Builds a DELETE query with the given conditions.
+   *
+   * @param tableColumns List of valid table columns.
+   * @param tableName Target table.
+   * @param whereClause Column-value filters.
+   * @return DELETE query with parameter bindings.
+   */
+  public PreparedQuery generateDeleteQuery(
+      @Nonnull List<String> tableColumns,
+      @Nonnull String tableName,
+      @Nonnull Map<String, Object> whereClause) {
+    checkInvalidColumns(tableColumns, whereClause);
+    PreparedQuery where = generateWhereClause(whereClause);
     return new PreparedQuery(
-        "DELETE FROM " + getTableName(entity.getClass()) + preparedQuery.getSql(),
-        preparedQuery.getParameters());
-  }
-
-  public PreparedQuery generateDeleteAll(@Nonnull Class<?> entityClass, @Nonnull String realmId) {
-    String sql = "DELETE FROM " + getTableName(entityClass) + " WHERE 1 = 1 AND realm_id = ?";
-    return new PreparedQuery(sql, List.of(realmId));
+        "DELETE FROM " + getFullyQualifiedTableName(tableName) + where.sql(), where.parameters());
   }
 
   @VisibleForTesting
-  <T> PreparedQuery generateSelectQuery(@Nonnull Converter<T> entity, @Nonnull String filter) {
-    String tableName = getTableName(entity.getClass());
-    Map<String, Object> objectMap = entity.toMap(databaseType);
-    String columns = String.join(", ", objectMap.keySet());
-    String sql = "SELECT " + columns + " FROM " + tableName + filter;
+  PreparedQuery generateSelectQuery(
+      @Nonnull List<String> columnNames, @Nonnull String tableName, @Nonnull String filter) {
+    String sql =
+        "SELECT "
+            + String.join(", ", columnNames)
+            + " FROM "
+            + getFullyQualifiedTableName(tableName)
+            + filter;
     return new PreparedQuery(sql, Collections.emptyList());
   }
 
   @VisibleForTesting
   PreparedQuery generateWhereClause(@Nonnull Map<String, Object> whereClause) {
     List<String> conditions = new ArrayList<>();
     List<Object> parameters = new ArrayList<>();
-
     for (Map.Entry<String, Object> entry : whereClause.entrySet()) {
       conditions.add(entry.getKey() + " = ?");
       parameters.add(entry.getValue());
     }
-
     String clause = conditions.isEmpty() ? "" : " WHERE " + String.join(" AND ", conditions);
     return new PreparedQuery(clause, parameters);
   }
 
-  @VisibleForTesting
-  public static String getTableName(@Nonnull Class<?> entityClass) {
-    String tableName;
-    if (entityClass.equals(ModelEntity.class)) {
-      tableName = "ENTITIES";
-    } else if (entityClass.equals(ModelGrantRecord.class)) {
-      tableName = "GRANT_RECORDS";
-    } else if (entityClass.equals(ModelPrincipalAuthenticationData.class)) {
-      tableName = "PRINCIPAL_AUTHENTICATION_DATA";
-    } else if (entityClass.equals(ModelPolicyMappingRecord.class)) {
-      tableName = "POLICY_MAPPING_RECORD";
-    } else {
-      throw new IllegalArgumentException("Unsupported entity class: " + entityClass.getName());
+  /** Validates that WHERE clause columns exist in the given list of valid columns. */
+  private void checkInvalidColumns(List<String> entity, Map<String, Object> whereClause) {
+    if (!whereClause.isEmpty()) {
+      for (String key : whereClause.keySet()) {
+        if (!entity.contains(key) && !key.equals("realm_id")) {
+          throw new IllegalArgumentException("Invalid query column: " + key);
+        }
+      }
     }
-
-    return "POLARIS_SCHEMA." + tableName;
   }
 
-  private void checkInvalidColumns(Map<String, Object> entity, Map<String, Object> whereClause) {
-    List<String> allColumns = new ArrayList<>(entity.keySet());
-    allColumns.add("realm_id");
-    if (!allColumns.containsAll(whereClause.keySet())) {
-      throw new IllegalArgumentException("Invalid query " + whereClause.keySet());
-    }
+  private String getFullyQualifiedTableName(String tableName) {
+    // TODO: make schema name configurable.
+    return "POLARIS_SCHEMA." + tableName;
   }
 }