Refactor interface and models for PolicySync

Author: vinishjail97

xtable-api/src/main/java/org/apache/xtable/model/catalog/policy/InternalAccessControlPolicySnapshot.java

@@ -19,6 +19,7 @@
 package org.apache.xtable.model.catalog.policy;
 
 import java.time.Instant;
+import java.util.Collections;
 import java.util.Map;
 
 import lombok.Builder;
@@ -47,23 +48,23 @@ public class InternalAccessControlPolicySnapshot {
    * A map of user names to {@link InternalUser} objects, capturing individual users' details such
    * as assigned roles, auditing metadata, etc.
    */
-  Map<String, InternalUser> usersByName;
+  @Builder.Default Map<String, InternalUser> usersByName = Collections.emptyMap();
 
   /**
    * A map of group names to {@link InternalUserGroup} objects, representing logical groupings of
    * users for easier role management.
    */
-  Map<String, InternalUserGroup> groupsByName;
+  @Builder.Default Map<String, InternalUserGroup> groupsByName = Collections.emptyMap();
 
   /**
    * A map of role names to {@link InternalRole} objects, defining the privileges and security rules
    * each role entails.
    */
-  Map<String, InternalRole> rolesByName;
+  @Builder.Default Map<String, InternalRole> rolesByName = Collections.emptyMap();
 
   /**
    * A map of additional properties or metadata related to this snapshot. This map provides
    * flexibility for storing information without modifying the main schema of the snapshot.
    */
-  Map<String, String> properties;
+  @Builder.Default Map<String, String> properties = Collections.emptyMap();
 }

xtable-api/src/main/java/org/apache/xtable/model/catalog/policy/InternalPrivilege.java

@@ -35,7 +35,7 @@ public class InternalPrivilege {
    * The type of privilege, such as SELECT, CREATE, or MODIFY. Each implementation can define its
    * own set of enums.
    */
-  String privilegeType;
+  InternalPrivilegeType privilegeType;
 
   /**
    * The decision, typically ALLOW or DENY. Some catalogs may not support DENY explicitly,

xtable-api/src/main/java/org/apache/xtable/model/catalog/policy/InternalPrivilegeType.java

@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.xtable.model.catalog.policy;
+
+/**
+ * Specifies a set of privileges that can be granted or revoked for securable objects.
+ *
+ * <p>This enum is used to indicate the type of actions that a subject (user, role, group) is
+ * allowed to perform on a given resource, such as a catalog, database, table, or other securable
+ * entity.
+ */
+public enum InternalPrivilegeType {
+
+  /** Grants all available privileges on the resource. */
+  ALL,
+
+  /**
+   * Allows modification of the structure or metadata of the resource. For example, modifying
+   * schemas or properties.
+   */
+  ALTER,
+
+  /**
+   * Allows describing or viewing the metadata of the resource. Typically applies to viewing schemas
+   * or properties of the resource.
+   */
+  DESCRIBE,
+
+  /**
+   * Allows reading or selecting data from the resource. Commonly associated with performing SQL
+   * SELECT statements.
+   */
+  SELECT,
+
+  /**
+   * Allows inserting new data into the resource. Typically granted for operations like SQL INSERT
+   * statements.
+   */
+  INSERT,
+
+  /**
+   * Allows updating existing data within the resource. Typically granted for operations like SQL
+   * UPDATE statements.
+   */
+  UPDATE,
+
+  /** Allows creating new resources within the catalog. */
+  CREATE,
+
+  /** Allows deleting or dropping a resource, such as a database or a table. */
+  DROP,
+
+  /** Allows removing data from the resource, for example using SQL DELETE statements. */
+  DELETE
+}

xtable-api/src/main/java/org/apache/xtable/model/catalog/policy/InternalSecurableObject.java

@@ -33,11 +33,13 @@
 @Value
 @Builder
 public class InternalSecurableObject {
+  /** The identifier of the securable object. */
+  InternalSecurableObjectIdentifier securableObjectIdentifier;
   /**
    * The type of securable object, such as TABLE, VIEW, FUNCTION, etc. Each implementation can
    * define its own set of enums.
    */
-  String securableObjectType;
+  InternalSecurableObjectType securableObjectType;
   /** The set of privileges assigned to this object. */
   List<InternalPrivilege> privileges;
 }

xtable-api/src/main/java/org/apache/xtable/model/catalog/policy/InternalSecurableObjectIdentifier.java

@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.xtable.model.catalog.policy;
+
+/**
+ * Defines a structure for obtaining a unique, canonical identifier for a securable object within
+ * the catalog.
+ *
+ * <p>Implementations of this interface may represent entities such as catalogs, databases, tables,
+ * or any other resource that can be protected or controlled via security policies.
+ */
+public interface InternalSecurableObjectIdentifier {
+
+  /**
+   * Returns the unique identifier of the securable object in a canonical form.
+   *
+   * @return a non-null {@link String} representing the unique identifier of this securable object
+   */
+  String getId();
+}

xtable-api/src/main/java/org/apache/xtable/model/catalog/policy/InternalSecurableObjectType.java

@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+package org.apache.xtable.model.catalog.policy;
+
+/**
+ * Identifies the type of securable object within the catalog.
+ *
+ * <p>Each attribute in this enum represents a different kind of resource for which permissions may
+ * be managed or enforced.
+ */
+public enum InternalSecurableObjectType {
+
+  /** Represents the root container in which databases and other objects reside. */
+  CATALOG,
+
+  /** Represents a logical grouping of tables and other related objects. */
+  DATABASE,
+
+  /** Represents a table, typically containing rows and columns of data. */
+  TABLE,
+
+  /** Represents a view, which is often a virtual table defined by a query. */
+  VIEW,
+
+  /**
+   * Represents a partition, commonly used to segment table data for performance or organizational
+   * reasons.
+   */
+  PARTITION,
+
+  /** Represents a column, generally a single field within a table or partition. */
+  COLUMN,
+
+  /** Represents a function, such as a user-defined function (UDF) within the database system. */
+  FUNCTION,
+
+  /** Represents an unsupported object type for error handling. */
+  UNSUPPORTED
+}