feat(cache): add updated_at columns and auth mapper operations for version-validated caching by yuqi1129 · Pull Request #10793 · apache/gravitino

yuqi1129 · 2026-04-16T01:09:04Z

What changes were proposed in this pull request?

Adds updated_at BIGINT NOT NULL DEFAULT 0 to role_meta, user_meta, group_meta, owner_meta tables for version-validated strong consistency
Creates entity_change_log table for HA cross-node targeted invalidation of name→id cache
Adds covering indexes for auth read predicates on the above tables
Adds mapper methods:
- touchUpdatedAt / batchGetUpdatedAt on RoleMetaMapper
- touchUpdatedAt / getUserInfo on UserMetaMapper
- touchUpdatedAt / getGroupInfoByUserId on GroupMetaMapper
- selectOwnerByMetadataObjectId / selectChangedOwners on OwnerMetaMapper
Creates EntityChangeLogMapper for entity structural change tracking (insert/select/prune)
Adds result record types in po/auth: UserAuthInfo, GroupAuthInfo, OwnerInfo, RoleUpdatedAt, ChangedOwnerInfo, EntityChangeRecord
Provides MySQL upgrade script upgrade-1.2.0-to-1.3.0-mysql.sql

Part of the Gravitino auth cache improvement design: Phase 1.2 + Phase 2 DB schema work.

Why are the changes needed?

The current JcasbinAuthorizer reloads all role policies on every request when the cache misses. The updated_at version sentinels enable strong-consistency version checks so that only stale entries are reloaded, and the entity_change_log table enables targeted cross-node cache invalidation in HA deployments without full cache flushes.

Does this PR introduce any user-facing changes?

No. All changes are internal DB schema and mapper additions; no public API changes.

How was this patch tested?

./gradlew :core:test -PskipITs
Manual: apply upgrade SQL against a 1.2.0 schema, verify columns and indexes exist

🤖 Generated with Claude Code

Copilot

Pull request overview

This PR introduces DB-side version sentinels (updated_at) and an append-only change log (entity_change_log) to support version-validated, strong-consistency authorization caching and targeted cross-node cache invalidation in HA deployments.

Changes:

Adds a MySQL upgrade script to introduce updated_at columns on auth metadata tables, new covering indexes, and the new entity_change_log table.
Adds new MyBatis mapper/provider methods to update/read updated_at, query owner changes, and insert/select/prune entity change log rows.
Adds new po/auth record types to represent lightweight auth/cache query results.

Reviewed changes

Copilot reviewed 23 out of 23 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
scripts/mysql/upgrade-1.2.0-to-1.3.0-mysql.sql	MySQL schema upgrade: add `updated_at` columns, indexes, backfill, and `entity_change_log` table.
core/src/main/java/org/apache/gravitino/storage/relational/po/auth/UserAuthInfo.java	Record for user id + staleness sentinel.
core/src/main/java/org/apache/gravitino/storage/relational/po/auth/GroupAuthInfo.java	Record for group id + staleness sentinel.
core/src/main/java/org/apache/gravitino/storage/relational/po/auth/OwnerInfo.java	Record for owner identity result.
core/src/main/java/org/apache/gravitino/storage/relational/po/auth/RoleUpdatedAt.java	Record for role id + updated_at batch query results.
core/src/main/java/org/apache/gravitino/storage/relational/po/auth/ChangedOwnerInfo.java	Record for owner change poller results.
core/src/main/java/org/apache/gravitino/storage/relational/po/auth/EntityChangeRecord.java	Record for entity change poller results.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/base/UserMetaBaseSQLProvider.java	Adds SQL for touching user `updated_at` and fetching `UserAuthInfo`.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/base/RoleMetaBaseSQLProvider.java	Adds SQL for touching role `updated_at` and batch-getting role `updated_at`.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/base/GroupMetaBaseSQLProvider.java	Adds SQL for touching group `updated_at` and fetching group auth info for a user.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/base/OwnerMetaBaseSQLProvider.java	Adds SQL for selecting owner by object id and scanning changed owners.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/base/EntityChangeLogBaseSQLProvider.java	Base SQL for selecting/inserting/pruning entity change log entries.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/DefaultMapperPackageProvider.java	Registers the new `EntityChangeLogMapper`.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/UserMetaSQLProviderFactory.java	Exposes new user SQL provider methods.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/UserMetaMapper.java	Adds mapper methods for touching user `updated_at` and selecting `UserAuthInfo`.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/RoleMetaSQLProviderFactory.java	Exposes new role SQL provider methods.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/RoleMetaMapper.java	Adds mapper methods for touching role `updated_at` and batch-getting `RoleUpdatedAt`.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/GroupMetaSQLProviderFactory.java	Exposes new group SQL provider methods.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/GroupMetaMapper.java	Adds mapper methods for touching group `updated_at` and selecting `GroupAuthInfo`.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/OwnerMetaSQLProviderFactory.java	Exposes new owner SQL provider methods.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/OwnerMetaMapper.java	Adds mapper methods returning `OwnerInfo` and `ChangedOwnerInfo`.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/EntityChangeLogSQLProviderFactory.java	Provider factory for entity change log operations across backends.
core/src/main/java/org/apache/gravitino/storage/relational/mapper/EntityChangeLogMapper.java	New MyBatis mapper for `entity_change_log`.

+  public String selectChangedOwners(@Param("updatedAtAfter") long updatedAtAfter) {
+    return "SELECT metadata_object_id as metadataObjectId, updated_at as updatedAt"
+        + " FROM "
+        + OWNER_TABLE_NAME
+        + " WHERE updated_at > #{updatedAtAfter} ORDER BY updated_at";


+  @SelectProvider(
+      type = EntityChangeLogSQLProviderFactory.class,
+      method = "selectEntityChanges")
+  List<EntityChangeRecord> selectChanges(
+      @Param("createdAtAfter") long createdAtAfter, @Param("maxRows") int maxRows);
+
+  @InsertProvider(type = EntityChangeLogSQLProviderFactory.class, method = "insertEntityChange")
+  void insertChange(
+      @Param("metalakeName") String metalakeName,
+      @Param("entityType") String entityType,
+      @Param("fullName") String fullName,
+      @Param("operateType") String operateType,
+      @Param("createdAt") long createdAt);
+
+  @DeleteProvider(
+      type = EntityChangeLogSQLProviderFactory.class,
+      method = "pruneOldEntityChanges")
+  void pruneOldEntries(@Param("before") long before);


+  private static final Map<JDBCBackendType, EntityChangeLogBaseSQLProvider>
+      ENTITY_CHANGE_LOG_SQL_PROVIDER_MAP =
+          ImmutableMap.of(
+              JDBCBackendType.MYSQL, new EntityChangeLogMySQLProvider(),
+              JDBCBackendType.H2, new EntityChangeLogH2Provider(),
+              JDBCBackendType.POSTGRESQL, new EntityChangeLogPostgreSQLProvider());


+        + " FROM "
+        + GROUP_TABLE_NAME
+        + " gm"
+        + " JOIN group_user_rel gu ON gm.group_id = gu.group_id AND gu.deleted_at = 0"


+  public String selectOwnerByMetadataObjectId(@Param("metadataObjectId") long metadataObjectId) {
+    return "SELECT owner_id as ownerId, owner_type as ownerType FROM "
+        + OWNER_TABLE_NAME
+        + " WHERE metadata_object_id = #{metadataObjectId} AND deleted_at = 0";


+  public String pruneOldEntityChanges(@Param("before") long before) {
+    return "DELETE FROM "
+        + ENTITY_CHANGE_LOG_TABLE_NAME
+        + " WHERE created_at < #{before} LIMIT 1000";


+CREATE INDEX idx_role_meta_del_upd
+    ON role_meta (role_id, deleted_at, updated_at);
+CREATE INDEX idx_owner_meta_obj_del_upd
+    ON owner_meta (metadata_object_id, deleted_at, updated_at);


…er operations - Add updated_at BIGINT NOT NULL DEFAULT 0 to role_meta, user_meta, group_meta, owner_meta - Create entity_change_log table for HA cross-node targeted metadataIdCache invalidation - Add covering indexes for auth read-path version checks - Add new mapper methods: touchUpdatedAt/batchGetUpdatedAt (RoleMetaMapper), touchUpdatedAt/getUserInfo (UserMetaMapper), touchUpdatedAt/getGroupInfoByUserId (GroupMetaMapper), selectOwnerByMetadataObjectId/selectChangedOwners (OwnerMetaMapper) - Create EntityChangeLogMapper with selectChanges/insertChange/pruneOldEntries - Add result types UserAuthInfo, GroupAuthInfo, OwnerInfo, RoleUpdatedAt, ChangedOwnerInfo, EntityChangeRecord (plain Java classes, Java 11 compatible) - Add schema-1.3.0 and upgrade-1.2.0-to-1.3.0 scripts for MySQL, H2, PostgreSQL - Add unit tests TestAuthMappers covering all new mapper methods Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…ervice write paths - RoleMetaService: touchUpdatedAt on privilege grant/revoke (same transaction) - UserMetaService: touchUpdatedAt on role assign/revoke (same transaction) - GroupMetaService: touchUpdatedAt on role assign/revoke (same transaction) - OwnerRelPO: add updatedAt field; insertOwnerRel SQL includes updated_at column - POConverters: set updatedAt=currentTimeMillis in initializeOwnerRelPOsWithVersion - CatalogMetaService: INSERT entity_change_log on rename (ALTER) and drop (DROP) - SchemaMetaService: INSERT entity_change_log on rename (ALTER) and drop (DROP) - TableMetaService: INSERT entity_change_log on rename (ALTER) and drop (DROP) - FilesetMetaService: INSERT entity_change_log on rename (ALTER) and drop (DROP) - TopicMetaService: INSERT entity_change_log on rename (ALTER) and drop (DROP) - ViewMetaService: INSERT entity_change_log on rename (ALTER) and drop (DROP) - ModelMetaService: INSERT entity_change_log on rename (ALTER) and drop (DROP) - MetalakeMetaService: INSERT entity_change_log on rename (ALTER) and drop (DROP) - All entity_change_log INSERTs are in the same DB transaction as the data change Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…hange_log pruning PostgreSQL does not support DELETE ... LIMIT syntax. Override pruneOldEntityChanges in EntityChangeLogPostgreSQLProvider to use DELETE ... WHERE id IN (SELECT id ... LIMIT 1000) instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

github-actions · 2026-04-17T10:47:06Z

Code Coverage Report

Overall Project	65.25% `+0.75%`	🟢
Files changed	88.26%	🟢

Module	Coverage
aliyun	1.73%	🔴
api	47.09%	🟢
authorization-common	85.96%	🟢
aws	1.1%	🔴
azure	2.6%	🔴
catalog-common	10.2%	🔴
catalog-fileset	80.02%	🟢
catalog-glue	75.36%	🟢
catalog-hive	81.83%	🟢
catalog-jdbc-clickhouse	79.06%	🟢
catalog-jdbc-common	42.89%	🟢
catalog-jdbc-doris	80.28%	🟢
catalog-jdbc-hologres	54.03%	🟢
catalog-jdbc-mysql	79.23%	🟢
catalog-jdbc-oceanbase	78.38%	🟢
catalog-jdbc-postgresql	82.05%	🟢
catalog-jdbc-starrocks	78.27%	🟢
catalog-kafka	77.01%	🟢
catalog-lakehouse-generic	45.07%	🟢
catalog-lakehouse-hudi	79.1%	🟢
catalog-lakehouse-iceberg	87.27%	🟢
catalog-lakehouse-paimon	77.71%	🟢
catalog-model	77.72%	🟢
cli	44.51%	🟢
client-java	77.63%	🟢
common	48.97%	🟢
core	81.57% `+0.77%`	🟢
filesystem-hadoop3	76.97%	🟢
flink	40.55%	🟢
flink-runtime	0.0%	🔴
gcp	14.2%	🔴
hadoop-common	10.39%	🔴
hive-metastore-common	46.14%	🟢
iceberg-common	50.73%	🟢
iceberg-rest-server	65.93%	🟢
integration-test-common	0.0%	🔴
jobs	66.17%	🟢
lance-common	23.88%	🔴
lance-rest-server	57.84%	🟢
lineage	53.02%	🟢
optimizer	82.87%	🟢
optimizer-api	21.95%	🔴
server	85.89%	🟢
server-common	69.52%	🟢
spark	32.79%	🔴
spark-common	39.09%	🔴
trino-connector	33.83%	🔴

Files

Module	File	Coverage
common	ConfigConstants.java	0.0%	🔴
core	DefaultMapperPackageProvider.java	100.0%	🟢
	GroupMetaBaseSQLProvider.java	100.0%	🟢
	OwnerMetaBaseSQLProvider.java	100.0%	🟢
	RoleMetaBaseSQLProvider.java	100.0%	🟢
	UserMetaBaseSQLProvider.java	100.0%	🟢
	OwnerRelPO.java	100.0%	🟢
	ChangedOwnerInfo.java	100.0%	🟢
	EntityChangeRecord.java	100.0%	🟢
	OwnerInfo.java	100.0%	🟢
	RoleUpdatedAt.java	100.0%	🟢
	UserAuthInfo.java	100.0%	🟢
	MetalakeMetaService.java	100.0%	🟢
	CatalogMetaService.java	98.89%	🟢
	FilesetMetaService.java	96.83%	🟢
	OwnerMetaSQLProviderFactory.java	96.3%	🟢
	RoleMetaSQLProviderFactory.java	96.0%	🟢
	GroupMetaSQLProviderFactory.java	95.65%	🟢
	UserMetaSQLProviderFactory.java	95.65%	🟢
	EntityChangeLogSQLProviderFactory.java	94.12%	🟢
	GroupMetaService.java	94.03%	🟢
	UserMetaService.java	94.03%	🟢
	RoleMetaService.java	93.22%	🟢
	POConverters.java	88.11%	🟢
	GroupAuthInfo.java	83.33%	🟢
	TableMetaService.java	78.52%	🟢
	SchemaMetaService.java	78.1%	🟢
	ViewMetaService.java	76.15%	🟢
	ModelMetaService.java	75.89%	🟢
	EntityChangeLogBaseSQLProvider.java	75.0%	🟢
	TopicMetaService.java	72.97%	🟢
	EntityChangeLogMapper.java	0.0%	🔴
	GroupMetaMapper.java	0.0%	🔴
	OwnerMetaMapper.java	0.0%	🔴
	RoleMetaMapper.java	0.0%	🔴
	UserMetaMapper.java	0.0%	🔴

Copilot AI review requested due to automatic review settings April 16, 2026 01:09

yuqi1129 mentioned this pull request Apr 16, 2026

feat(cache): introduce GravitinoCache interface with Caffeine and no-op implementations #10794

Closed

1 task

Copilot started reviewing on behalf of yuqi1129 April 16, 2026 01:09 View session

Copilot AI reviewed Apr 16, 2026

View reviewed changes

yuqi1129 force-pushed the feat/cache-db-schema-mapper branch from 75bd9f5 to dd6c855 Compare April 16, 2026 01:40

yuqi1129 marked this pull request as draft April 16, 2026 01:53

yuqi1129 and others added 4 commits April 16, 2026 23:10

fix

c7bb7c8

fix

e94d747

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(cache): add updated_at columns and auth mapper operations for version-validated caching#10793

feat(cache): add updated_at columns and auth mapper operations for version-validated caching#10793
yuqi1129 wants to merge 5 commits intoapache:mainfrom
yuqi1129:feat/cache-db-schema-mapper

yuqi1129 commented Apr 16, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

github-actions bot commented Apr 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

yuqi1129 commented Apr 16, 2026

What changes were proposed in this pull request?

Why are the changes needed?

Does this PR introduce any user-facing changes?

How was this patch tested?

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

github-actions bot commented Apr 17, 2026

Code Coverage Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants