[#6024] feat(iceberg): refactor Iceberg credential code to reuse credential component in Gravitino server #6021
Conversation
FANNG1
force-pushed
the
iceberg_credential
branch
2 times, most recently
from
45db206 to
1582bd3
Compare
FANNG1
changed the title
|
@jerryshao @orenccl @theoryxu please help to review when you have time, thanks |
| this.httpServletRequest = httpRequest; | ||
| this.remoteHostName = httpRequest.getRemoteHost(); | ||
| this.httpHeaders = IcebergRestUtils.getHttpHeaders(httpRequest); | ||
| this.catalogName = catalogName; | ||
| this.userName = PrincipalUtils.getCurrentUserName(); | ||
| this.requestCredentialVending = requestCredentialVending; |
There was a problem hiding this comment.
Trying to get credential information from httpHeaders, test jersey test fails for couldn't get real HTTP headers, try find some solution
| } else if (credentialProviders.size() > 1) { | ||
| throw new RuntimeException("There are multiple credential providers for the catalog."); | ||
| } | ||
| return getCredential(credentialProviders.keySet().iterator().next(), context); |
There was a problem hiding this comment.
Can we use a more meaningful exception instead of RuntimeException?
| // Get credential with only one credential provider. | ||
| public Credential getCredential(CredentialContext context) { | ||
| if (credentialProviders.size() == 0) { | ||
| throw new RuntimeException("There are not any credential provider for the catalog."); |
There was a problem hiding this comment.
"There is no credential..."
| } | ||
|
|
||
| @SuppressWarnings("deprecation") | ||
| private Map<String, String> normalizeCredentialProperties(Map<String, String> properties) { |
There was a problem hiding this comment.
I think the name "normalize" cannot fully describe the meaning of this method, this method doesn't normalize anything, it just check and keep the compatibility of the deprecated configs. It would be better to have a new name.
There was a problem hiding this comment.
updated with adjustCredentialPropertiesForCompatibility
| public LoadTableResponse createTable( | ||
| Namespace namespace, CreateTableRequest request, boolean requestCredential) { | ||
| LoadTableResponse loadTableResponse = super.createTable(namespace, request); | ||
| if (requestCredential) { | ||
| return injectCredentialConfig( | ||
| TableIdentifier.of(namespace, request.name()), loadTableResponse); | ||
| } | ||
| return loadTableResponse; | ||
| } | ||
|
|
||
| public LoadTableResponse loadTable(TableIdentifier identifier, boolean requestCredential) { | ||
| LoadTableResponse loadTableResponse = super.loadTable(identifier); | ||
| if (requestCredential) { | ||
| return injectCredentialConfig(identifier, loadTableResponse); | ||
| } | ||
| return loadTableResponse; | ||
| } |
There was a problem hiding this comment.
I assume these two methods should add @Override annotation, right?
There was a problem hiding this comment.
no, the method is different for requestCredential parameter
| * | ||
| * @return true if the request is for credential vending, false otherwise. | ||
| */ | ||
| public boolean isRequestCredentialVending() { |
There was a problem hiding this comment.
Can we rename to requestCredentialVending?
|
Seems like there's some conflicts need to be resolved. |
FANNG1
force-pushed
the
iceberg_credential
branch
from
ae4a7c4 to
ee2e233
Compare
updated |
| .doc("Credential providers, separated by comma.") | ||
| .version(ConfigConstants.VERSION_0_8_0) | ||
| .stringConf() | ||
| .create(); |
There was a problem hiding this comment.
Can you use toSequence() for this configuration.
| } | ||
|
|
||
| @SuppressWarnings("deprecation") | ||
| private Map<String, String> adjustCredentialPropertiesForCompatibility( |
There was a problem hiding this comment.
The name is too long, I think we can use checkForCompatibility.
| MapUtils.getFilteredMap( | ||
| config.getIcebergCatalogProperties(), | ||
| key -> catalogPropertiesToClientKeys.contains(key)); | ||
| // To compatibility with old version |
There was a problem hiding this comment.
"To be compatible with..."
| new ConfigBuilder(CredentialConstants.CREDENTIAL_PROVIDERS) | ||
| .doc("Credential providers, separated by comma.") | ||
| .version(ConfigConstants.VERSION_0_8_0) | ||
| .stringConf() | ||
| .create(); | ||
| .toSequence() | ||
| .createWithDefault(Collections.emptyList()); |
There was a problem hiding this comment.
It's weird that changes to List here alone is enough? Do you need to change to other places that uses this variable, how can they pass the type check?
There was a problem hiding this comment.
The config entry defined here is not used to get providers, updated the code, please review again
What changes were proposed in this pull request?
CatalogCredentialManagerto manage the credentials in Iceberg catalog.CatalogWrapperForRESTto manage some REST specific operations like credential vending.catalog-provider-type, usecatalog-providersinstead.Why are the changes needed?
Fix: #6024
Does this PR introduce any user-facing change?
yes, depracate
catalog-provider-type, usecatalog-providers, do some compatibility work.How was this patch tested?
run with s3 token