From eb3ff626bc588398c9d17ec0e72353c1fd2871cf Mon Sep 17 00:00:00 2001 From: Nuoya Jiang Date: Thu, 23 Oct 2025 21:15:33 -0500 Subject: [PATCH 1/3] rename AccessConfig for clarity --- .../connection/ConnectionCredentials.java | 10 +++--- .../AtomicOperationMetaStoreManager.java | 6 ++-- .../dao/entity/ScopedCredentialsResult.java | 16 +++++----- .../TransactionalMetaStoreManagerImpl.java | 6 ++-- .../storage/PolarisStorageIntegration.java | 2 +- ...ssConfig.java => StorageAccessConfig.java} | 8 ++--- .../aws/AwsCredentialsStorageIntegration.java | 6 ++-- .../AzureCredentialsStorageIntegration.java | 10 +++--- .../storage/cache/StorageCredentialCache.java | 8 ++--- .../cache/StorageCredentialCacheEntry.java | 15 +++++---- .../gcp/GcpCredentialsStorageIntegration.java | 6 ++-- .../InMemoryStorageIntegrationTest.java | 2 +- ...Test.java => StorageAccessConfigTest.java} | 20 ++++++------ ...zureCredentialsStorageIntegrationTest.java | 8 ++--- .../cache/StorageCredentialCacheTest.java | 12 +++---- .../AwsCredentialsStorageIntegrationTest.java | 32 +++++++++---------- ...AzureCredentialStorageIntegrationTest.java | 26 +++++++-------- .../GcpCredentialsStorageIntegrationTest.java | 14 ++++---- .../iceberg/IcebergCatalogAdapter.java | 12 +++---- .../iceberg/IcebergCatalogHandler.java | 20 ++++++------ .../catalog/io/DefaultFileIOFactory.java | 10 +++--- .../service/catalog/io/FileIOUtil.java | 16 +++++----- ....java => StorageAccessConfigProvider.java} | 16 +++++----- ...PolarisStorageIntegrationProviderImpl.java | 6 ++-- .../service/admin/PolarisAuthzTestBase.java | 4 +-- ...bstractPolarisGenericTableCatalogTest.java | 8 ++--- .../iceberg/AbstractIcebergCatalogTest.java | 8 ++--- .../AbstractIcebergCatalogViewTest.java | 8 ++--- .../IcebergCatalogHandlerAuthzTest.java | 8 ++--- ...CatalogHandlerFineGrainedDisabledTest.java | 2 +- .../policy/AbstractPolicyCatalogTest.java | 8 ++--- .../apache/polaris/service/TestServices.java | 14 ++++---- 32 files changed, 174 insertions(+), 173 deletions(-) rename polaris-core/src/main/java/org/apache/polaris/core/storage/{AccessConfig.java => StorageAccessConfig.java} (94%) rename polaris-core/src/test/java/org/apache/polaris/core/storage/{AccessConfigTest.java => StorageAccessConfigTest.java} (87%) rename runtime/service/src/main/java/org/apache/polaris/service/catalog/io/{AccessConfigProvider.java => StorageAccessConfigProvider.java} (88%) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/credentials/connection/ConnectionCredentials.java b/polaris-core/src/main/java/org/apache/polaris/core/credentials/connection/ConnectionCredentials.java index bc8cd3e958..1d86bf03c0 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/credentials/connection/ConnectionCredentials.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/credentials/connection/ConnectionCredentials.java @@ -22,21 +22,21 @@ import java.time.Instant; import java.util.Map; import java.util.Optional; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.immutables.PolarisImmutable; /** * Encapsulates credentials and configuration needed to connect to external federated catalogs. * - *

Similar to {@link AccessConfig} for storage, this class holds the credentials and properties - * required for Polaris to authenticate with remote catalog services (e.g., AWS Glue, other Iceberg - * REST catalogs). + *

Similar to {@link StorageAccessConfig} for storage, this class holds the credentials and + * properties required for Polaris to authenticate with remote catalog services (e.g., AWS Glue, + * other Iceberg REST catalogs). * *

Credentials may be temporary and include an expiration time. * *

Note: This interface currently includes only {@code credentials} and {@code expiresAt}. * Additional fields like {@code extraProperties} and {@code internalProperties} (similar to {@link - * AccessConfig}) are not included for now but can be added later if needed for more complex + * StorageAccessConfig}) are not included for now but can be added later if needed for more complex * credential scenarios. */ @PolarisImmutable diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/AtomicOperationMetaStoreManager.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/AtomicOperationMetaStoreManager.java index 1ec8c89d41..3ae2ac2c9e 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/AtomicOperationMetaStoreManager.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/AtomicOperationMetaStoreManager.java @@ -77,9 +77,9 @@ import org.apache.polaris.core.policy.PolicyEntity; import org.apache.polaris.core.policy.PolicyMappingUtil; import org.apache.polaris.core.policy.PolicyType; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo; import org.apache.polaris.core.storage.PolarisStorageIntegration; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -1635,14 +1635,14 @@ private void revokeGrantRecord( entityId); try { - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = storageIntegration.getSubscopedCreds( callCtx.getRealmConfig(), allowListOperation, allowedReadLocations, allowedWriteLocations, refreshCredentialsEndpoint); - return new ScopedCredentialsResult(accessConfig); + return new ScopedCredentialsResult(storageAccessConfig); } catch (Exception ex) { return new ScopedCredentialsResult( BaseResult.ReturnStatus.SUBSCOPE_CREDS_ERROR, ex.getMessage()); diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java index 76526a8635..bf34216f41 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java @@ -20,13 +20,13 @@ import jakarta.annotation.Nonnull; import jakarta.annotation.Nullable; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; /** Result of a getSubscopedCredsForEntity() call */ public class ScopedCredentialsResult extends BaseResult { // null if not success. Else, set of name/value pairs for the credentials - private final AccessConfig accessConfig; + private final StorageAccessConfig storageAccessConfig; /** * Constructor for an error @@ -37,20 +37,20 @@ public class ScopedCredentialsResult extends BaseResult { public ScopedCredentialsResult( @Nonnull ReturnStatus errorCode, @Nullable String extraInformation) { super(errorCode, extraInformation); - this.accessConfig = null; + this.storageAccessConfig = null; } /** * Constructor for success * - * @param accessConfig credentials + * @param storageAccessConfig credentials */ - public ScopedCredentialsResult(AccessConfig accessConfig) { + public ScopedCredentialsResult(StorageAccessConfig storageAccessConfig) { super(ReturnStatus.SUCCESS); - this.accessConfig = accessConfig; + this.storageAccessConfig = storageAccessConfig; } - public AccessConfig getAccessConfig() { - return accessConfig; + public StorageAccessConfig getAccessConfig() { + return storageAccessConfig; } } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/transactional/TransactionalMetaStoreManagerImpl.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/transactional/TransactionalMetaStoreManagerImpl.java index db3ccd0f35..815e119d30 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/transactional/TransactionalMetaStoreManagerImpl.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/transactional/TransactionalMetaStoreManagerImpl.java @@ -82,9 +82,9 @@ import org.apache.polaris.core.policy.PolicyEntity; import org.apache.polaris.core.policy.PolicyMappingUtil; import org.apache.polaris.core.policy.PolicyType; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo; import org.apache.polaris.core.storage.PolarisStorageIntegration; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -2128,14 +2128,14 @@ private PolarisEntityResolver resolveSecurableToRoleGrant( entityId); try { - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = storageIntegration.getSubscopedCreds( callCtx.getRealmConfig(), allowListOperation, allowedReadLocations, allowedWriteLocations, refreshCredentialsEndpoint); - return new ScopedCredentialsResult(accessConfig); + return new ScopedCredentialsResult(storageAccessConfig); } catch (Exception ex) { return new ScopedCredentialsResult( BaseResult.ReturnStatus.SUBSCOPE_CREDS_ERROR, ex.getMessage()); diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisStorageIntegration.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisStorageIntegration.java index 1828d01c81..8a2ae7c3a8 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisStorageIntegration.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisStorageIntegration.java @@ -62,7 +62,7 @@ public String getStorageIdentifierOrId() { * handling the relative path * @return An enum map including the scoped credentials */ - public abstract AccessConfig getSubscopedCreds( + public abstract StorageAccessConfig getSubscopedCreds( @Nonnull RealmConfig realmConfig, boolean allowListOperation, @Nonnull Set allowedReadLocations, diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/AccessConfig.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/StorageAccessConfig.java similarity index 94% rename from polaris-core/src/main/java/org/apache/polaris/core/storage/AccessConfig.java rename to polaris-core/src/main/java/org/apache/polaris/core/storage/StorageAccessConfig.java index 94e74a3d66..19745322d2 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/AccessConfig.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/StorageAccessConfig.java @@ -26,7 +26,7 @@ import org.immutables.value.Value; @PolarisImmutable -public interface AccessConfig { +public interface StorageAccessConfig { Map credentials(); Map extraProperties(); @@ -57,8 +57,8 @@ default String get(StorageAccessProperty key) { } } - static AccessConfig.Builder builder() { - return ImmutableAccessConfig.builder(); + static StorageAccessConfig.Builder builder() { + return ImmutableStorageAccessConfig.builder(); } interface Builder { @@ -89,6 +89,6 @@ default Builder put(StorageAccessProperty key, String value) { } } - AccessConfig build(); + StorageAccessConfig build(); } } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java index 8023f7a607..e393911f71 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java @@ -28,8 +28,8 @@ import java.util.Set; import java.util.stream.Stream; import org.apache.polaris.core.config.RealmConfig; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.InMemoryStorageIntegration; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.apache.polaris.core.storage.StorageUtil; import org.apache.polaris.core.storage.aws.StsClientProvider.StsDestination; @@ -70,7 +70,7 @@ public AwsCredentialsStorageIntegration( /** {@inheritDoc} */ @Override - public AccessConfig getSubscopedCreds( + public StorageAccessConfig getSubscopedCreds( @Nonnull RealmConfig realmConfig, boolean allowListOperation, @Nonnull Set allowedReadLocations, @@ -80,7 +80,7 @@ public AccessConfig getSubscopedCreds( realmConfig.getConfig(STORAGE_CREDENTIAL_DURATION_SECONDS); AwsStorageConfigurationInfo storageConfig = config(); String region = storageConfig.getRegion(); - AccessConfig.Builder accessConfig = AccessConfig.builder(); + StorageAccessConfig.Builder accessConfig = StorageAccessConfig.builder(); if (shouldUseSts(storageConfig)) { AssumeRoleRequest.Builder request = diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegration.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegration.java index a043a7daa5..0b189b3116 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegration.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegration.java @@ -49,8 +49,8 @@ import java.util.Optional; import java.util.Set; import org.apache.polaris.core.config.RealmConfig; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.InMemoryStorageIntegration; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -73,7 +73,7 @@ public AzureCredentialsStorageIntegration(AzureStorageConfigurationInfo config) } @Override - public AccessConfig getSubscopedCreds( + public StorageAccessConfig getSubscopedCreds( @Nonnull RealmConfig realmConfig, boolean allowListOperation, @Nonnull Set allowedReadLocations, @@ -176,12 +176,12 @@ public AccessConfig getSubscopedCreds( } @VisibleForTesting - static AccessConfig toAccessConfig( + static StorageAccessConfig toAccessConfig( String sasToken, String storageDnsName, Instant expiresAt, Optional refreshCredentialsEndpoint) { - AccessConfig.Builder accessConfig = AccessConfig.builder(); + StorageAccessConfig.Builder accessConfig = StorageAccessConfig.builder(); handleAzureCredential(accessConfig, sasToken, storageDnsName, expiresAt); accessConfig.put( StorageAccessProperty.EXPIRATION_TIME, String.valueOf(expiresAt.toEpochMilli())); @@ -193,7 +193,7 @@ static AccessConfig toAccessConfig( } private static void handleAzureCredential( - AccessConfig.Builder config, String sasToken, String host, Instant expiresAt) { + StorageAccessConfig.Builder config, String sasToken, String host, Instant expiresAt) { config.putCredential(StorageAccessProperty.AZURE_SAS_TOKEN.getPropertyName() + host, sasToken); config.putCredential( StorageAccessProperty.AZURE_SAS_TOKEN_EXPIRES_AT_MS_PREFIX.getPropertyName() + host, diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java index 82de799152..94fef66874 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java @@ -37,8 +37,8 @@ import org.apache.polaris.core.entity.PolarisEntity; import org.apache.polaris.core.entity.PolarisEntityType; import org.apache.polaris.core.persistence.dao.entity.ScopedCredentialsResult; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisCredentialVendor; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -103,7 +103,7 @@ private long maxCacheDurationMs(RealmConfig realmConfig) { * @param allowedWriteLocations a set of allowed to write locations. * @return the a map of string containing the scoped creds information */ - public AccessConfig getOrGenerateSubScopeCreds( + public StorageAccessConfig getOrGenerateSubScopeCreds( @Nonnull PolarisCredentialVendor credentialVendor, @Nonnull PolarisCallContext callCtx, @Nonnull PolarisEntity polarisEntity, @@ -156,11 +156,11 @@ public AccessConfig getOrGenerateSubScopeCreds( @VisibleForTesting @Nullable Map getIfPresent(StorageCredentialCacheKey key) { - return getAccessConfig(key).map(AccessConfig::credentials).orElse(null); + return getAccessConfig(key).map(StorageAccessConfig::credentials).orElse(null); } @VisibleForTesting - Optional getAccessConfig(StorageCredentialCacheKey key) { + Optional getAccessConfig(StorageCredentialCacheKey key) { return Optional.ofNullable(cache.getIfPresent(key)) .map(StorageCredentialCacheEntry::toAccessConfig); } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheEntry.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheEntry.java index 7f5789ecbf..1141b34bfb 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheEntry.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheEntry.java @@ -19,17 +19,18 @@ package org.apache.polaris.core.storage.cache; import java.time.Instant; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; /** A storage credential cached entry. */ public class StorageCredentialCacheEntry { /** The scoped creds map that is fetched from a creds vending service */ - public final AccessConfig accessConfig; + public final StorageAccessConfig storageAccessConfig; private final long maxCacheDurationMs; - public StorageCredentialCacheEntry(AccessConfig accessConfig, long maxCacheDurationMs) { - this.accessConfig = accessConfig; + public StorageCredentialCacheEntry( + StorageAccessConfig storageAccessConfig, long maxCacheDurationMs) { + this.storageAccessConfig = storageAccessConfig; this.maxCacheDurationMs = maxCacheDurationMs; } @@ -39,7 +40,7 @@ public long getMaxCacheDurationMs() { /** Get the expiration time in millisecond for the cached entry */ public long getExpirationTime() { - return accessConfig.expiresAt().map(Instant::toEpochMilli).orElse(Long.MAX_VALUE); + return storageAccessConfig.expiresAt().map(Instant::toEpochMilli).orElse(Long.MAX_VALUE); } /** @@ -47,7 +48,7 @@ public long getExpirationTime() { * * @return a map of string representing the subscoped creds info. */ - AccessConfig toAccessConfig() { - return accessConfig; + StorageAccessConfig toAccessConfig() { + return storageAccessConfig; } } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/gcp/GcpCredentialsStorageIntegration.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/gcp/GcpCredentialsStorageIntegration.java index c0568cc9b5..5f524d9ae4 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/gcp/GcpCredentialsStorageIntegration.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/gcp/GcpCredentialsStorageIntegration.java @@ -39,9 +39,9 @@ import java.util.Set; import java.util.stream.Stream; import org.apache.polaris.core.config.RealmConfig; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.InMemoryStorageIntegration; import org.apache.polaris.core.storage.PolarisStorageIntegration; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.apache.polaris.core.storage.StorageUtil; import org.slf4j.Logger; @@ -72,7 +72,7 @@ public GcpCredentialsStorageIntegration( } @Override - public AccessConfig getSubscopedCreds( + public StorageAccessConfig getSubscopedCreds( @Nonnull RealmConfig realmConfig, boolean allowListOperation, @Nonnull Set allowedReadLocations, @@ -109,7 +109,7 @@ public AccessConfig getSubscopedCreds( // If expires_in missing, use source credential's expire time, which require another api call to // get. - AccessConfig.Builder accessConfig = AccessConfig.builder(); + StorageAccessConfig.Builder accessConfig = StorageAccessConfig.builder(); accessConfig.put(StorageAccessProperty.GCS_ACCESS_TOKEN, token.getTokenValue()); accessConfig.put( StorageAccessProperty.GCS_ACCESS_TOKEN_EXPIRES_AT, diff --git a/polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java index 9ba5271ab4..e9640cef81 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java @@ -194,7 +194,7 @@ public MockInMemoryStorageIntegration() { } @Override - public AccessConfig getSubscopedCreds( + public StorageAccessConfig getSubscopedCreds( @Nonnull RealmConfig realmConfig, boolean allowListOperation, @Nonnull Set allowedReadLocations, diff --git a/polaris-core/src/test/java/org/apache/polaris/core/storage/AccessConfigTest.java b/polaris-core/src/test/java/org/apache/polaris/core/storage/StorageAccessConfigTest.java similarity index 87% rename from polaris-core/src/test/java/org/apache/polaris/core/storage/AccessConfigTest.java rename to polaris-core/src/test/java/org/apache/polaris/core/storage/StorageAccessConfigTest.java index 57e1f14650..98fad9ef9b 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/storage/AccessConfigTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/storage/StorageAccessConfigTest.java @@ -30,14 +30,14 @@ import java.util.Map; import org.junit.jupiter.api.Test; -public class AccessConfigTest { +public class StorageAccessConfigTest { @Test public void testPutGet() { - AccessConfig.Builder b = AccessConfig.builder(); + StorageAccessConfig.Builder b = StorageAccessConfig.builder(); b.put(AWS_ENDPOINT, "ep1"); b.put(AWS_SECRET_KEY, "sk2"); - AccessConfig c = b.build(); + StorageAccessConfig c = b.build(); assertThat(c.credentials()).isEqualTo(Map.of(AWS_SECRET_KEY.getPropertyName(), "sk2")); assertThat(c.extraProperties()).isEqualTo(Map.of(AWS_ENDPOINT.getPropertyName(), "ep1")); assertThat(c.get(AWS_SECRET_KEY)).isEqualTo("sk2"); @@ -46,19 +46,19 @@ public void testPutGet() { @Test public void testGetExtraProperty() { - AccessConfig.Builder b = AccessConfig.builder(); + StorageAccessConfig.Builder b = StorageAccessConfig.builder(); b.putExtraProperty(AWS_ENDPOINT.getPropertyName(), "extra"); - AccessConfig c = b.build(); + StorageAccessConfig c = b.build(); assertThat(c.extraProperties()).isEqualTo(Map.of(AWS_ENDPOINT.getPropertyName(), "extra")); assertThat(c.get(AWS_ENDPOINT)).isEqualTo("extra"); } @Test public void testGetInternalProperty() { - AccessConfig.Builder b = AccessConfig.builder(); + StorageAccessConfig.Builder b = StorageAccessConfig.builder(); b.putExtraProperty(AWS_ENDPOINT.getPropertyName(), "extra"); b.putInternalProperty(AWS_ENDPOINT.getPropertyName(), "ep1"); - AccessConfig c = b.build(); + StorageAccessConfig c = b.build(); assertThat(c.extraProperties()).isEqualTo(Map.of(AWS_ENDPOINT.getPropertyName(), "extra")); assertThat(c.internalProperties()).isEqualTo(Map.of(AWS_ENDPOINT.getPropertyName(), "ep1")); assertThat(c.get(AWS_ENDPOINT)).isEqualTo("ep1"); @@ -66,11 +66,11 @@ public void testGetInternalProperty() { @Test public void testNoCredentialOverride() { - AccessConfig.Builder b = AccessConfig.builder(); + StorageAccessConfig.Builder b = StorageAccessConfig.builder(); b.put(AWS_SECRET_KEY, "sk-test"); b.putExtraProperty(AWS_SECRET_KEY.getPropertyName(), "sk-extra"); b.putInternalProperty(AWS_SECRET_KEY.getPropertyName(), "sk-internal"); - AccessConfig c = b.build(); + StorageAccessConfig c = b.build(); assertThat(c.get(AWS_SECRET_KEY)).isEqualTo("sk-test"); assertThat(c.extraProperties()).isEqualTo(Map.of(AWS_SECRET_KEY.getPropertyName(), "sk-extra")); assertThat(c.internalProperties()) @@ -79,7 +79,7 @@ public void testNoCredentialOverride() { @Test public void testExpiresAt() { - AccessConfig.Builder b = AccessConfig.builder(); + StorageAccessConfig.Builder b = StorageAccessConfig.builder(); assertThat(b.build().expiresAt()).isEmpty(); b.put(GCS_ACCESS_TOKEN_EXPIRES_AT, "111"); assertThat(b.build().expiresAt()).hasValue(Instant.ofEpochMilli(111)); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegrationTest.java index 794ae25fe5..eda958fcac 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegrationTest.java @@ -23,7 +23,7 @@ import java.time.Instant; import java.util.Optional; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.assertj.core.api.Assertions; import org.junit.jupiter.api.Test; @@ -34,7 +34,7 @@ public class AzureCredentialsStorageIntegrationTest { public void testAzureCredentialFormatting() { Instant expiresAt = Instant.ofEpochMilli(Long.MAX_VALUE); - AccessConfig noSuffixResult = + StorageAccessConfig noSuffixResult = toAccessConfig("sasToken", "some_account", expiresAt, Optional.empty()); Assertions.assertThat(noSuffixResult.credentials()).hasSize(3); Assertions.assertThat(noSuffixResult.credentials()).containsKey("adls.sas-token.some_account"); @@ -44,7 +44,7 @@ public void testAzureCredentialFormatting() { .doesNotContainKey( StorageAccessProperty.AZURE_REFRESH_CREDENTIALS_ENDPOINT.getPropertyName()); - AccessConfig adlsSuffixResult = + StorageAccessConfig adlsSuffixResult = toAccessConfig( "sasToken", "some_account." + AzureLocation.ADLS_ENDPOINT, @@ -63,7 +63,7 @@ public void testAzureCredentialFormatting() { StorageAccessProperty.AZURE_REFRESH_CREDENTIALS_ENDPOINT.getPropertyName(), "endpoint/credentials"); - AccessConfig blobSuffixResult = + StorageAccessConfig blobSuffixResult = toAccessConfig( "sasToken", "some_account." + AzureLocation.BLOB_ENDPOINT, expiresAt, Optional.empty()); Assertions.assertThat(blobSuffixResult.credentials()).hasSize(4); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java b/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java index a51badf4b8..f1e5ac1f61 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java @@ -42,7 +42,7 @@ import org.apache.polaris.core.persistence.transactional.TransactionalPersistence; import org.apache.polaris.core.persistence.transactional.TreeMapMetaStore; import org.apache.polaris.core.persistence.transactional.TreeMapTransactionalPersistenceImpl; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.assertj.core.api.Assertions; import org.junit.jupiter.api.RepeatedTest; @@ -412,7 +412,7 @@ private static List getFakeScopedCreds(int number, bool : String.valueOf(Long.MAX_VALUE); res.add( new ScopedCredentialsResult( - AccessConfig.builder() + StorageAccessConfig.builder() .put(StorageAccessProperty.AWS_KEY_ID, "key_id_" + finalI) .put(StorageAccessProperty.AWS_SECRET_KEY, "key_secret_" + finalI) .put(StorageAccessProperty.AWS_SESSION_TOKEN_EXPIRES_AT_MS, expireTime) @@ -421,14 +421,14 @@ private static List getFakeScopedCreds(int number, bool if (res.size() == number) return res; res.add( new ScopedCredentialsResult( - AccessConfig.builder() + StorageAccessConfig.builder() .put(StorageAccessProperty.AZURE_SAS_TOKEN, "sas_token_" + finalI) .put(StorageAccessProperty.EXPIRATION_TIME, expireTime) .build())); if (res.size() == number) return res; res.add( new ScopedCredentialsResult( - AccessConfig.builder() + StorageAccessConfig.builder() .put(StorageAccessProperty.GCS_ACCESS_TOKEN, "gcs_token_" + finalI) .put(StorageAccessProperty.GCS_ACCESS_TOKEN_EXPIRES_AT, expireTime) .build())); @@ -459,7 +459,7 @@ public void testExtraProperties() { storageCredentialCache = newStorageCredentialCache(); ScopedCredentialsResult properties = new ScopedCredentialsResult( - AccessConfig.builder() + StorageAccessConfig.builder() .put(StorageAccessProperty.AWS_SECRET_KEY, "super-secret-123") .put(StorageAccessProperty.AWS_ENDPOINT, "test-endpoint1") .put(StorageAccessProperty.AWS_PATH_STYLE_ACCESS, "true") @@ -477,7 +477,7 @@ public void testExtraProperties() { .thenReturn(properties); List entityList = getPolarisEntities(); - AccessConfig config = + StorageAccessConfig config = storageCredentialCache.getOrGenerateSubScopeCreds( metaStoreManager, callCtx, diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java index ac1ba85fd2..fb0c63c403 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/aws/AwsCredentialsStorageIntegrationTest.java @@ -25,8 +25,8 @@ import java.util.List; import java.util.Optional; import java.util.Set; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.BaseStorageIntegrationTest; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.apache.polaris.core.storage.aws.AwsCredentialsStorageIntegration; import org.apache.polaris.core.storage.aws.AwsStorageConfigurationInfo; @@ -84,7 +84,7 @@ public void testGetSubscopedCreds(String scheme) { return ASSUME_ROLE_RESPONSE; }); String warehouseDir = scheme + "://bucket/path/to/warehouse"; - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = new AwsCredentialsStorageIntegration( AwsStorageConfigurationInfo.builder() .addAllowedLocation(warehouseDir) @@ -98,7 +98,7 @@ public void testGetSubscopedCreds(String scheme) { Set.of(warehouseDir + "/namespace/table"), Set.of(warehouseDir + "/namespace/table"), Optional.of("/namespace/table/credentials")); - assertThat(accessConfig.credentials()) + assertThat(storageAccessConfig.credentials()) .isNotEmpty() .containsEntry(StorageAccessProperty.AWS_TOKEN.getPropertyName(), "sess") .containsEntry(StorageAccessProperty.AWS_KEY_ID.getPropertyName(), "accessKey") @@ -106,7 +106,7 @@ public void testGetSubscopedCreds(String scheme) { .containsEntry( StorageAccessProperty.AWS_SESSION_TOKEN_EXPIRES_AT_MS.getPropertyName(), String.valueOf(EXPIRE_TIME.toEpochMilli())); - assertThat(accessConfig.extraProperties()) + assertThat(storageAccessConfig.extraProperties()) .containsEntry( StorageAccessProperty.AWS_REFRESH_CREDENTIALS_ENDPOINT.getPropertyName(), "/namespace/table/credentials"); @@ -254,7 +254,7 @@ public void testGetSubscopedCredsInlinePolicy(String awsPartition) { break; case AWS_PARTITION: case "aws-us-gov": - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = new AwsCredentialsStorageIntegration( AwsStorageConfigurationInfo.builder() .addAllowedLocation(s3Path(bucket, warehouseKeyPrefix)) @@ -269,7 +269,7 @@ public void testGetSubscopedCredsInlinePolicy(String awsPartition) { Set.of(s3Path(bucket, firstPath), s3Path(bucket, secondPath)), Set.of(s3Path(bucket, firstPath)), Optional.empty()); - assertThat(accessConfig.credentials()) + assertThat(storageAccessConfig.credentials()) .isNotEmpty() .containsEntry(StorageAccessProperty.AWS_TOKEN.getPropertyName(), "sess") .containsEntry(StorageAccessProperty.AWS_KEY_ID.getPropertyName(), "accessKey") @@ -355,7 +355,7 @@ public void testGetSubscopedCredsInlinePolicyWithoutList() { }); return ASSUME_ROLE_RESPONSE; }); - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = new AwsCredentialsStorageIntegration( AwsStorageConfigurationInfo.builder() .addAllowedLocation(s3Path(bucket, warehouseKeyPrefix)) @@ -370,7 +370,7 @@ public void testGetSubscopedCredsInlinePolicyWithoutList() { Set.of(s3Path(bucket, firstPath), s3Path(bucket, secondPath)), Set.of(s3Path(bucket, firstPath)), Optional.empty()); - assertThat(accessConfig.credentials()) + assertThat(storageAccessConfig.credentials()) .isNotEmpty() .containsEntry(StorageAccessProperty.AWS_TOKEN.getPropertyName(), "sess") .containsEntry(StorageAccessProperty.AWS_KEY_ID.getPropertyName(), "accessKey") @@ -450,7 +450,7 @@ public void testGetSubscopedCredsInlinePolicyWithoutWrites() { }); return ASSUME_ROLE_RESPONSE; }); - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = new AwsCredentialsStorageIntegration( AwsStorageConfigurationInfo.builder() .addAllowedLocation(s3Path(bucket, warehouseKeyPrefix)) @@ -465,7 +465,7 @@ public void testGetSubscopedCredsInlinePolicyWithoutWrites() { Set.of(s3Path(bucket, firstPath), s3Path(bucket, secondPath)), Set.of(), Optional.empty()); - assertThat(accessConfig.credentials()) + assertThat(storageAccessConfig.credentials()) .isNotEmpty() .containsEntry(StorageAccessProperty.AWS_TOKEN.getPropertyName(), "sess") .containsEntry(StorageAccessProperty.AWS_KEY_ID.getPropertyName(), "accessKey") @@ -517,7 +517,7 @@ public void testGetSubscopedCredsInlinePolicyWithEmptyReadAndWrite() { }); return ASSUME_ROLE_RESPONSE; }); - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = new AwsCredentialsStorageIntegration( AwsStorageConfigurationInfo.builder() .addAllowedLocation(s3Path(bucket, warehouseKeyPrefix)) @@ -532,7 +532,7 @@ public void testGetSubscopedCredsInlinePolicyWithEmptyReadAndWrite() { Set.of(), Set.of(), Optional.empty()); - assertThat(accessConfig.credentials()) + assertThat(storageAccessConfig.credentials()) .isNotEmpty() .containsEntry(StorageAccessProperty.AWS_TOKEN.getPropertyName(), "sess") .containsEntry(StorageAccessProperty.AWS_KEY_ID.getPropertyName(), "accessKey") @@ -578,7 +578,7 @@ public void testClientRegion(String awsPartition) { break; case AWS_PARTITION: case "aws-us-gov": - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = new AwsCredentialsStorageIntegration( AwsStorageConfigurationInfo.builder() .addAllowedLocation(s3Path(bucket, warehouseKeyPrefix)) @@ -593,7 +593,7 @@ public void testClientRegion(String awsPartition) { Set.of(), Set.of(), Optional.empty()); - assertThat(accessConfig.credentials()) + assertThat(storageAccessConfig.credentials()) .containsEntry(StorageAccessProperty.AWS_TOKEN.getPropertyName(), "sess") .containsEntry(StorageAccessProperty.AWS_KEY_ID.getPropertyName(), "accessKey") .containsEntry(StorageAccessProperty.AWS_SECRET_KEY.getPropertyName(), "secretKey") @@ -619,7 +619,7 @@ public void testNoClientRegion(String awsPartition) { }); switch (awsPartition) { case AWS_PARTITION: - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = new AwsCredentialsStorageIntegration( AwsStorageConfigurationInfo.builder() .addAllowedLocation(s3Path(bucket, warehouseKeyPrefix)) @@ -633,7 +633,7 @@ public void testNoClientRegion(String awsPartition) { Set.of(), Set.of(), Optional.empty()); - assertThat(accessConfig.credentials()) + assertThat(storageAccessConfig.credentials()) .isNotEmpty() .doesNotContainKey(StorageAccessProperty.CLIENT_REGION.getPropertyName()); break; diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/azure/AzureCredentialStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/azure/AzureCredentialStorageIntegrationTest.java index 96e4410007..42a8bd3272 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/azure/AzureCredentialStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/azure/AzureCredentialStorageIntegrationTest.java @@ -47,8 +47,8 @@ import java.util.List; import java.util.Optional; import java.util.stream.Stream; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.BaseStorageIntegrationTest; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.apache.polaris.core.storage.azure.AzureCredentialsStorageIntegration; import org.apache.polaris.core.storage.azure.AzureStorageConfigurationInfo; @@ -121,13 +121,13 @@ public void testGetSubscopedTokenList(boolean allowListAction, String service) { String.format( "abfss://container@icebergdfsstorageacct.%s.core.windows.net/polaris-test/", service)); - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = subscopedCredsForOperations( /* allowedReadLoc= */ allowedLoc, /* allowedWriteLoc= */ new ArrayList<>(), allowListAction); - Assertions.assertThat(accessConfig.credentials()).hasSize(2); - String sasToken = accessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN); + Assertions.assertThat(storageAccessConfig.credentials()).hasSize(2); + String sasToken = storageAccessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN); Assertions.assertThat(sasToken).isNotNull(); String serviceEndpoint = String.format("https://icebergdfsstorageacct.%s.core.windows.net", service); @@ -192,7 +192,7 @@ public void testGetSubscopedTokenRead( String.format( "abfss://container@icebergdfsstorageacct.%s.core.windows.net/%s", service, allowedPrefix)); - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = subscopedCredsForOperations( /* allowedReadLoc= */ allowedLoc, /* allowedWriteLoc= */ new ArrayList<>(), @@ -200,7 +200,7 @@ public void testGetSubscopedTokenRead( BlobClient blobClient = createBlobClient( - accessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), + storageAccessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), "https://icebergdfsstorageacct.dfs.core.windows.net", "container", allowedPrefix); @@ -231,7 +231,7 @@ public void testGetSubscopedTokenRead( // read fail because container is blocked BlobClient blobClientReadFail = createBlobClient( - accessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), + storageAccessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), String.format("https://icebergdfsstorageacct.%s.core.windows.net", service), "regtest", blockedPrefix); @@ -262,7 +262,7 @@ public void testGetSubscopedTokenWrite( String.format( "abfss://container@icebergdfsstorageacct.%s.core.windows.net/%s", service, allowedPrefix)); - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = subscopedCredsForOperations( /* allowedReadLoc= */ new ArrayList<>(), /* allowedWriteLoc= */ allowedLoc, @@ -271,13 +271,13 @@ public void testGetSubscopedTokenWrite( String.format("https://icebergdfsstorageacct.%s.core.windows.net", service); BlobClient blobClient = createBlobClient( - accessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), + storageAccessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), serviceEndpoint, "container", allowedPrefix + "metadata/00000-65ffa17b-fe64-4c38-bcb9-06f9bd12aa2a.metadata.json"); DataLakeFileClient fileClient = createDatalakeFileClient( - accessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), + storageAccessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), serviceEndpoint, "container", "polaris-test/scopedcreds/metadata", @@ -312,13 +312,13 @@ public void testGetSubscopedTokenWrite( String blockedContainer = "regtest"; BlobClient blobClientWriteFail = createBlobClient( - accessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), + storageAccessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), serviceEndpoint, blockedContainer, blockedPrefix); DataLakeFileClient fileClientFail = createDatalakeFileClient( - accessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), + storageAccessConfig.get(StorageAccessProperty.AZURE_SAS_TOKEN), serviceEndpoint, blockedContainer, "polaris-test/scopedcreds/metadata", @@ -339,7 +339,7 @@ public void testGetSubscopedTokenWrite( } } - private AccessConfig subscopedCredsForOperations( + private StorageAccessConfig subscopedCredsForOperations( List allowedReadLoc, List allowedWriteLoc, boolean allowListAction) { AzureStorageConfigurationInfo azureConfig = AzureStorageConfigurationInfo.builder() diff --git a/polaris-core/src/test/java/org/apache/polaris/service/storage/gcp/GcpCredentialsStorageIntegrationTest.java b/polaris-core/src/test/java/org/apache/polaris/service/storage/gcp/GcpCredentialsStorageIntegrationTest.java index c4f026d86a..b0be0883d8 100644 --- a/polaris-core/src/test/java/org/apache/polaris/service/storage/gcp/GcpCredentialsStorageIntegrationTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/service/storage/gcp/GcpCredentialsStorageIntegrationTest.java @@ -44,8 +44,8 @@ import java.util.List; import java.util.Optional; import java.util.Set; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.BaseStorageIntegrationTest; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.apache.polaris.core.storage.gcp.GcpCredentialsStorageIntegration; import org.apache.polaris.core.storage.gcp.GcpStorageConfigurationInfo; @@ -144,20 +144,20 @@ BlobInfo createStorageBlob(String bucket, String prefix, String fileName) { return BlobInfo.newBuilder(blobId).build(); } - private Storage createStorageClient(AccessConfig accessConfig) { + private Storage createStorageClient(StorageAccessConfig storageAccessConfig) { AccessToken accessToken = new AccessToken( - accessConfig.get(StorageAccessProperty.GCS_ACCESS_TOKEN), + storageAccessConfig.get(StorageAccessProperty.GCS_ACCESS_TOKEN), new Date( Long.parseLong( - accessConfig.get(StorageAccessProperty.GCS_ACCESS_TOKEN_EXPIRES_AT)))); + storageAccessConfig.get(StorageAccessProperty.GCS_ACCESS_TOKEN_EXPIRES_AT)))); return StorageOptions.newBuilder() .setCredentials(GoogleCredentials.create(accessToken)) .build() .getService(); } - private AccessConfig subscopedCredsForOperations( + private StorageAccessConfig subscopedCredsForOperations( List allowedReadLoc, List allowedWriteLoc, boolean allowListAction) throws IOException { GcpStorageConfigurationInfo gcpConfig = @@ -302,10 +302,10 @@ public void testRefreshCredentialsEndpointIsReturned() throws IOException { .isNotNull() .isNotEmpty(); - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = subscopedCredsForOperations( List.of("gs://bucket1/path/to/data"), List.of("gs://bucket1/path/to/data"), true); - assertThat(accessConfig.get(StorageAccessProperty.GCS_REFRESH_CREDENTIALS_ENDPOINT)) + assertThat(storageAccessConfig.get(StorageAccessProperty.GCS_REFRESH_CREDENTIALS_ENDPOINT)) .isEqualTo(REFRESH_ENDPOINT); } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java index c636fb075c..7136f0c961 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java @@ -81,7 +81,7 @@ import org.apache.polaris.service.catalog.api.IcebergRestCatalogApiService; import org.apache.polaris.service.catalog.api.IcebergRestConfigurationApiService; import org.apache.polaris.service.catalog.common.CatalogAdapter; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.config.ReservedProperties; import org.apache.polaris.service.context.catalog.CallContextCatalogFactory; import org.apache.polaris.service.events.listeners.PolarisEventListener; @@ -150,7 +150,7 @@ public class IcebergCatalogAdapter private final CatalogHandlerUtils catalogHandlerUtils; private final Instance externalCatalogFactories; private final PolarisEventListener polarisEventListener; - private final AccessConfigProvider accessConfigProvider; + private final StorageAccessConfigProvider storageAccessConfigProvider; private final PolarisMetricsReporter metricsReporter; @Inject @@ -169,7 +169,7 @@ public IcebergCatalogAdapter( CatalogHandlerUtils catalogHandlerUtils, @Any Instance externalCatalogFactories, PolarisEventListener polarisEventListener, - AccessConfigProvider accessConfigProvider, + StorageAccessConfigProvider storageAccessConfigProvider, PolarisMetricsReporter metricsReporter) { this.diagnostics = diagnostics; this.realmContext = realmContext; @@ -186,8 +186,8 @@ public IcebergCatalogAdapter( this.catalogHandlerUtils = catalogHandlerUtils; this.externalCatalogFactories = externalCatalogFactories; this.polarisEventListener = polarisEventListener; - this.accessConfigProvider = accessConfigProvider; - this.metricsReporter = metricsReporter; + this.storageAccessConfigProvider = storageAccessConfigProvider; + this.metricsReporter = metricsReporter; } /** @@ -228,7 +228,7 @@ IcebergCatalogHandler newHandlerWrapper(SecurityContext securityContext, String catalogHandlerUtils, externalCatalogFactories, polarisEventListener, - accessConfigProvider); + storageAccessConfigProvider); } @Override diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java index a10c7afe76..1de129cacc 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java @@ -99,14 +99,14 @@ import org.apache.polaris.core.persistence.pagination.Page; import org.apache.polaris.core.persistence.pagination.PageToken; import org.apache.polaris.core.persistence.resolver.ResolutionManifestFactory; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisStorageActions; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageUtil; import org.apache.polaris.service.catalog.AccessDelegationMode; import org.apache.polaris.service.catalog.SupportsNotifications; import org.apache.polaris.service.catalog.common.CatalogHandler; import org.apache.polaris.service.catalog.common.CatalogUtils; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.config.ReservedProperties; import org.apache.polaris.service.context.catalog.CallContextCatalogFactory; import org.apache.polaris.service.events.listeners.PolarisEventListener; @@ -139,7 +139,7 @@ public class IcebergCatalogHandler extends CatalogHandler implements AutoCloseab private final ReservedProperties reservedProperties; private final CatalogHandlerUtils catalogHandlerUtils; private final PolarisEventListener polarisEventListener; - private final AccessConfigProvider accessConfigProvider; + private final StorageAccessConfigProvider storageAccessConfigProvider; // Catalog instance will be initialized after authorizing resolver successfully resolves // the catalog entity. @@ -164,7 +164,7 @@ public IcebergCatalogHandler( CatalogHandlerUtils catalogHandlerUtils, Instance externalCatalogFactories, PolarisEventListener polarisEventListener, - AccessConfigProvider accessConfigProvider) { + StorageAccessConfigProvider storageAccessConfigProvider) { super( diagnostics, callContext, @@ -179,7 +179,7 @@ public IcebergCatalogHandler( this.reservedProperties = reservedProperties; this.catalogHandlerUtils = catalogHandlerUtils; this.polarisEventListener = polarisEventListener; - this.accessConfigProvider = accessConfigProvider; + this.storageAccessConfigProvider = storageAccessConfigProvider; } private CatalogEntity getResolvedCatalogEntity() { @@ -810,15 +810,15 @@ ALLOW_FEDERATED_CATALOGS_CREDENTIAL_VENDING, getResolvedCatalogEntity())) { validateRemoteTableLocations(tableIdentifier, tableLocations, resolvedStoragePath); } - AccessConfig accessConfig = - accessConfigProvider.getAccessConfig( + StorageAccessConfig storageAccessConfig = + storageAccessConfigProvider.getStorageAccessConfig( callContext, tableIdentifier, tableLocations, actions, refreshCredentialsEndpoint, resolvedStoragePath); - Map credentialConfig = accessConfig.credentials(); + Map credentialConfig = storageAccessConfig.credentials(); if (delegationModes.contains(VENDED_CREDENTIALS)) { if (!credentialConfig.isEmpty()) { responseBuilder.addAllConfig(credentialConfig); @@ -831,12 +831,12 @@ ALLOW_FEDERATED_CATALOGS_CREDENTIAL_VENDING, getResolvedCatalogEntity())) { Boolean skipCredIndirection = realmConfig.getConfig(FeatureConfiguration.SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION); Preconditions.checkArgument( - !accessConfig.supportsCredentialVending() || skipCredIndirection, + !storageAccessConfig.supportsCredentialVending() || skipCredIndirection, "Credential vending was requested for table %s, but no credentials are available", tableIdentifier); } } - responseBuilder.addAllConfig(accessConfig.extraProperties()); + responseBuilder.addAllConfig(storageAccessConfig.extraProperties()); } return responseBuilder; diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/DefaultFileIOFactory.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/DefaultFileIOFactory.java index a2e78524dc..c132322f5d 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/DefaultFileIOFactory.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/DefaultFileIOFactory.java @@ -27,7 +27,7 @@ import java.util.Map; import org.apache.iceberg.CatalogUtil; import org.apache.iceberg.io.FileIO; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; /** * A default FileIO factory implementation for creating Iceberg {@link FileIO} instances with @@ -45,7 +45,7 @@ public DefaultFileIOFactory() {} @Override public FileIO loadFileIO( - @Nonnull AccessConfig accessConfig, + @Nonnull StorageAccessConfig storageAccessConfig, @Nonnull String ioImplClassName, @Nonnull Map properties) { @@ -56,9 +56,9 @@ public FileIO loadFileIO( // Update with properties in case there are table-level overrides the credentials should // always override table-level properties, since storage configuration will be found at // whatever entity defines it - properties.putAll(accessConfig.credentials()); - properties.putAll(accessConfig.extraProperties()); - properties.putAll(accessConfig.internalProperties()); + properties.putAll(storageAccessConfig.credentials()); + properties.putAll(storageAccessConfig.extraProperties()); + properties.putAll(storageAccessConfig.internalProperties()); return loadFileIOInternal(ioImplClassName, properties); } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/FileIOUtil.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/FileIOUtil.java index f4a6320d67..7d5a112bba 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/FileIOUtil.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/FileIOUtil.java @@ -26,9 +26,9 @@ import org.apache.polaris.core.entity.PolarisEntity; import org.apache.polaris.core.entity.PolarisEntityConstants; import org.apache.polaris.core.persistence.PolarisResolvedPathWrapper; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisCredentialVendor; import org.apache.polaris.core.storage.PolarisStorageActions; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.cache.StorageCredentialCache; import org.apache.polaris.service.catalog.iceberg.IcebergCatalog; import org.slf4j.Logger; @@ -74,7 +74,7 @@ public static Optional findStorageInfoFromHierarchy( * and read/write metadata JSON files. * */ - public static AccessConfig refreshAccessConfig( + public static StorageAccessConfig refreshAccessConfig( CallContext callContext, StorageCredentialCache storageCredentialCache, PolarisCredentialVendor credentialVendor, @@ -93,7 +93,7 @@ public static AccessConfig refreshAccessConfig( .atDebug() .addKeyValue("tableIdentifier", tableIdentifier) .log("Skipping generation of subscoped creds for table"); - return AccessConfig.builder().build(); + return StorageAccessConfig.builder().build(); } boolean allowList = @@ -105,7 +105,7 @@ public static AccessConfig refreshAccessConfig( || storageActions.contains(PolarisStorageActions.ALL) ? tableLocations : Set.of(); - AccessConfig accessConfig = + StorageAccessConfig storageAccessConfig = storageCredentialCache.getOrGenerateSubScopeCreds( credentialVendor, callContext.getPolarisCallContext(), @@ -117,12 +117,12 @@ public static AccessConfig refreshAccessConfig( LOGGER .atDebug() .addKeyValue("tableIdentifier", tableIdentifier) - .addKeyValue("credentialKeys", accessConfig.credentials().keySet()) - .addKeyValue("extraProperties", accessConfig.extraProperties()) + .addKeyValue("credentialKeys", storageAccessConfig.credentials().keySet()) + .addKeyValue("extraProperties", storageAccessConfig.extraProperties()) .log("Loaded scoped credentials for table"); - if (accessConfig.credentials().isEmpty()) { + if (storageAccessConfig.credentials().isEmpty()) { LOGGER.debug("No credentials found for table"); } - return accessConfig; + return storageAccessConfig; } } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/AccessConfigProvider.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/StorageAccessConfigProvider.java similarity index 88% rename from runtime/service/src/main/java/org/apache/polaris/service/catalog/io/AccessConfigProvider.java rename to runtime/service/src/main/java/org/apache/polaris/service/catalog/io/StorageAccessConfigProvider.java index d336040273..80e62856ae 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/AccessConfigProvider.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/StorageAccessConfigProvider.java @@ -29,8 +29,8 @@ import org.apache.polaris.core.entity.PolarisEntity; import org.apache.polaris.core.persistence.MetaStoreManagerFactory; import org.apache.polaris.core.persistence.PolarisResolvedPathWrapper; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisStorageActions; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.cache.StorageCredentialCache; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,15 +43,15 @@ * primary entrypoint to get sub-scoped credentials for accessing table data. */ @ApplicationScoped -public class AccessConfigProvider { +public class StorageAccessConfigProvider { - private static final Logger LOGGER = LoggerFactory.getLogger(AccessConfigProvider.class); + private static final Logger LOGGER = LoggerFactory.getLogger(StorageAccessConfigProvider.class); private final StorageCredentialCache storageCredentialCache; private final MetaStoreManagerFactory metaStoreManagerFactory; @Inject - public AccessConfigProvider( + public StorageAccessConfigProvider( StorageCredentialCache storageCredentialCache, MetaStoreManagerFactory metaStoreManagerFactory) { this.storageCredentialCache = storageCredentialCache; @@ -68,10 +68,10 @@ public AccessConfigProvider( * to * @param refreshCredentialsEndpoint optional endpoint URL for clients to refresh credentials * @param resolvedPath the entity hierarchy to search for storage configuration - * @return {@link AccessConfig} with scoped credentials and metadata; empty if no storage config - * found + * @return {@link StorageAccessConfig} with scoped credentials and metadata; empty if no storage + * config found */ - public AccessConfig getAccessConfig( + public StorageAccessConfig getStorageAccessConfig( @Nonnull CallContext callContext, @Nonnull TableIdentifier tableIdentifier, @Nonnull Set tableLocations, @@ -89,7 +89,7 @@ public AccessConfig getAccessConfig( .atWarn() .addKeyValue("tableIdentifier", tableIdentifier) .log("Table entity has no storage configuration in its hierarchy"); - return AccessConfig.builder().supportsCredentialVending(false).build(); + return StorageAccessConfig.builder().supportsCredentialVending(false).build(); } return FileIOUtil.refreshAccessConfig( callContext, diff --git a/runtime/service/src/main/java/org/apache/polaris/service/storage/PolarisStorageIntegrationProviderImpl.java b/runtime/service/src/main/java/org/apache/polaris/service/storage/PolarisStorageIntegrationProviderImpl.java index 23ec20abc3..706acb4222 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/storage/PolarisStorageIntegrationProviderImpl.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/storage/PolarisStorageIntegrationProviderImpl.java @@ -32,11 +32,11 @@ import java.util.Set; import java.util.function.Supplier; import org.apache.polaris.core.config.RealmConfig; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisStorageActions; import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo; import org.apache.polaris.core.storage.PolarisStorageIntegration; import org.apache.polaris.core.storage.PolarisStorageIntegrationProvider; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.aws.AwsCredentialsStorageIntegration; import org.apache.polaris.core.storage.aws.AwsStorageConfigurationInfo; import org.apache.polaris.core.storage.aws.StsClientProvider; @@ -109,13 +109,13 @@ public PolarisStorageIntegrationProviderImpl( storageIntegration = new PolarisStorageIntegration<>((T) polarisStorageConfigurationInfo, "file") { @Override - public AccessConfig getSubscopedCreds( + public StorageAccessConfig getSubscopedCreds( @Nonnull RealmConfig realmConfig, boolean allowListOperation, @Nonnull Set allowedReadLocations, @Nonnull Set allowedWriteLocations, Optional refreshCredentialsEndpoint) { - return AccessConfig.builder().supportsCredentialVending(false).build(); + return StorageAccessConfig.builder().supportsCredentialVending(false).build(); } @Override diff --git a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java index 4b1799d8cf..77fc43efca 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java @@ -87,8 +87,8 @@ import org.apache.polaris.service.catalog.generic.PolarisGenericTableCatalog; import org.apache.polaris.service.catalog.iceberg.CatalogHandlerUtils; import org.apache.polaris.service.catalog.iceberg.IcebergCatalog; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; import org.apache.polaris.service.catalog.io.FileIOFactory; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.catalog.policy.PolicyCatalog; import org.apache.polaris.service.config.ReservedProperties; import org.apache.polaris.service.context.catalog.CallContextCatalogFactory; @@ -203,7 +203,7 @@ public Map getConfigOverrides() { @Inject protected PolarisConfigurationStore configurationStore; @Inject protected StorageCredentialCache storageCredentialCache; @Inject protected ResolverFactory resolverFactory; - @Inject protected AccessConfigProvider accessConfigProvider; + @Inject protected StorageAccessConfigProvider storageAccessConfigProvider; protected IcebergCatalog baseCatalog; protected PolarisGenericTableCatalog genericTableCatalog; diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/generic/AbstractPolarisGenericTableCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/generic/AbstractPolarisGenericTableCatalogTest.java index f4dceffe62..844601f615 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/generic/AbstractPolarisGenericTableCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/generic/AbstractPolarisGenericTableCatalogTest.java @@ -66,9 +66,9 @@ import org.apache.polaris.service.admin.PolarisAdminService; import org.apache.polaris.service.catalog.PolarisPassthroughResolutionView; import org.apache.polaris.service.catalog.iceberg.IcebergCatalog; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; import org.apache.polaris.service.catalog.io.DefaultFileIOFactory; import org.apache.polaris.service.catalog.io.FileIOFactory; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.config.ReservedProperties; import org.apache.polaris.service.events.listeners.NoOpPolarisEventListener; import org.apache.polaris.service.storage.PolarisStorageIntegrationProviderImpl; @@ -119,7 +119,7 @@ public abstract class AbstractPolarisGenericTableCatalogTest { private FileIOFactory fileIOFactory; private PolarisPrincipal authenticatedRoot; private PolarisEntity catalogEntity; - private AccessConfigProvider accessConfigProvider; + private StorageAccessConfigProvider storageAccessConfigProvider; protected static final Schema SCHEMA = new Schema( @@ -156,8 +156,8 @@ public void before(TestInfo testInfo) { metaStoreManagerFactory.getOrCreateSession(realmContext), configurationStore); realmConfig = polarisContext.getRealmConfig(); - accessConfigProvider = - new AccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); + storageAccessConfigProvider = + new StorageAccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); PrincipalEntity rootPrincipal = metaStoreManager.findRootPrincipal(polarisContext).orElseThrow(); diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java index fa05af7efd..ad5d530dbb 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java @@ -136,11 +136,11 @@ import org.apache.polaris.service.admin.PolarisAdminService; import org.apache.polaris.service.catalog.PolarisPassthroughResolutionView; import org.apache.polaris.service.catalog.Profiles; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; import org.apache.polaris.service.catalog.io.DefaultFileIOFactory; import org.apache.polaris.service.catalog.io.ExceptionMappingFileIO; import org.apache.polaris.service.catalog.io.FileIOFactory; import org.apache.polaris.service.catalog.io.MeasuredFileIOFactory; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.config.ReservedProperties; import org.apache.polaris.service.events.IcebergRestCatalogEvents; import org.apache.polaris.service.events.listeners.PolarisEventListener; @@ -252,7 +252,7 @@ public Map getConfigOverrides() { private PolarisPrincipal authenticatedRoot; private TestPolarisEventListener testPolarisEventListener; private ReservedProperties reservedProperties; - private AccessConfigProvider accessConfigProvider; + private StorageAccessConfigProvider storageAccessConfigProvider; @BeforeAll public static void setUpMocks() { @@ -290,8 +290,8 @@ public void before(TestInfo testInfo) { metaStoreManagerFactory.getOrCreateSession(realmContext), configurationStore); realmConfig = polarisContext.getRealmConfig(); - accessConfigProvider = - new AccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); + storageAccessConfigProvider = + new StorageAccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); EntityCache entityCache = createEntityCache(diagServices, realmConfig, metaStoreManager); resolverFactory = (principal, referenceCatalogName) -> diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java index 2406108abb..c111255ebc 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java @@ -57,9 +57,9 @@ import org.apache.polaris.service.admin.PolarisAdminService; import org.apache.polaris.service.catalog.PolarisPassthroughResolutionView; import org.apache.polaris.service.catalog.Profiles; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; import org.apache.polaris.service.catalog.io.DefaultFileIOFactory; import org.apache.polaris.service.catalog.io.FileIOFactory; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.config.ReservedProperties; import org.apache.polaris.service.events.IcebergRestCatalogEvents; import org.apache.polaris.service.events.listeners.PolarisEventListener; @@ -121,7 +121,7 @@ public Map getConfigOverrides() { private UserSecretsManager userSecretsManager; private PolarisCallContext polarisContext; private RealmConfig realmConfig; - private AccessConfigProvider accessConfigProvider; + private StorageAccessConfigProvider storageAccessConfigProvider; private TestPolarisEventListener testPolarisEventListener; @@ -162,8 +162,8 @@ public void before(TestInfo testInfo) { metaStoreManagerFactory.getOrCreateSession(realmContext), configurationStore); realmConfig = polarisContext.getRealmConfig(); - accessConfigProvider = - new AccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); + storageAccessConfigProvider = + new StorageAccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); PrincipalEntity rootPrincipal = metaStoreManager.findRootPrincipal(polarisContext).orElseThrow(); PolarisPrincipal authenticatedRoot = PolarisPrincipal.of(rootPrincipal, Set.of()); diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerAuthzTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerAuthzTest.java index 924e376e4b..102a29aaeb 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerAuthzTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerAuthzTest.java @@ -134,7 +134,7 @@ private IcebergCatalogHandler newWrapper( catalogHandlerUtils, emptyExternalCatalogFactory(), polarisEventListener, - accessConfigProvider); + storageAccessConfigProvider); } protected void doTestInsufficientPrivileges( @@ -274,7 +274,7 @@ public void testInsufficientPermissionsPriorToSecretRotation() { catalogHandlerUtils, emptyExternalCatalogFactory(), polarisEventListener, - accessConfigProvider); + storageAccessConfigProvider); // a variety of actions are all disallowed because the principal's credentials must be rotated doTestInsufficientPrivileges( @@ -312,7 +312,7 @@ public void testInsufficientPermissionsPriorToSecretRotation() { catalogHandlerUtils, emptyExternalCatalogFactory(), polarisEventListener, - accessConfigProvider); + storageAccessConfigProvider); doTestSufficientPrivilegeSets( List.of(Set.of(PolarisPrivilege.NAMESPACE_LIST)), @@ -1189,7 +1189,7 @@ public T getConfig(PolarisConfiguration config, CatalogEntity catalogEnti catalogHandlerUtils, emptyExternalCatalogFactory(), polarisEventListener, - accessConfigProvider); + storageAccessConfigProvider); } @Test diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerFineGrainedDisabledTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerFineGrainedDisabledTest.java index 7c5ae41b61..0b4fcc910e 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerFineGrainedDisabledTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerFineGrainedDisabledTest.java @@ -71,7 +71,7 @@ private IcebergCatalogHandler newWrapper() { catalogHandlerUtils, emptyExternalCatalogFactory(), polarisEventListener, - accessConfigProvider); + storageAccessConfigProvider); } public static class Profile extends PolarisAuthzTestBase.Profile { diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/policy/AbstractPolicyCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/policy/AbstractPolicyCatalogTest.java index 69b9cde7b6..1f2cfc759f 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/policy/AbstractPolicyCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/policy/AbstractPolicyCatalogTest.java @@ -78,9 +78,9 @@ import org.apache.polaris.service.admin.PolarisAdminService; import org.apache.polaris.service.catalog.PolarisPassthroughResolutionView; import org.apache.polaris.service.catalog.iceberg.IcebergCatalog; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; import org.apache.polaris.service.catalog.io.DefaultFileIOFactory; import org.apache.polaris.service.catalog.io.FileIOFactory; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.config.ReservedProperties; import org.apache.polaris.service.events.listeners.NoOpPolarisEventListener; import org.apache.polaris.service.storage.PolarisStorageIntegrationProviderImpl; @@ -145,7 +145,7 @@ public abstract class AbstractPolicyCatalogTest { private FileIOFactory fileIOFactory; private PolarisPrincipal authenticatedRoot; private PolarisEntity catalogEntity; - private AccessConfigProvider accessConfigProvider; + private StorageAccessConfigProvider storageAccessConfigProvider; @BeforeAll public static void setUpMocks() { @@ -177,8 +177,8 @@ public void before(TestInfo testInfo) { metaStoreManagerFactory.getOrCreateSession(realmContext), configurationStore); realmConfig = polarisContext.getRealmConfig(); - accessConfigProvider = - new AccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); + storageAccessConfigProvider = + new StorageAccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); PrincipalEntity rootPrincipal = metaStoreManager.findRootPrincipal(polarisContext).orElseThrow(); diff --git a/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java b/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java index 030e00b731..e22237187c 100644 --- a/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java +++ b/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java @@ -70,9 +70,9 @@ import org.apache.polaris.service.catalog.api.IcebergRestConfigurationApi; import org.apache.polaris.service.catalog.iceberg.CatalogHandlerUtils; import org.apache.polaris.service.catalog.iceberg.IcebergCatalogAdapter; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; import org.apache.polaris.service.catalog.io.FileIOFactory; import org.apache.polaris.service.catalog.io.MeasuredFileIOFactory; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.config.ReservedProperties; import org.apache.polaris.service.context.catalog.CallContextCatalogFactory; import org.apache.polaris.service.context.catalog.PolarisCallContextCatalogFactory; @@ -112,7 +112,7 @@ public record TestServices( FileIOFactory fileIOFactory, TaskExecutor taskExecutor, PolarisEventListener polarisEventListener, - AccessConfigProvider accessConfigProvider) { + StorageAccessConfigProvider storageAccessConfigProvider) { private static final RealmContext TEST_REALM = () -> "test-realm"; private static final String GCP_ACCESS_TOKEN = "abc"; @@ -273,8 +273,8 @@ public String getAuthenticationScheme() { PolarisCredentialManager credentialManager = new DefaultPolarisCredentialManager(realmContext, mockCredentialVendors); - AccessConfigProvider accessConfigProvider = - new AccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); + StorageAccessConfigProvider storageAccessConfigProvider = + new StorageAccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); FileIOFactory fileIOFactory = fileIOFactorySupplier.get(); TaskExecutor taskExecutor = Mockito.mock(TaskExecutor.class); @@ -285,7 +285,7 @@ public String getAuthenticationScheme() { diagnostics, resolverFactory, taskExecutor, - accessConfigProvider, + storageAccessConfigProvider, fileIOFactory, polarisEventListener, metaStoreManager, @@ -317,7 +317,7 @@ public String getAuthenticationScheme() { catalogHandlerUtils, externalCatalogFactory, polarisEventListener, - accessConfigProvider, + storageAccessConfigProvider, new DefaultMetricsReporter()); IcebergRestCatalogApi restApi = new IcebergRestCatalogApi(catalogService); @@ -359,7 +359,7 @@ public String getAuthenticationScheme() { fileIOFactory, taskExecutor, polarisEventListener, - accessConfigProvider); + storageAccessConfigProvider); } } From 940e246fffb9d477b00d9080d76536e49a5dad41 Mon Sep 17 00:00:00 2001 From: Nuoya Jiang Date: Fri, 24 Oct 2025 20:17:18 -0500 Subject: [PATCH 2/3] rename getStorageAccessConfig() and added javadoc --- .../core/persistence/dao/entity/ScopedCredentialsResult.java | 4 ++-- .../polaris/core/storage/cache/StorageCredentialCache.java | 2 +- .../service/catalog/iceberg/AbstractIcebergCatalogTest.java | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java index bf34216f41..3e9807b08a 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java @@ -43,14 +43,14 @@ public ScopedCredentialsResult( /** * Constructor for success * - * @param storageAccessConfig credentials + * @param storageAccessConfig credentials generated by a successful getSubscopedCredsForEntity() */ public ScopedCredentialsResult(StorageAccessConfig storageAccessConfig) { super(ReturnStatus.SUCCESS); this.storageAccessConfig = storageAccessConfig; } - public StorageAccessConfig getAccessConfig() { + public StorageAccessConfig getStorageAccessConfig() { return storageAccessConfig; } } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java b/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java index 94fef66874..93f5e351ab 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java @@ -140,7 +140,7 @@ public StorageAccessConfig getOrGenerateSubScopeCreds( if (scopedCredentialsResult.isSuccess()) { long maxCacheDurationMs = maxCacheDurationMs(callCtx.getRealmConfig()); return new StorageCredentialCacheEntry( - scopedCredentialsResult.getAccessConfig(), maxCacheDurationMs); + scopedCredentialsResult.getStorageAccessConfig(), maxCacheDurationMs); } LOGGER .atDebug() diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java index ad5d530dbb..376f5a6f6b 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java @@ -1905,7 +1905,7 @@ public void testDropTableWithPurge() { Set.of(tableMetadata.location()), Set.of(tableMetadata.location()), Optional.empty()) - .getAccessConfig() + .getStorageAccessConfig() .credentials(); Assertions.assertThat(credentials) .isNotNull() From 722227c6b89526e17057b2b6fda80d460e89eeda Mon Sep 17 00:00:00 2001 From: Nuoya Jiang Date: Sat, 8 Nov 2025 15:36:36 -0600 Subject: [PATCH 3/3] resolve merge conflict --- .../dao/entity/ScopedCredentialsResult.java | 6 +----- .../service/catalog/iceberg/IcebergCatalog.java | 16 ++++++++-------- .../catalog/iceberg/IcebergCatalogAdapter.java | 2 +- .../service/catalog/io/FileIOFactory.java | 7 ++++--- .../catalog/io/WasbTranslatingFileIOFactory.java | 4 ++-- .../PolarisCallContextCatalogFactory.java | 10 +++++----- .../polaris/service/task/TaskFileIOSupplier.java | 16 ++++++++-------- .../service/admin/PolarisAuthzTestBase.java | 4 ++-- .../AbstractPolarisGenericTableCatalogTest.java | 4 ++-- .../iceberg/AbstractIcebergCatalogTest.java | 10 +++++----- .../iceberg/AbstractIcebergCatalogViewTest.java | 2 +- .../iceberg/IcebergCatalogHandlerAuthzTest.java | 2 +- .../service/catalog/io/FileIOFactoryTest.java | 5 +++-- .../policy/AbstractPolicyCatalogTest.java | 2 +- .../task/BatchFileCleanupTaskHandlerTest.java | 4 ++-- .../task/ManifestFileCleanupTaskHandlerTest.java | 4 ++-- .../task/TableCleanupTaskHandlerTest.java | 4 ++-- .../service/task/TaskExecutorImplTest.java | 2 +- .../polaris/service/TestFileIOFactory.java | 4 ++-- .../org/apache/polaris/service/TestServices.java | 6 +++--- .../catalog/io/MeasuredFileIOFactory.java | 6 +++--- 21 files changed, 59 insertions(+), 61 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java index 3e9807b08a..fab339243f 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java @@ -40,11 +40,7 @@ public ScopedCredentialsResult( this.storageAccessConfig = null; } - /** - * Constructor for success - * - * @param storageAccessConfig credentials generated by a successful getSubscopedCredsForEntity() - */ + /** Constructor for success */ public ScopedCredentialsResult(StorageAccessConfig storageAccessConfig) { super(ReturnStatus.SUCCESS); this.storageAccessConfig = storageAccessConfig; diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java index 75742412e3..89624418a6 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java @@ -119,16 +119,16 @@ import org.apache.polaris.core.persistence.resolver.ResolverFactory; import org.apache.polaris.core.persistence.resolver.ResolverPath; import org.apache.polaris.core.persistence.resolver.ResolverStatus; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisStorageActions; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageLocation; import org.apache.polaris.core.storage.StorageUtil; import org.apache.polaris.service.catalog.SupportsNotifications; import org.apache.polaris.service.catalog.common.CatalogUtils; import org.apache.polaris.service.catalog.common.LocationUtils; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; import org.apache.polaris.service.catalog.io.FileIOFactory; import org.apache.polaris.service.catalog.io.FileIOUtil; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.catalog.validation.IcebergPropertiesValidation; import org.apache.polaris.service.events.IcebergRestCatalogEvents; import org.apache.polaris.service.events.listeners.PolarisEventListener; @@ -179,7 +179,7 @@ public class IcebergCatalog extends BaseMetastoreViewCatalog private long catalogId = -1; private String defaultBaseLocation; private Map catalogProperties; - private final AccessConfigProvider accessConfigProvider; + private final StorageAccessConfigProvider storageAccessConfigProvider; private FileIOFactory fileIOFactory; private PolarisMetaStoreManager metaStoreManager; @@ -197,7 +197,7 @@ public IcebergCatalog( PolarisResolutionManifestCatalogView resolvedEntityView, PolarisPrincipal principal, TaskExecutor taskExecutor, - AccessConfigProvider accessConfigProvider, + StorageAccessConfigProvider storageAccessConfigProvider, FileIOFactory fileIOFactory, PolarisEventListener polarisEventListener) { this.diagnostics = diagnostics; @@ -210,7 +210,7 @@ public IcebergCatalog( this.taskExecutor = taskExecutor; this.catalogId = catalogEntity.getId(); this.catalogName = catalogEntity.getName(); - this.accessConfigProvider = accessConfigProvider; + this.storageAccessConfigProvider = storageAccessConfigProvider; this.fileIOFactory = fileIOFactory; this.metaStoreManager = metaStoreManager; this.polarisEventListener = polarisEventListener; @@ -2078,8 +2078,8 @@ private FileIO loadFileIOForTableLike( PolarisResolvedPathWrapper resolvedStorageEntity, Map tableProperties, Set storageActions) { - AccessConfig accessConfig = - accessConfigProvider.getAccessConfig( + StorageAccessConfig storageAccessConfig = + storageAccessConfigProvider.getStorageAccessConfig( callContext, identifier, readLocations, @@ -2087,7 +2087,7 @@ private FileIO loadFileIOForTableLike( Optional.empty(), resolvedStorageEntity); // Reload fileIO based on table specific context - FileIO fileIO = fileIOFactory.loadFileIO(accessConfig, ioImplClassName, tableProperties); + FileIO fileIO = fileIOFactory.loadFileIO(storageAccessConfig, ioImplClassName, tableProperties); // ensure the new fileIO is closed when the catalog is closed closeableGroup.addCloseable(fileIO); return fileIO; diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java index 7136f0c961..352d1a81cc 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java @@ -187,7 +187,7 @@ public IcebergCatalogAdapter( this.externalCatalogFactories = externalCatalogFactories; this.polarisEventListener = polarisEventListener; this.storageAccessConfigProvider = storageAccessConfigProvider; - this.metricsReporter = metricsReporter; + this.metricsReporter = metricsReporter; } /** diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/FileIOFactory.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/FileIOFactory.java index 5c6007efa1..b9bfbf97e9 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/FileIOFactory.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/FileIOFactory.java @@ -22,7 +22,7 @@ import jakarta.enterprise.context.ApplicationScoped; import java.util.Map; import org.apache.iceberg.io.FileIO; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; /** * Interface for providing a way to construct FileIO objects, such as for reading/writing S3. @@ -37,13 +37,14 @@ public interface FileIOFactory { *

This method may obtain subscoped credentials to restrict the FileIO's permissions, ensuring * secure and limited access to the table's data and locations. * - * @param accessConfig the access configuration containing credentials and other properties. + * @param storageAccessConfig the storage access configuration containing credentials and other + * properties. * @param ioImplClassName the class name of the FileIO implementation to load. * @param properties configuration properties for the FileIO. * @return a configured FileIO instance. */ FileIO loadFileIO( - @Nonnull AccessConfig accessConfig, + @Nonnull StorageAccessConfig storageAccessConfig, @Nonnull String ioImplClassName, @Nonnull Map properties); } diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/WasbTranslatingFileIOFactory.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/WasbTranslatingFileIOFactory.java index 47617309ce..3e4b7f306f 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/WasbTranslatingFileIOFactory.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/catalog/io/WasbTranslatingFileIOFactory.java @@ -24,7 +24,7 @@ import jakarta.inject.Inject; import java.util.Map; import org.apache.iceberg.io.FileIO; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; /** A {@link FileIOFactory} that translates WASB paths to ABFS ones */ @ApplicationScoped @@ -40,7 +40,7 @@ public WasbTranslatingFileIOFactory() { @Override public FileIO loadFileIO( - @Nonnull AccessConfig accessConfig, + @Nonnull StorageAccessConfig accessConfig, @Nonnull String ioImplClassName, @Nonnull Map properties) { return new WasbTranslatingFileIO( diff --git a/runtime/service/src/main/java/org/apache/polaris/service/context/catalog/PolarisCallContextCatalogFactory.java b/runtime/service/src/main/java/org/apache/polaris/service/context/catalog/PolarisCallContextCatalogFactory.java index 70cb8e6b1d..65eb7f9d57 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/context/catalog/PolarisCallContextCatalogFactory.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/context/catalog/PolarisCallContextCatalogFactory.java @@ -32,8 +32,8 @@ import org.apache.polaris.core.persistence.resolver.PolarisResolutionManifest; import org.apache.polaris.core.persistence.resolver.ResolverFactory; import org.apache.polaris.service.catalog.iceberg.IcebergCatalog; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; import org.apache.polaris.service.catalog.io.FileIOFactory; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.apache.polaris.service.events.listeners.PolarisEventListener; import org.apache.polaris.service.task.TaskExecutor; import org.slf4j.Logger; @@ -46,7 +46,7 @@ public class PolarisCallContextCatalogFactory implements CallContextCatalogFacto private final PolarisDiagnostics diagnostics; private final TaskExecutor taskExecutor; - private final AccessConfigProvider accessConfigProvider; + private final StorageAccessConfigProvider storageAccessConfigProvider; private final FileIOFactory fileIOFactory; private final ResolverFactory resolverFactory; private final PolarisEventListener polarisEventListener; @@ -59,7 +59,7 @@ public PolarisCallContextCatalogFactory( PolarisDiagnostics diagnostics, ResolverFactory resolverFactory, TaskExecutor taskExecutor, - AccessConfigProvider accessConfigProvider, + StorageAccessConfigProvider storageAccessConfigProvider, FileIOFactory fileIOFactory, PolarisEventListener polarisEventListener, PolarisMetaStoreManager metaStoreManager, @@ -68,7 +68,7 @@ public PolarisCallContextCatalogFactory( this.diagnostics = diagnostics; this.resolverFactory = resolverFactory; this.taskExecutor = taskExecutor; - this.accessConfigProvider = accessConfigProvider; + this.storageAccessConfigProvider = storageAccessConfigProvider; this.fileIOFactory = fileIOFactory; this.polarisEventListener = polarisEventListener; this.metaStoreManager = metaStoreManager; @@ -94,7 +94,7 @@ public Catalog createCallContextCatalog(final PolarisResolutionManifest resolved resolvedManifest, principal, taskExecutor, - accessConfigProvider, + storageAccessConfigProvider, fileIOFactory, polarisEventListener); diff --git a/runtime/service/src/main/java/org/apache/polaris/service/task/TaskFileIOSupplier.java b/runtime/service/src/main/java/org/apache/polaris/service/task/TaskFileIOSupplier.java index 720f204fc2..b4c31d6921 100644 --- a/runtime/service/src/main/java/org/apache/polaris/service/task/TaskFileIOSupplier.java +++ b/runtime/service/src/main/java/org/apache/polaris/service/task/TaskFileIOSupplier.java @@ -33,21 +33,21 @@ import org.apache.polaris.core.entity.TaskEntity; import org.apache.polaris.core.persistence.PolarisResolvedPathWrapper; import org.apache.polaris.core.persistence.ResolvedPolarisEntity; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisStorageActions; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.service.catalog.io.FileIOFactory; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; @ApplicationScoped public class TaskFileIOSupplier { private final FileIOFactory fileIOFactory; - private final AccessConfigProvider accessConfigProvider; + private final StorageAccessConfigProvider accessConfigProvider; @Inject public TaskFileIOSupplier( - FileIOFactory fileIOFactory, AccessConfigProvider accessConfigProvider) { + FileIOFactory fileIOFactory, StorageAccessConfigProvider storageAccessConfigProvider) { this.fileIOFactory = fileIOFactory; - this.accessConfigProvider = accessConfigProvider; + this.accessConfigProvider = storageAccessConfigProvider; } public FileIO apply(TaskEntity task, TableIdentifier identifier, CallContext callContext) { @@ -62,14 +62,14 @@ public FileIO apply(TaskEntity task, TableIdentifier identifier, CallContext cal new ResolvedPolarisEntity(task, List.of(), List.of()); PolarisResolvedPathWrapper resolvedPath = new PolarisResolvedPathWrapper(List.of(resolvedTaskEntity)); - AccessConfig accessConfig = - accessConfigProvider.getAccessConfig( + StorageAccessConfig storageAccessConfig = + accessConfigProvider.getStorageAccessConfig( callContext, identifier, locations, storageActions, Optional.empty(), resolvedPath); String ioImpl = properties.getOrDefault( CatalogProperties.FILE_IO_IMPL, "org.apache.iceberg.io.ResolvingFileIO"); - return fileIOFactory.loadFileIO(accessConfig, ioImpl, properties); + return fileIOFactory.loadFileIO(storageAccessConfig, ioImpl, properties); } } diff --git a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java index 77fc43efca..0bb4856eb2 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/admin/PolarisAuthzTestBase.java @@ -499,7 +499,7 @@ private void initBaseCatalog() { passthroughView, authenticatedRoot, Mockito.mock(), - accessConfigProvider, + storageAccessConfigProvider, fileIOFactory, polarisEventListener); this.baseCatalog.initialize( @@ -527,7 +527,7 @@ public TestPolarisCallContextCatalogFactory( PolarisDiagnostics diagnostics, ResolverFactory resolverFactory, TaskExecutor taskExecutor, - AccessConfigProvider accessConfigProvider, + StorageAccessConfigProvider accessConfigProvider, FileIOFactory fileIOFactory, PolarisEventListener polarisEventListener, PolarisMetaStoreManager metaStoreManager, diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/generic/AbstractPolarisGenericTableCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/generic/AbstractPolarisGenericTableCatalogTest.java index 844601f615..5cda9c7981 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/generic/AbstractPolarisGenericTableCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/generic/AbstractPolarisGenericTableCatalogTest.java @@ -119,7 +119,7 @@ public abstract class AbstractPolarisGenericTableCatalogTest { private FileIOFactory fileIOFactory; private PolarisPrincipal authenticatedRoot; private PolarisEntity catalogEntity; - private StorageAccessConfigProvider storageAccessConfigProvider; + private StorageAccessConfigProvider storageAccessConfigProvider; protected static final Schema SCHEMA = new Schema( @@ -242,7 +242,7 @@ public void before(TestInfo testInfo) { passthroughView, authenticatedRoot, taskExecutor, - accessConfigProvider, + storageAccessConfigProvider, fileIOFactory, new NoOpPolarisEventListener()); this.icebergCatalog.initialize( diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java index 376f5a6f6b..3e7cc19850 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogTest.java @@ -126,9 +126,9 @@ import org.apache.polaris.core.persistence.resolver.ResolverFactory; import org.apache.polaris.core.secrets.UserSecretsManager; import org.apache.polaris.core.secrets.UserSecretsManagerFactory; -import org.apache.polaris.core.storage.AccessConfig; import org.apache.polaris.core.storage.PolarisStorageIntegration; import org.apache.polaris.core.storage.PolarisStorageIntegrationProvider; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.core.storage.StorageAccessProperty; import org.apache.polaris.core.storage.aws.AwsCredentialsStorageIntegration; import org.apache.polaris.core.storage.aws.AwsStorageConfigurationInfo; @@ -454,7 +454,7 @@ protected IcebergCatalog newIcebergCatalog( passthroughView, authenticatedRoot, taskExecutor, - accessConfigProvider, + storageAccessConfigProvider, fileIOFactory, polarisEventListener); } @@ -1914,7 +1914,7 @@ public void testDropTableWithPurge() { .containsEntry(StorageAccessProperty.AWS_SECRET_KEY.getPropertyName(), SECRET_ACCESS_KEY) .containsEntry(StorageAccessProperty.AWS_TOKEN.getPropertyName(), SESSION_TOKEN); FileIO fileIO = - new TaskFileIOSupplier(new DefaultFileIOFactory(), accessConfigProvider) + new TaskFileIOSupplier(new DefaultFileIOFactory(), storageAccessConfigProvider) .apply(taskEntity, TABLE, polarisContext); Assertions.assertThat(fileIO).isNotNull().isInstanceOf(ExceptionMappingFileIO.class); Assertions.assertThat(((ExceptionMappingFileIO) fileIO).getInnerIo()) @@ -2083,14 +2083,14 @@ public void testFileIOWrapper() { new FileIOFactory() { @Override public FileIO loadFileIO( - @Nonnull AccessConfig accessConfig, + @Nonnull StorageAccessConfig accessConfig, @Nonnull String ioImplClassName, @Nonnull Map properties) { return measured.loadFileIO( accessConfig, "org.apache.iceberg.inmemory.InMemoryFileIO", Map.of()); } }, - accessConfigProvider); + storageAccessConfigProvider); TableCleanupTaskHandler handler = new TableCleanupTaskHandler( diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java index c111255ebc..f8468d6bf1 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/AbstractIcebergCatalogViewTest.java @@ -215,7 +215,7 @@ public void before(TestInfo testInfo) { passthroughView, authenticatedRoot, Mockito.mock(), - accessConfigProvider, + storageAccessConfigProvider, fileIOFactory, polarisEventListener); Map properties = diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerAuthzTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerAuthzTest.java index 102a29aaeb..34118d6a71 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerAuthzTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandlerAuthzTest.java @@ -1894,7 +1894,7 @@ public void testSendNotificationSufficientPrivileges() { diagServices, resolverFactory, Mockito.mock(), - accessConfigProvider, + storageAccessConfigProvider, new DefaultFileIOFactory(), polarisEventListener, metaStoreManager, diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/io/FileIOFactoryTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/io/FileIOFactoryTest.java index 731ab6f071..673e0f2923 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/io/FileIOFactoryTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/io/FileIOFactoryTest.java @@ -169,7 +169,8 @@ public void testLoadFileIOForCleanupTask(String scheme) { Assertions.assertThat(tasks).hasSize(1); TaskEntity taskEntity = TaskEntity.of(tasks.get(0)); FileIO fileIO = - new TaskFileIOSupplier(testServices.fileIOFactory(), testServices.accessConfigProvider()) + new TaskFileIOSupplier( + testServices.fileIOFactory(), testServices.storageAccessConfigProvider()) .apply(taskEntity, TABLE, callContext); Assertions.assertThat(fileIO).isNotNull().isInstanceOf(ExceptionMappingFileIO.class); Assertions.assertThat(((ExceptionMappingFileIO) fileIO).getInnerIo()) @@ -216,7 +217,7 @@ IcebergCatalog createCatalog(TestServices services, String scheme) { passthroughView, services.principal(), services.taskExecutor(), - services.accessConfigProvider(), + services.storageAccessConfigProvider(), services.fileIOFactory(), services.polarisEventListener()); polarisCatalog.initialize( diff --git a/runtime/service/src/test/java/org/apache/polaris/service/catalog/policy/AbstractPolicyCatalogTest.java b/runtime/service/src/test/java/org/apache/polaris/service/catalog/policy/AbstractPolicyCatalogTest.java index 1f2cfc759f..3ee2faf340 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/catalog/policy/AbstractPolicyCatalogTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/catalog/policy/AbstractPolicyCatalogTest.java @@ -259,7 +259,7 @@ public void before(TestInfo testInfo) { passthroughView, authenticatedRoot, taskExecutor, - accessConfigProvider, + storageAccessConfigProvider, fileIOFactory, new NoOpPolarisEventListener()); this.icebergCatalog.initialize( diff --git a/runtime/service/src/test/java/org/apache/polaris/service/task/BatchFileCleanupTaskHandlerTest.java b/runtime/service/src/test/java/org/apache/polaris/service/task/BatchFileCleanupTaskHandlerTest.java index 28db39376e..b984ea8239 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/task/BatchFileCleanupTaskHandlerTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/task/BatchFileCleanupTaskHandlerTest.java @@ -49,7 +49,7 @@ import org.apache.polaris.core.persistence.BasePersistence; import org.apache.polaris.core.persistence.MetaStoreManagerFactory; import org.apache.polaris.service.TestFileIOFactory; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.junit.jupiter.api.Test; import org.mockito.Mockito; @@ -60,7 +60,7 @@ public class BatchFileCleanupTaskHandlerTest { private TaskFileIOSupplier buildTaskFileIOSupplier(FileIO fileIO) { return new TaskFileIOSupplier( - new TestFileIOFactory(fileIO), Mockito.mock(AccessConfigProvider.class)); + new TestFileIOFactory(fileIO), Mockito.mock(StorageAccessConfigProvider.class)); } private PolarisCallContext newCallContext() { diff --git a/runtime/service/src/test/java/org/apache/polaris/service/task/ManifestFileCleanupTaskHandlerTest.java b/runtime/service/src/test/java/org/apache/polaris/service/task/ManifestFileCleanupTaskHandlerTest.java index d9ca54fac4..5db3d78622 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/task/ManifestFileCleanupTaskHandlerTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/task/ManifestFileCleanupTaskHandlerTest.java @@ -45,7 +45,7 @@ import org.apache.polaris.core.persistence.BasePersistence; import org.apache.polaris.core.persistence.MetaStoreManagerFactory; import org.apache.polaris.service.TestFileIOFactory; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.junit.jupiter.api.Test; import org.mockito.Mockito; @@ -57,7 +57,7 @@ class ManifestFileCleanupTaskHandlerTest { private TaskFileIOSupplier buildTaskFileIOSupplier(FileIO fileIO) { return new TaskFileIOSupplier( - new TestFileIOFactory(fileIO), Mockito.mock(AccessConfigProvider.class)); + new TestFileIOFactory(fileIO), Mockito.mock(StorageAccessConfigProvider.class)); } private PolarisCallContext newCallContext() { diff --git a/runtime/service/src/test/java/org/apache/polaris/service/task/TableCleanupTaskHandlerTest.java b/runtime/service/src/test/java/org/apache/polaris/service/task/TableCleanupTaskHandlerTest.java index 8ebb96a421..c2569847f5 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/task/TableCleanupTaskHandlerTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/task/TableCleanupTaskHandlerTest.java @@ -51,7 +51,7 @@ import org.apache.polaris.core.persistence.PolarisMetaStoreManager; import org.apache.polaris.core.persistence.pagination.PageToken; import org.apache.polaris.service.TestFileIOFactory; -import org.apache.polaris.service.catalog.io.AccessConfigProvider; +import org.apache.polaris.service.catalog.io.StorageAccessConfigProvider; import org.assertj.core.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -72,7 +72,7 @@ class TableCleanupTaskHandlerTest { private TableCleanupTaskHandler newTableCleanupTaskHandler(FileIO fileIO) { TaskFileIOSupplier taskFileIOSupplier = new TaskFileIOSupplier( - new TestFileIOFactory(fileIO), Mockito.mock(AccessConfigProvider.class)); + new TestFileIOFactory(fileIO), Mockito.mock(StorageAccessConfigProvider.class)); return new TableCleanupTaskHandler( Mockito.mock(), clock, metaStoreManagerFactory, taskFileIOSupplier); } diff --git a/runtime/service/src/test/java/org/apache/polaris/service/task/TaskExecutorImplTest.java b/runtime/service/src/test/java/org/apache/polaris/service/task/TaskExecutorImplTest.java index d6743a3720..0c6061e5a1 100644 --- a/runtime/service/src/test/java/org/apache/polaris/service/task/TaskExecutorImplTest.java +++ b/runtime/service/src/test/java/org/apache/polaris/service/task/TaskExecutorImplTest.java @@ -64,7 +64,7 @@ void testEventsAreEmitted() { testServices.clock(), testServices.metaStoreManagerFactory(), new TaskFileIOSupplier( - testServices.fileIOFactory(), testServices.accessConfigProvider()), + testServices.fileIOFactory(), testServices.storageAccessConfigProvider()), testServices.polarisEventListener(), null); diff --git a/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestFileIOFactory.java b/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestFileIOFactory.java index 74f2fbc4cf..faffe363b9 100644 --- a/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestFileIOFactory.java +++ b/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestFileIOFactory.java @@ -22,7 +22,7 @@ import jakarta.annotation.Nonnull; import java.util.Map; import org.apache.iceberg.io.FileIO; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; import org.apache.polaris.service.catalog.io.FileIOFactory; /** A FileIOFactory that always returns the same FileIO instance. */ @@ -36,7 +36,7 @@ public TestFileIOFactory(@Nonnull FileIO fileIO) { @Override public FileIO loadFileIO( - @Nonnull AccessConfig accessConfig, + @Nonnull StorageAccessConfig accessConfig, @Nonnull String ioImplClassName, @Nonnull Map properties) { return fileIO; diff --git a/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java b/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java index e22237187c..6041d2c489 100644 --- a/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java +++ b/runtime/service/src/testFixtures/java/org/apache/polaris/service/TestServices.java @@ -273,7 +273,7 @@ public String getAuthenticationScheme() { PolarisCredentialManager credentialManager = new DefaultPolarisCredentialManager(realmContext, mockCredentialVendors); - StorageAccessConfigProvider storageAccessConfigProvider = + StorageAccessConfigProvider storageAccessConfigProvider = new StorageAccessConfigProvider(storageCredentialCache, metaStoreManagerFactory); FileIOFactory fileIOFactory = fileIOFactorySupplier.get(); @@ -285,7 +285,7 @@ public String getAuthenticationScheme() { diagnostics, resolverFactory, taskExecutor, - storageAccessConfigProvider, + storageAccessConfigProvider, fileIOFactory, polarisEventListener, metaStoreManager, @@ -317,7 +317,7 @@ public String getAuthenticationScheme() { catalogHandlerUtils, externalCatalogFactory, polarisEventListener, - storageAccessConfigProvider, + storageAccessConfigProvider, new DefaultMetricsReporter()); IcebergRestCatalogApi restApi = new IcebergRestCatalogApi(catalogService); diff --git a/runtime/service/src/testFixtures/java/org/apache/polaris/service/catalog/io/MeasuredFileIOFactory.java b/runtime/service/src/testFixtures/java/org/apache/polaris/service/catalog/io/MeasuredFileIOFactory.java index 1d5668d0fc..9d18f6a8ea 100644 --- a/runtime/service/src/testFixtures/java/org/apache/polaris/service/catalog/io/MeasuredFileIOFactory.java +++ b/runtime/service/src/testFixtures/java/org/apache/polaris/service/catalog/io/MeasuredFileIOFactory.java @@ -27,7 +27,7 @@ import java.util.Optional; import java.util.function.Supplier; import org.apache.iceberg.io.FileIO; -import org.apache.polaris.core.storage.AccessConfig; +import org.apache.polaris.core.storage.StorageAccessConfig; /** * A FileIOFactory that measures the number of bytes read, files written, and files deleted. It can @@ -52,7 +52,7 @@ public MeasuredFileIOFactory() { @Override public FileIO loadFileIO( - @Nonnull AccessConfig accessConfig, + @Nonnull StorageAccessConfig storageAccessConfig, @Nonnull String ioImplClassName, @Nonnull Map properties) { loadFileIOExceptionSupplier.ifPresent( @@ -62,7 +62,7 @@ public FileIO loadFileIO( MeasuredFileIO wrapped = new MeasuredFileIO( - defaultFileIOFactory.loadFileIO(accessConfig, ioImplClassName, properties), + defaultFileIOFactory.loadFileIO(storageAccessConfig, ioImplClassName, properties), newInputFileExceptionSupplier, newOutputFileExceptionSupplier, getLengthExceptionSupplier);