Rename AccessConfig and AccessConfigProvider for clarity

polaris-core/src/main/java/org/apache/polaris/core/credentials/connection/ConnectionCredentials.java

@@ -22,21 +22,21 @@
 import java.time.Instant;
 import java.util.Map;
 import java.util.Optional;
-import org.apache.polaris.core.storage.AccessConfig;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 import org.apache.polaris.immutables.PolarisImmutable;
 
 /**
  * Encapsulates credentials and configuration needed to connect to external federated catalogs.
  *
- * <p>Similar to {@link AccessConfig} for storage, this class holds the credentials and properties
- * required for Polaris to authenticate with remote catalog services (e.g., AWS Glue, other Iceberg
- * REST catalogs).
+ * <p>Similar to {@link StorageAccessConfig} for storage, this class holds the credentials and
+ * properties required for Polaris to authenticate with remote catalog services (e.g., AWS Glue,
+ * other Iceberg REST catalogs).
  *
  * <p>Credentials may be temporary and include an expiration time.
  *
  * <p><b>Note:</b> This interface currently includes only {@code credentials} and {@code expiresAt}.
  * Additional fields like {@code extraProperties} and {@code internalProperties} (similar to {@link
- * AccessConfig}) are not included for now but can be added later if needed for more complex
+ * StorageAccessConfig}) are not included for now but can be added later if needed for more complex
  * credential scenarios.
  */
 @PolarisImmutable

polaris-core/src/main/java/org/apache/polaris/core/persistence/AtomicOperationMetaStoreManager.java

@@ -77,9 +77,9 @@
 import org.apache.polaris.core.policy.PolicyEntity;
 import org.apache.polaris.core.policy.PolicyMappingUtil;
 import org.apache.polaris.core.policy.PolicyType;
-import org.apache.polaris.core.storage.AccessConfig;
 import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo;
 import org.apache.polaris.core.storage.PolarisStorageIntegration;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -1635,14 +1635,14 @@ private void revokeGrantRecord(
             entityId);
 
     try {
-      AccessConfig accessConfig =
+      StorageAccessConfig storageAccessConfig =
           storageIntegration.getSubscopedCreds(
               callCtx.getRealmConfig(),
               allowListOperation,
               allowedReadLocations,
               allowedWriteLocations,
               refreshCredentialsEndpoint);
-      return new ScopedCredentialsResult(accessConfig);
+      return new ScopedCredentialsResult(storageAccessConfig);
     } catch (Exception ex) {
       return new ScopedCredentialsResult(
           BaseResult.ReturnStatus.SUBSCOPE_CREDS_ERROR, ex.getMessage());

polaris-core/src/main/java/org/apache/polaris/core/persistence/dao/entity/ScopedCredentialsResult.java

@@ -20,13 +20,13 @@
 
 import jakarta.annotation.Nonnull;
 import jakarta.annotation.Nullable;
-import org.apache.polaris.core.storage.AccessConfig;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 
 /** Result of a getSubscopedCredsForEntity() call */
 public class ScopedCredentialsResult extends BaseResult {
 
   // null if not success. Else, set of name/value pairs for the credentials
-  private final AccessConfig accessConfig;
+  private final StorageAccessConfig storageAccessConfig;
 
   /**
    * Constructor for an error
@@ -37,20 +37,16 @@ public class ScopedCredentialsResult extends BaseResult {
   public ScopedCredentialsResult(
       @Nonnull ReturnStatus errorCode, @Nullable String extraInformation) {
     super(errorCode, extraInformation);
-    this.accessConfig = null;
+    this.storageAccessConfig = null;
   }
 
-  /**
-   * Constructor for success
-   *
-   * @param accessConfig credentials
-   */
-  public ScopedCredentialsResult(AccessConfig accessConfig) {
+  /** Constructor for success */
+  public ScopedCredentialsResult(StorageAccessConfig storageAccessConfig) {
     super(ReturnStatus.SUCCESS);
-    this.accessConfig = accessConfig;
+    this.storageAccessConfig = storageAccessConfig;
   }
 
-  public AccessConfig getAccessConfig() {
-    return accessConfig;
+  public StorageAccessConfig getStorageAccessConfig() {
+    return storageAccessConfig;
   }
 }

polaris-core/src/main/java/org/apache/polaris/core/persistence/transactional/TransactionalMetaStoreManagerImpl.java

@@ -82,9 +82,9 @@
 import org.apache.polaris.core.policy.PolicyEntity;
 import org.apache.polaris.core.policy.PolicyMappingUtil;
 import org.apache.polaris.core.policy.PolicyType;
-import org.apache.polaris.core.storage.AccessConfig;
 import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo;
 import org.apache.polaris.core.storage.PolarisStorageIntegration;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -2128,14 +2128,14 @@ private PolarisEntityResolver resolveSecurableToRoleGrant(
             entityId);
 
     try {
-      AccessConfig accessConfig =
+      StorageAccessConfig storageAccessConfig =
           storageIntegration.getSubscopedCreds(
               callCtx.getRealmConfig(),
               allowListOperation,
               allowedReadLocations,
               allowedWriteLocations,
               refreshCredentialsEndpoint);
-      return new ScopedCredentialsResult(accessConfig);
+      return new ScopedCredentialsResult(storageAccessConfig);
     } catch (Exception ex) {
       return new ScopedCredentialsResult(
           BaseResult.ReturnStatus.SUBSCOPE_CREDS_ERROR, ex.getMessage());

polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisStorageIntegration.java

@@ -62,7 +62,7 @@ public String getStorageIdentifierOrId() {
    *     handling the relative path
    * @return An enum map including the scoped credentials
    */
-  public abstract AccessConfig getSubscopedCreds(
+  public abstract StorageAccessConfig getSubscopedCreds(
       @Nonnull RealmConfig realmConfig,
       boolean allowListOperation,
       @Nonnull Set<String> allowedReadLocations,

polaris-core/src/main/java/org/apache/polaris/core/storage/AccessConfig.java → polaris-core/src/main/java/org/apache/polaris/core/storage/StorageAccessConfig.java

@@ -26,7 +26,7 @@
 import org.immutables.value.Value;
 
 @PolarisImmutable
-public interface AccessConfig {
+public interface StorageAccessConfig {
   Map<String, String> credentials();
 
   Map<String, String> extraProperties();
@@ -57,8 +57,8 @@ default String get(StorageAccessProperty key) {
     }
   }
 
-  static AccessConfig.Builder builder() {
-    return ImmutableAccessConfig.builder();
+  static StorageAccessConfig.Builder builder() {
+    return ImmutableStorageAccessConfig.builder();
   }
 
   interface Builder {
@@ -89,6 +89,6 @@ default Builder put(StorageAccessProperty key, String value) {
       }
     }
 
-    AccessConfig build();
+    StorageAccessConfig build();
   }
 }

polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java

@@ -28,8 +28,8 @@
 import java.util.Set;
 import java.util.stream.Stream;
 import org.apache.polaris.core.config.RealmConfig;
-import org.apache.polaris.core.storage.AccessConfig;
 import org.apache.polaris.core.storage.InMemoryStorageIntegration;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 import org.apache.polaris.core.storage.StorageAccessProperty;
 import org.apache.polaris.core.storage.StorageUtil;
 import org.apache.polaris.core.storage.aws.StsClientProvider.StsDestination;
@@ -70,7 +70,7 @@ public AwsCredentialsStorageIntegration(
 
   /** {@inheritDoc} */
   @Override
-  public AccessConfig getSubscopedCreds(
+  public StorageAccessConfig getSubscopedCreds(
       @Nonnull RealmConfig realmConfig,
       boolean allowListOperation,
       @Nonnull Set<String> allowedReadLocations,
@@ -80,7 +80,7 @@ public AccessConfig getSubscopedCreds(
         realmConfig.getConfig(STORAGE_CREDENTIAL_DURATION_SECONDS);
     AwsStorageConfigurationInfo storageConfig = config();
     String region = storageConfig.getRegion();
-    AccessConfig.Builder accessConfig = AccessConfig.builder();
+    StorageAccessConfig.Builder accessConfig = StorageAccessConfig.builder();
 
     if (shouldUseSts(storageConfig)) {
       AssumeRoleRequest.Builder request =

polaris-core/src/main/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegration.java

@@ -49,8 +49,8 @@
 import java.util.Optional;
 import java.util.Set;
 import org.apache.polaris.core.config.RealmConfig;
-import org.apache.polaris.core.storage.AccessConfig;
 import org.apache.polaris.core.storage.InMemoryStorageIntegration;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 import org.apache.polaris.core.storage.StorageAccessProperty;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -73,7 +73,7 @@ public AzureCredentialsStorageIntegration(AzureStorageConfigurationInfo config)
   }
 
   @Override
-  public AccessConfig getSubscopedCreds(
+  public StorageAccessConfig getSubscopedCreds(
       @Nonnull RealmConfig realmConfig,
       boolean allowListOperation,
       @Nonnull Set<String> allowedReadLocations,
@@ -176,12 +176,12 @@ public AccessConfig getSubscopedCreds(
   }
 
   @VisibleForTesting
-  static AccessConfig toAccessConfig(
+  static StorageAccessConfig toAccessConfig(
       String sasToken,
       String storageDnsName,
       Instant expiresAt,
       Optional<String> refreshCredentialsEndpoint) {
-    AccessConfig.Builder accessConfig = AccessConfig.builder();
+    StorageAccessConfig.Builder accessConfig = StorageAccessConfig.builder();
     handleAzureCredential(accessConfig, sasToken, storageDnsName, expiresAt);
     accessConfig.put(
         StorageAccessProperty.EXPIRATION_TIME, String.valueOf(expiresAt.toEpochMilli()));
@@ -193,7 +193,7 @@ static AccessConfig toAccessConfig(
   }
 
   private static void handleAzureCredential(
-      AccessConfig.Builder config, String sasToken, String host, Instant expiresAt) {
+      StorageAccessConfig.Builder config, String sasToken, String host, Instant expiresAt) {
     config.putCredential(StorageAccessProperty.AZURE_SAS_TOKEN.getPropertyName() + host, sasToken);
     config.putCredential(
         StorageAccessProperty.AZURE_SAS_TOKEN_EXPIRES_AT_MS_PREFIX.getPropertyName() + host,

polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java

@@ -37,8 +37,8 @@
 import org.apache.polaris.core.entity.PolarisEntity;
 import org.apache.polaris.core.entity.PolarisEntityType;
 import org.apache.polaris.core.persistence.dao.entity.ScopedCredentialsResult;
-import org.apache.polaris.core.storage.AccessConfig;
 import org.apache.polaris.core.storage.PolarisCredentialVendor;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -103,7 +103,7 @@ private long maxCacheDurationMs(RealmConfig realmConfig) {
    * @param allowedWriteLocations a set of allowed to write locations.
    * @return the a map of string containing the scoped creds information
    */
-  public AccessConfig getOrGenerateSubScopeCreds(
+  public StorageAccessConfig getOrGenerateSubScopeCreds(
       @Nonnull PolarisCredentialVendor credentialVendor,
       @Nonnull PolarisCallContext callCtx,
       @Nonnull PolarisEntity polarisEntity,
@@ -140,7 +140,7 @@ public AccessConfig getOrGenerateSubScopeCreds(
           if (scopedCredentialsResult.isSuccess()) {
             long maxCacheDurationMs = maxCacheDurationMs(callCtx.getRealmConfig());
             return new StorageCredentialCacheEntry(
-                scopedCredentialsResult.getAccessConfig(), maxCacheDurationMs);
+                scopedCredentialsResult.getStorageAccessConfig(), maxCacheDurationMs);
           }
           LOGGER
               .atDebug()
@@ -156,11 +156,11 @@ public AccessConfig getOrGenerateSubScopeCreds(
   @VisibleForTesting
   @Nullable
   Map<String, String> getIfPresent(StorageCredentialCacheKey key) {
-    return getAccessConfig(key).map(AccessConfig::credentials).orElse(null);
+    return getAccessConfig(key).map(StorageAccessConfig::credentials).orElse(null);
   }
 
   @VisibleForTesting
-  Optional<AccessConfig> getAccessConfig(StorageCredentialCacheKey key) {
+  Optional<StorageAccessConfig> getAccessConfig(StorageCredentialCacheKey key) {
     return Optional.ofNullable(cache.getIfPresent(key))
         .map(StorageCredentialCacheEntry::toAccessConfig);
   }

polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheEntry.java

@@ -19,17 +19,18 @@
 package org.apache.polaris.core.storage.cache;
 
 import java.time.Instant;
-import org.apache.polaris.core.storage.AccessConfig;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 
 /** A storage credential cached entry. */
 public class StorageCredentialCacheEntry {
   /** The scoped creds map that is fetched from a creds vending service */
-  public final AccessConfig accessConfig;
+  public final StorageAccessConfig storageAccessConfig;
 
   private final long maxCacheDurationMs;
 
-  public StorageCredentialCacheEntry(AccessConfig accessConfig, long maxCacheDurationMs) {
-    this.accessConfig = accessConfig;
+  public StorageCredentialCacheEntry(
+      StorageAccessConfig storageAccessConfig, long maxCacheDurationMs) {
+    this.storageAccessConfig = storageAccessConfig;
     this.maxCacheDurationMs = maxCacheDurationMs;
   }
 
@@ -39,15 +40,15 @@ public long getMaxCacheDurationMs() {
 
   /** Get the expiration time in millisecond for the cached entry */
   public long getExpirationTime() {
-    return accessConfig.expiresAt().map(Instant::toEpochMilli).orElse(Long.MAX_VALUE);
+    return storageAccessConfig.expiresAt().map(Instant::toEpochMilli).orElse(Long.MAX_VALUE);
   }
 
   /**
    * Get the map of string creds that is needed for the query engine.
    *
    * @return a map of string representing the subscoped creds info.
    */
-  AccessConfig toAccessConfig() {
-    return accessConfig;
+  StorageAccessConfig toAccessConfig() {
+    return storageAccessConfig;
   }
 }

polaris-core/src/main/java/org/apache/polaris/core/storage/gcp/GcpCredentialsStorageIntegration.java

@@ -39,9 +39,9 @@
 import java.util.Set;
 import java.util.stream.Stream;
 import org.apache.polaris.core.config.RealmConfig;
-import org.apache.polaris.core.storage.AccessConfig;
 import org.apache.polaris.core.storage.InMemoryStorageIntegration;
 import org.apache.polaris.core.storage.PolarisStorageIntegration;
+import org.apache.polaris.core.storage.StorageAccessConfig;
 import org.apache.polaris.core.storage.StorageAccessProperty;
 import org.apache.polaris.core.storage.StorageUtil;
 import org.slf4j.Logger;
@@ -72,7 +72,7 @@ public GcpCredentialsStorageIntegration(
   }
 
   @Override
-  public AccessConfig getSubscopedCreds(
+  public StorageAccessConfig getSubscopedCreds(
       @Nonnull RealmConfig realmConfig,
       boolean allowListOperation,
       @Nonnull Set<String> allowedReadLocations,
@@ -109,7 +109,7 @@ public AccessConfig getSubscopedCreds(
 
     // If expires_in missing, use source credential's expire time, which require another api call to
     // get.
-    AccessConfig.Builder accessConfig = AccessConfig.builder();
+    StorageAccessConfig.Builder accessConfig = StorageAccessConfig.builder();
     accessConfig.put(StorageAccessProperty.GCS_ACCESS_TOKEN, token.getTokenValue());
     accessConfig.put(
         StorageAccessProperty.GCS_ACCESS_TOKEN_EXPIRES_AT,

polaris-core/src/test/java/org/apache/polaris/core/storage/InMemoryStorageIntegrationTest.java

@@ -194,7 +194,7 @@ public MockInMemoryStorageIntegration() {
     }
 
     @Override
-    public AccessConfig getSubscopedCreds(
+    public StorageAccessConfig getSubscopedCreds(
         @Nonnull RealmConfig realmConfig,
         boolean allowListOperation,
         @Nonnull Set<String> allowedReadLocations,