Re: [PR] [#5620] feat(fileset): Support credential vending for fileset catalog [gravitino]

[via GitHub]

jerryshao commented on code in PR #5682:
URL: https://github.com/apache/gravitino/pull/5682#discussion_r1897088531


##########
core/src/main/java/org/apache/gravitino/connector/BaseCatalog.java:
##########
@@ -272,6 +293,48 @@ public Capability capability() {
     return capability;
   }
 
+  public List<Credential> getCredentials(
+      NameIdentifier nameIdentifier, CredentialPrivilege privilege) {
+    Map<String, CredentialContext> contexts = 
getCredentialContexts(nameIdentifier, privilege);
+    return contexts.entrySet().stream()
+        .map(entry -> 
getCatalogCredentialManager().getCredential(entry.getKey(), entry.getValue()))
+        .filter(Objects::nonNull)
+        .collect(Collectors.toList());
+  }
+
+  private CatalogCredentialProvider getCatalogCredentialManager() {
+    if (catalogCredentialProvider == null) {
+      synchronized (this) {
+        if (catalogCredentialProvider == null) {
+          this.catalogCredentialProvider = new 
CatalogCredentialProvider(name(), properties());
+        }
+      }
+    }
+    return catalogCredentialProvider;
+  }
+
+  private Map<String, CredentialContext> getCredentialContexts(
+      NameIdentifier nameIdentifier, CredentialPrivilege privilege) {
+    if 
(nameIdentifier.equals(NameIdentifierUtil.getCatalogIdentifier(nameIdentifier)))
 {
+      return getCatalogCredentialContexts();
+    }
+
+    if (ops() instanceof SupportsPathBasedCredentials) {
+      List<PathWithCredentialType> pathWithCredentialTypes =
+          ((SupportsPathBasedCredentials) 
ops()).getPathWithCredentialTypes(nameIdentifier);
+      return CredentialUtils.getPathBasedCredentialContexts(privilege, 
pathWithCredentialTypes);
+    }
+    throw new NotSupportedException(
+        String.format("Catalog %s doesn't support generate credentials", 
name()));
+  }
+
+  private Map<String, CredentialContext> getCatalogCredentialContexts() {
+    CatalogCredentialContext context =
+        new CatalogCredentialContext(PrincipalUtils.getCurrentUserName());
+    Set<String> providers = CredentialUtils.getCredentialProviders(() -> 
properties());
+    return providers.stream().collect(Collectors.toMap(provider -> provider, 
provider -> context));
+  }

Review Comment:
   Can we move this logic to `CredentialManager`? So from my understanding, 
each catalog can provide the list of `PathWithCredentialType` to the 
`CredentialManager`, credential manager can get credentials base on the 
provided list. We don't have to 1) introduce so manage concepts in the catalog 
level; 2) The credential management mechanism can all be achieved in one place. 
In the meantime, we don't have to introduce a concept of 
`CatalogCredentialProvider` to manage the credentials per catalog.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@gravitino.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org