FANNG1 commented on code in PR #5974: URL: https://github.com/apache/gravitino/pull/5974#discussion_r1901447293
########## bundles/aliyun/src/main/java/org/apache/gravitino/oss/fs/GravitinoOSSCredentialProvider.java: ########## @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.gravitino.oss.fs; + +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_ACCESS_KEY_ID; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_TOKEN; + +import com.aliyun.oss.common.auth.BasicCredentials; +import com.aliyun.oss.common.auth.Credentials; +import com.aliyun.oss.common.auth.CredentialsProvider; +import com.aliyun.oss.common.auth.DefaultCredentials; +import java.net.URI; +import java.util.Map; +import org.apache.gravitino.NameIdentifier; +import org.apache.gravitino.client.GravitinoClient; +import org.apache.gravitino.credential.Credential; +import org.apache.gravitino.credential.OSSTokenCredential; +import org.apache.gravitino.file.Fileset; +import org.apache.gravitino.file.FilesetCatalog; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystem; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystemConfiguration; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.aliyun.oss.Constants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class GravitinoOSSCredentialProvider implements CredentialsProvider { + + private static final Logger LOGGER = + LoggerFactory.getLogger(GravitinoOSSCredentialProvider.class); + private Credentials basicCredentials; + private final String filesetIdentifier; + private long expirationTime; + private final GravitinoClient client; Review Comment: any place to close `client`? ########## clients/filesystem-hadoop3/src/main/java/org/apache/gravitino/filesystem/hadoop/GravitinoVirtualFileSystem.java: ########## @@ -193,10 +210,18 @@ private ThreadFactory newDaemonThreadFactory(String name) { return new ThreadFactoryBuilder().setDaemon(true).setNameFormat(name + "-%d").build(); } - private void initializeClient(Configuration configuration) { + /** + * Get Gravitino client by the configuration. + * + * @param configuration The configuration for the Gravitino client. + * @return The Gravitino client. + */ + public GravitinoClient initializeClient(Configuration configuration) { // initialize the Gravitino client String serverUri = configuration.get(GravitinoVirtualFileSystemConfiguration.FS_GRAVITINO_SERVER_URI_KEY); + String metalakeValue = Review Comment: why not use metalakeName? ########## clients/filesystem-hadoop3/src/main/java/org/apache/gravitino/filesystem/hadoop/GravitinoVirtualFileSystem.java: ########## @@ -91,6 +100,14 @@ public class GravitinoVirtualFileSystem extends FileSystem { private static final String SLASH = "/"; private final Map<String, FileSystemProvider> fileSystemProvidersMap = Maps.newHashMap(); + private static final Set<String> CATALOG_NECESSARY_PROPERTIES_FOR_CREDENTIAL = Review Comment: these properites are not only for credential, like endpoint and region. ########## clients/filesystem-hadoop3/src/main/java/org/apache/gravitino/filesystem/hadoop/GravitinoVirtualFileSystem.java: ########## @@ -79,7 +88,7 @@ public class GravitinoVirtualFileSystem extends FileSystem { private String metalakeName; private Cache<NameIdentifier, FilesetCatalog> catalogCache; private ScheduledThreadPoolExecutor catalogCleanScheduler; - private Cache<String, FileSystem> internalFileSystemCache; + private Cache<NameIdentifier, FileSystem> internalFileSystemCache; Review Comment: Could you add comment about what NameIdentifier represents? ########## bundles/aliyun/src/main/java/org/apache/gravitino/oss/fs/GravitinoOSSCredentialProvider.java: ########## @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.gravitino.oss.fs; + +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_ACCESS_KEY_ID; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_TOKEN; + +import com.aliyun.oss.common.auth.BasicCredentials; +import com.aliyun.oss.common.auth.Credentials; +import com.aliyun.oss.common.auth.CredentialsProvider; +import com.aliyun.oss.common.auth.DefaultCredentials; +import java.net.URI; +import java.util.Map; +import org.apache.gravitino.NameIdentifier; +import org.apache.gravitino.client.GravitinoClient; +import org.apache.gravitino.credential.Credential; +import org.apache.gravitino.credential.OSSTokenCredential; +import org.apache.gravitino.file.Fileset; +import org.apache.gravitino.file.FilesetCatalog; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystem; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystemConfiguration; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.aliyun.oss.Constants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class GravitinoOSSCredentialProvider implements CredentialsProvider { + + private static final Logger LOGGER = + LoggerFactory.getLogger(GravitinoOSSCredentialProvider.class); + private Credentials basicCredentials; + private final String filesetIdentifier; + private long expirationTime; + private final GravitinoClient client; + private final Configuration configuration; + + public GravitinoOSSCredentialProvider(URI uri, Configuration conf) { + this.filesetIdentifier = + conf.get(GravitinoVirtualFileSystemConfiguration.GVFS_FILESET_IDENTIFIER); + GravitinoVirtualFileSystem gravitinoVirtualFileSystem = new GravitinoVirtualFileSystem(); + this.client = gravitinoVirtualFileSystem.initializeClient(conf); + this.configuration = conf; Review Comment: init `expirationTime` and `basicCredentials` here? ########## bundles/aws/src/main/java/org/apache/gravitino/s3/credential/S3TokenProvider.java: ########## @@ -123,6 +123,7 @@ private IamPolicy createPolicy( IamStatement.builder() .effect(IamEffect.ALLOW) .addAction("s3:GetObject") + .addAction("s3:GetObjectAttributes") Review Comment: Not needed ########## bundles/aliyun/src/main/java/org/apache/gravitino/oss/fs/GravitinoOSSCredentialProvider.java: ########## @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.gravitino.oss.fs; + +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_ACCESS_KEY_ID; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_TOKEN; + +import com.aliyun.oss.common.auth.BasicCredentials; +import com.aliyun.oss.common.auth.Credentials; +import com.aliyun.oss.common.auth.CredentialsProvider; +import com.aliyun.oss.common.auth.DefaultCredentials; +import java.net.URI; +import java.util.Map; +import org.apache.gravitino.NameIdentifier; +import org.apache.gravitino.client.GravitinoClient; +import org.apache.gravitino.credential.Credential; +import org.apache.gravitino.credential.OSSTokenCredential; +import org.apache.gravitino.file.Fileset; +import org.apache.gravitino.file.FilesetCatalog; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystem; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystemConfiguration; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.aliyun.oss.Constants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class GravitinoOSSCredentialProvider implements CredentialsProvider { + + private static final Logger LOGGER = + LoggerFactory.getLogger(GravitinoOSSCredentialProvider.class); + private Credentials basicCredentials; + private final String filesetIdentifier; + private long expirationTime; + private final GravitinoClient client; + private final Configuration configuration; + + public GravitinoOSSCredentialProvider(URI uri, Configuration conf) { + this.filesetIdentifier = + conf.get(GravitinoVirtualFileSystemConfiguration.GVFS_FILESET_IDENTIFIER); + GravitinoVirtualFileSystem gravitinoVirtualFileSystem = new GravitinoVirtualFileSystem(); + this.client = gravitinoVirtualFileSystem.initializeClient(conf); + this.configuration = conf; + } + + @Override + public void setCredentials(Credentials credentials) {} + + @Override + public Credentials getCredentials() { + // If the credentials are null or about to expire, refresh the credentials. + if (basicCredentials == null || System.currentTimeMillis() > expirationTime - 5 * 60 * 1000) { + synchronized (this) { + refresh(); + } + } + + return basicCredentials; + } + + private void refresh() { + String[] idents = filesetIdentifier.split("\\."); + String catalog = idents[1]; + + FilesetCatalog filesetCatalog = client.loadCatalog(catalog).asFilesetCatalog(); + + Fileset fileset = filesetCatalog.loadFileset(NameIdentifier.of(idents[2], idents[3])); + Credential[] credentials = fileset.supportsCredentials().getCredentials(); + if (credentials.length == 0) { + LOGGER.warn("No credential found for fileset: {}, try to use static AKSK", filesetIdentifier); Review Comment: I don't think this is a good pattern, if couldn't get credential here, we should not use AKSK ########## bundles/azure/src/main/java/org/apache/gravitino/abs/fs/AzureFileSystemProvider.java: ########## @@ -64,6 +74,42 @@ public FileSystem getFileSystem(@Nonnull Path path, @Nonnull Map<String, String> hadoopConfMap.forEach(configuration::set); + // Check whether this is from GVFS client. + if (config.containsKey(GravitinoVirtualFileSystemConfiguration.FS_GRAVITINO_SERVER_URI_KEY)) { Review Comment: why adding these checks? ########## bundles/gcp/src/main/java/org/apache/gravitino/gcs/fs/GCSFileSystemProvider.java: ########## @@ -43,6 +45,19 @@ public FileSystem getFileSystem(Path path, Map<String, String> config) throws IO Configuration configuration = new Configuration(); FileSystemUtils.toHadoopConfigMap(config, GRAVITINO_KEY_TO_GCS_HADOOP_KEY) .forEach(configuration::set); + + if (config.containsKey(GravitinoVirtualFileSystemConfiguration.FS_GRAVITINO_SERVER_URI_KEY)) { Review Comment: I don't think checking `FS_GRAVITINO_SERVER_URI_KEY ` is a proper way. whether we set `GravitinoGCSCredentialProvider` depends on the `credentials` or `credential providers` for the fileset. ########## bundles/aliyun/src/main/java/org/apache/gravitino/oss/fs/GravitinoOSSCredentialProvider.java: ########## @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.gravitino.oss.fs; + +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_ACCESS_KEY_ID; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_TOKEN; + +import com.aliyun.oss.common.auth.BasicCredentials; +import com.aliyun.oss.common.auth.Credentials; +import com.aliyun.oss.common.auth.CredentialsProvider; +import com.aliyun.oss.common.auth.DefaultCredentials; +import java.net.URI; +import java.util.Map; +import org.apache.gravitino.NameIdentifier; +import org.apache.gravitino.client.GravitinoClient; +import org.apache.gravitino.credential.Credential; +import org.apache.gravitino.credential.OSSTokenCredential; +import org.apache.gravitino.file.Fileset; +import org.apache.gravitino.file.FilesetCatalog; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystem; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystemConfiguration; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.aliyun.oss.Constants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class GravitinoOSSCredentialProvider implements CredentialsProvider { + + private static final Logger LOGGER = + LoggerFactory.getLogger(GravitinoOSSCredentialProvider.class); + private Credentials basicCredentials; + private final String filesetIdentifier; + private long expirationTime; + private final GravitinoClient client; + private final Configuration configuration; + + public GravitinoOSSCredentialProvider(URI uri, Configuration conf) { + this.filesetIdentifier = + conf.get(GravitinoVirtualFileSystemConfiguration.GVFS_FILESET_IDENTIFIER); + GravitinoVirtualFileSystem gravitinoVirtualFileSystem = new GravitinoVirtualFileSystem(); + this.client = gravitinoVirtualFileSystem.initializeClient(conf); + this.configuration = conf; + } + + @Override + public void setCredentials(Credentials credentials) {} + + @Override + public Credentials getCredentials() { + // If the credentials are null or about to expire, refresh the credentials. + if (basicCredentials == null || System.currentTimeMillis() > expirationTime - 5 * 60 * 1000) { Review Comment: make `5 * 60 * 1000` configurable? ########## bundles/aliyun/src/main/java/org/apache/gravitino/oss/fs/GravitinoOSSCredentialProvider.java: ########## @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.gravitino.oss.fs; + +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_ACCESS_KEY_ID; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_TOKEN; + +import com.aliyun.oss.common.auth.BasicCredentials; +import com.aliyun.oss.common.auth.Credentials; +import com.aliyun.oss.common.auth.CredentialsProvider; +import com.aliyun.oss.common.auth.DefaultCredentials; +import java.net.URI; +import java.util.Map; +import org.apache.gravitino.NameIdentifier; +import org.apache.gravitino.client.GravitinoClient; +import org.apache.gravitino.credential.Credential; +import org.apache.gravitino.credential.OSSTokenCredential; +import org.apache.gravitino.file.Fileset; +import org.apache.gravitino.file.FilesetCatalog; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystem; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystemConfiguration; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.aliyun.oss.Constants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class GravitinoOSSCredentialProvider implements CredentialsProvider { + + private static final Logger LOGGER = + LoggerFactory.getLogger(GravitinoOSSCredentialProvider.class); + private Credentials basicCredentials; + private final String filesetIdentifier; + private long expirationTime; + private final GravitinoClient client; + private final Configuration configuration; + + public GravitinoOSSCredentialProvider(URI uri, Configuration conf) { + this.filesetIdentifier = + conf.get(GravitinoVirtualFileSystemConfiguration.GVFS_FILESET_IDENTIFIER); + GravitinoVirtualFileSystem gravitinoVirtualFileSystem = new GravitinoVirtualFileSystem(); + this.client = gravitinoVirtualFileSystem.initializeClient(conf); + this.configuration = conf; + } + + @Override + public void setCredentials(Credentials credentials) {} + + @Override + public Credentials getCredentials() { + // If the credentials are null or about to expire, refresh the credentials. + if (basicCredentials == null || System.currentTimeMillis() > expirationTime - 5 * 60 * 1000) { + synchronized (this) { + refresh(); + } + } + + return basicCredentials; + } + + private void refresh() { + String[] idents = filesetIdentifier.split("\\."); + String catalog = idents[1]; + + FilesetCatalog filesetCatalog = client.loadCatalog(catalog).asFilesetCatalog(); + + Fileset fileset = filesetCatalog.loadFileset(NameIdentifier.of(idents[2], idents[3])); + Credential[] credentials = fileset.supportsCredentials().getCredentials(); + if (credentials.length == 0) { + LOGGER.warn("No credential found for fileset: {}, try to use static AKSK", filesetIdentifier); + expirationTime = Long.MAX_VALUE; + this.basicCredentials = + new DefaultCredentials( + configuration.get(Constants.ACCESS_KEY_ID), + configuration.get(Constants.ACCESS_KEY_SECRET)); + return; + } + + Credential credential = getCredential(credentials); + Map<String, String> credentialMap = credential.toProperties(); + + String accessKeyId = credentialMap.get(GRAVITINO_OSS_SESSION_ACCESS_KEY_ID); + String secretAccessKey = credentialMap.get(GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY); + + if (OSSTokenCredential.OSS_TOKEN_CREDENTIAL_TYPE.equals( + credentialMap.get(Credential.CREDENTIAL_TYPE))) { + String sessionToken = credentialMap.get(GRAVITINO_OSS_TOKEN); + this.basicCredentials = new BasicCredentials(accessKeyId, secretAccessKey, sessionToken); + } else { Review Comment: please check whether it is OSS secret key credential ########## bundles/aliyun/src/main/java/org/apache/gravitino/oss/fs/GravitinoOSSCredentialProvider.java: ########## @@ -0,0 +1,133 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.gravitino.oss.fs; + +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_ACCESS_KEY_ID; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY; +import static org.apache.gravitino.credential.OSSTokenCredential.GRAVITINO_OSS_TOKEN; + +import com.aliyun.oss.common.auth.BasicCredentials; +import com.aliyun.oss.common.auth.Credentials; +import com.aliyun.oss.common.auth.CredentialsProvider; +import com.aliyun.oss.common.auth.DefaultCredentials; +import java.net.URI; +import java.util.Map; +import org.apache.gravitino.NameIdentifier; +import org.apache.gravitino.client.GravitinoClient; +import org.apache.gravitino.credential.Credential; +import org.apache.gravitino.credential.OSSTokenCredential; +import org.apache.gravitino.file.Fileset; +import org.apache.gravitino.file.FilesetCatalog; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystem; +import org.apache.gravitino.filesystem.hadoop.GravitinoVirtualFileSystemConfiguration; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.aliyun.oss.Constants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class GravitinoOSSCredentialProvider implements CredentialsProvider { + + private static final Logger LOGGER = + LoggerFactory.getLogger(GravitinoOSSCredentialProvider.class); + private Credentials basicCredentials; + private final String filesetIdentifier; + private long expirationTime; + private final GravitinoClient client; + private final Configuration configuration; + + public GravitinoOSSCredentialProvider(URI uri, Configuration conf) { + this.filesetIdentifier = + conf.get(GravitinoVirtualFileSystemConfiguration.GVFS_FILESET_IDENTIFIER); + GravitinoVirtualFileSystem gravitinoVirtualFileSystem = new GravitinoVirtualFileSystem(); + this.client = gravitinoVirtualFileSystem.initializeClient(conf); + this.configuration = conf; + } + + @Override + public void setCredentials(Credentials credentials) {} + + @Override + public Credentials getCredentials() { + // If the credentials are null or about to expire, refresh the credentials. + if (basicCredentials == null || System.currentTimeMillis() > expirationTime - 5 * 60 * 1000) { + synchronized (this) { + refresh(); + } + } + + return basicCredentials; + } + + private void refresh() { + String[] idents = filesetIdentifier.split("\\."); + String catalog = idents[1]; + + FilesetCatalog filesetCatalog = client.loadCatalog(catalog).asFilesetCatalog(); + + Fileset fileset = filesetCatalog.loadFileset(NameIdentifier.of(idents[2], idents[3])); + Credential[] credentials = fileset.supportsCredentials().getCredentials(); + if (credentials.length == 0) { + LOGGER.warn("No credential found for fileset: {}, try to use static AKSK", filesetIdentifier); + expirationTime = Long.MAX_VALUE; + this.basicCredentials = + new DefaultCredentials( + configuration.get(Constants.ACCESS_KEY_ID), + configuration.get(Constants.ACCESS_KEY_SECRET)); + return; + } + + Credential credential = getCredential(credentials); + Map<String, String> credentialMap = credential.toProperties(); + + String accessKeyId = credentialMap.get(GRAVITINO_OSS_SESSION_ACCESS_KEY_ID); + String secretAccessKey = credentialMap.get(GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY); + + if (OSSTokenCredential.OSS_TOKEN_CREDENTIAL_TYPE.equals( + credentialMap.get(Credential.CREDENTIAL_TYPE))) { + String sessionToken = credentialMap.get(GRAVITINO_OSS_TOKEN); + this.basicCredentials = new BasicCredentials(accessKeyId, secretAccessKey, sessionToken); + } else { + this.basicCredentials = new DefaultCredentials(accessKeyId, secretAccessKey); + } + + this.expirationTime = credential.expireTimeInMs(); Review Comment: remove this -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
