Skip to content

Commit

Permalink
[#5622] feat(client): support credential client in Gravition java cli…
Browse files Browse the repository at this point in the history 
…ent (#5753)

### What changes were proposed in this pull request?

support credential client in Gravition java client

### Why are the changes needed?

Fix: #5622 

### Does this PR introduce _any_ user-facing change?
no

### How was this patch tested?

add UT and test the overall flow in POC
  • Loading branch information
@FANNG1
FANNG1 authored Dec 9, 2024
1 parent 2d160d1 commit 61b3167
Show file tree
Hide file tree
Showing 21 changed files with 972 additions and 31 deletions.
10 changes: 10 additions & 0 deletions api/src/main/java/org/apache/gravitino/credential/Credential.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,16 @@ public interface Credential {
*/
Map<String, String> credentialInfo();

/**
* Initialize the credential with the credential information.
*
* <p>This method is invoked to deserialize the credential in client side.
*
* @param credentialInfo The credential information from {@link #credentialInfo}.
* @param expireTimeInMs The expire-time from {@link #expireTimeInMs()}.
*/
void initialize(Map<String, String> credentialInfo, long expireTimeInMs);

/**
* Converts the credential to properties to transfer the credential though API.
*
Expand Down
36 changes: 28 additions & 8 deletions api/src/main/java/org/apache/gravitino/credential/GCSTokenCredential.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,35 +33,48 @@ public class GCSTokenCredential implements Credential {
/** GCS credential property, token name. */
public static final String GCS_TOKEN_NAME = "token";

private final String token;
private final long expireMs;
private String token;
private long expireTimeInMs;

/**
* @param token The GCS token.
* @param expireMs The GCS token expire time at ms.
* @param expireTimeInMs The GCS token expire time at ms.
*/
public GCSTokenCredential(String token, long expireMs) {
Preconditions.checkArgument(
StringUtils.isNotBlank(token), "GCS session token should not be null");
public GCSTokenCredential(String token, long expireTimeInMs) {
validate(token, expireTimeInMs);
this.token = token;
this.expireMs = expireMs;
this.expireTimeInMs = expireTimeInMs;
}

/**
* This is the constructor that is used by credential factory to create an instance of credential
* according to the credential information.
*/
public GCSTokenCredential() {}

@Override
public String credentialType() {
return GCS_TOKEN_CREDENTIAL_TYPE;
}

@Override
public long expireTimeInMs() {
return expireMs;
return expireTimeInMs;
}

@Override
public Map<String, String> credentialInfo() {
return (new ImmutableMap.Builder<String, String>()).put(GCS_TOKEN_NAME, token).build();
}

@Override
public void initialize(Map<String, String> credentialInfo, long expireTimeInMs) {
String token = credentialInfo.get(GCS_TOKEN_NAME);
validate(token, expireTimeInMs);
this.token = token;
this.expireTimeInMs = expireTimeInMs;
}

/**
* Get GCS token.
*
Expand All @@ -70,4 +83,11 @@ public Map<String, String> credentialInfo() {
public String token() {
return token;
}

private void validate(String token, long expireTimeInMs) {
Preconditions.checkArgument(
StringUtils.isNotBlank(token), "GCS session token should not be empty");
Preconditions.checkArgument(
expireTimeInMs > 0, "The expire time of GcsTokenCredential should great than 0");
}
}
40 changes: 36 additions & 4 deletions api/src/main/java/org/apache/gravitino/credential/OSSTokenCredential.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,10 @@ public class OSSTokenCredential implements Credential {
/** OSS security token. */
public static final String GRAVITINO_OSS_TOKEN = "oss-security-token";

private final String accessKeyId;
private final String secretAccessKey;
private final String securityToken;
private final long expireTimeInMS;
private String accessKeyId;
private String secretAccessKey;
private String securityToken;
private long expireTimeInMS;

/**
* Constructs an instance of {@link OSSTokenCredential} with secret key and token.
Expand All @@ -64,6 +64,12 @@ public OSSTokenCredential(
this.expireTimeInMS = expireTimeInMS;
}

/**
* This is the constructor that is used by credential factory to create an instance of credential
* according to the credential information.
*/
public OSSTokenCredential() {}

@Override
public String credentialType() {
return OSS_TOKEN_CREDENTIAL_TYPE;
Expand All @@ -83,6 +89,20 @@ public Map<String, String> credentialInfo() {
.build();
}

@Override
public void initialize(Map<String, String> credentialInfo, long expireTimeInMs) {
String accessKeyId = credentialInfo.get(GRAVITINO_OSS_SESSION_ACCESS_KEY_ID);
String secretAccessKey = credentialInfo.get(GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY);
String securityToken = credentialInfo.get(GRAVITINO_OSS_TOKEN);

validate(accessKeyId, secretAccessKey, securityToken, expireTimeInMs);

this.accessKeyId = accessKeyId;
this.secretAccessKey = secretAccessKey;
this.securityToken = securityToken;
this.expireTimeInMS = expireTimeInMs;
}

/**
* Get oss access key ID.
*
Expand All @@ -109,4 +129,16 @@ public String secretAccessKey() {
public String securityToken() {
return securityToken;
}

private void validate(
String accessKeyId, String secretAccessKey, String sessionToken, long expireTimeInMs) {
Preconditions.checkArgument(
StringUtils.isNotBlank(accessKeyId), "S3 access key Id should not be empty");
Preconditions.checkArgument(
StringUtils.isNotBlank(secretAccessKey), "S3 secret access key should not be empty");
Preconditions.checkArgument(
StringUtils.isNotBlank(sessionToken), "S3 session token should not be empty");
Preconditions.checkArgument(
expireTimeInMs > 0, "The expire time of S3TokenCredential should great than 0");
}
}
33 changes: 28 additions & 5 deletions api/src/main/java/org/apache/gravitino/credential/S3SecretKeyCredential.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;

/** S3 secret key credential. */
public class S3SecretKeyCredential implements Credential {
Expand All @@ -33,8 +34,8 @@ public class S3SecretKeyCredential implements Credential {
/** The static secret access key used to access S3 data. */
public static final String GRAVITINO_S3_STATIC_SECRET_ACCESS_KEY = "s3-secret-access-key";

private final String accessKeyId;
private final String secretAccessKey;
private String accessKeyId;
private String secretAccessKey;

/**
* Constructs an instance of {@link S3SecretKeyCredential} with the static S3 access key ID and
Expand All @@ -44,13 +45,17 @@ public class S3SecretKeyCredential implements Credential {
* @param secretAccessKey The S3 static secret access key.
*/
public S3SecretKeyCredential(String accessKeyId, String secretAccessKey) {
Preconditions.checkNotNull(accessKeyId, "S3 access key Id should not null");
Preconditions.checkNotNull(secretAccessKey, "S3 secret access key should not null");

validate(accessKeyId, secretAccessKey, 0);
this.accessKeyId = accessKeyId;
this.secretAccessKey = secretAccessKey;
}

/**
* This is the constructor that is used by credential factory to create an instance of credential
* according to the credential information.
*/
public S3SecretKeyCredential() {}

@Override
public String credentialType() {
return S3_SECRET_KEY_CREDENTIAL_TYPE;
Expand All @@ -69,6 +74,15 @@ public Map<String, String> credentialInfo() {
.build();
}

@Override
public void initialize(Map<String, String> credentialInfo, long expireTimeInMs) {
String accessKeyId = credentialInfo.get(GRAVITINO_S3_STATIC_ACCESS_KEY_ID);
String secretAccessKey = credentialInfo.get(GRAVITINO_S3_STATIC_SECRET_ACCESS_KEY);
validate(accessKeyId, secretAccessKey, expireTimeInMs);
this.accessKeyId = accessKeyId;
this.secretAccessKey = secretAccessKey;
}

/**
* Get S3 static access key ID.
*
Expand All @@ -86,4 +100,13 @@ public String accessKeyId() {
public String secretAccessKey() {
return secretAccessKey;
}

private void validate(String accessKeyId, String secretAccessKey, long expireTimeInMs) {
Preconditions.checkArgument(
StringUtils.isNotBlank(accessKeyId), "S3 access key Id should not empty");
Preconditions.checkArgument(
StringUtils.isNotBlank(secretAccessKey), "S3 secret access key should not empty");
Preconditions.checkArgument(
expireTimeInMs == 0, "The expire time of S3SecretKeyCredential is not 0");
}
}
46 changes: 35 additions & 11 deletions api/src/main/java/org/apache/gravitino/credential/S3TokenCredential.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,10 @@ public class S3TokenCredential implements Credential {
/** S3 session token. */
public static final String GRAVITINO_S3_TOKEN = "s3-session-token";

private final String accessKeyId;
private final String secretAccessKey;
private final String sessionToken;
private final long expireTimeInMS;
private String accessKeyId;
private String secretAccessKey;
private String sessionToken;
private long expireTimeInMS;

/**
* Constructs an instance of {@link S3SecretKeyCredential} with session secret key and token.
Expand All @@ -51,19 +51,19 @@ public class S3TokenCredential implements Credential {
*/
public S3TokenCredential(
String accessKeyId, String secretAccessKey, String sessionToken, long expireTimeInMS) {
Preconditions.checkArgument(
StringUtils.isNotBlank(accessKeyId), "S3 access key Id should not be empty");
Preconditions.checkArgument(
StringUtils.isNotBlank(secretAccessKey), "S3 secret access key should not be empty");
Preconditions.checkArgument(
StringUtils.isNotBlank(sessionToken), "S3 session token should not be empty");

validate(accessKeyId, secretAccessKey, sessionToken, expireTimeInMS);
this.accessKeyId = accessKeyId;
this.secretAccessKey = secretAccessKey;
this.sessionToken = sessionToken;
this.expireTimeInMS = expireTimeInMS;
}

/**
* This is the constructor that is used by credential factory to create an instance of credential
* according to the credential information.
*/
public S3TokenCredential() {}

@Override
public String credentialType() {
return S3_TOKEN_CREDENTIAL_TYPE;
Expand All @@ -83,6 +83,18 @@ public Map<String, String> credentialInfo() {
.build();
}

@Override
public void initialize(Map<String, String> credentialInfo, long expireTimeInMs) {
String accessKeyId = credentialInfo.get(GRAVITINO_S3_SESSION_ACCESS_KEY_ID);
String secretAccessKey = credentialInfo.get(GRAVITINO_S3_SESSION_SECRET_ACCESS_KEY);
String sessionToken = credentialInfo.get(GRAVITINO_S3_TOKEN);
validate(accessKeyId, secretAccessKey, sessionToken, expireTimeInMs);
this.accessKeyId = accessKeyId;
this.secretAccessKey = secretAccessKey;
this.sessionToken = sessionToken;
this.expireTimeInMS = expireTimeInMs;
}

/**
* Get S3 session access key ID.
*
Expand All @@ -109,4 +121,16 @@ public String secretAccessKey() {
public String sessionToken() {
return sessionToken;
}

private void validate(
String accessKeyId, String secretAccessKey, String sessionToken, long expireTimeInMs) {
Preconditions.checkArgument(
StringUtils.isNotBlank(accessKeyId), "S3 access key Id should not be empty");
Preconditions.checkArgument(
StringUtils.isNotBlank(secretAccessKey), "S3 secret access key should not be empty");
Preconditions.checkArgument(
StringUtils.isNotBlank(sessionToken), "S3 session token should not be empty");
Preconditions.checkArgument(
expireTimeInMs > 0, "The expire time of S3TokenCredential should great than 0");
}
}
23 changes: 23 additions & 0 deletions api/src/main/resources/META-INF/services/org.apache.gravitino.credential.Credential
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#

org.apache.gravitino.credential.S3TokenCredential
org.apache.gravitino.credential.S3SecretKeyCredential
org.apache.gravitino.credential.GCSTokenCredential
org.apache.gravitino.credential.OSSTokenCredential
5 changes: 5 additions & 0 deletions clients/client-java/src/main/java/org/apache/gravitino/client/BaseSchemaCatalog.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
*/
abstract class BaseSchemaCatalog extends CatalogDTO
implements Catalog, SupportsSchemas, SupportsTags, SupportsRoles {

/** The REST client to send the requests. */
protected final RESTClient restClient;

Expand All @@ -63,6 +64,7 @@ abstract class BaseSchemaCatalog extends CatalogDTO

private final MetadataObjectTagOperations objectTagOperations;
private final MetadataObjectRoleOperations objectRoleOperations;
protected final MetadataObjectCredentialOperations objectCredentialOperations;

BaseSchemaCatalog(
Namespace catalogNamespace,
Expand All @@ -88,6 +90,9 @@ abstract class BaseSchemaCatalog extends CatalogDTO
new MetadataObjectTagOperations(catalogNamespace.level(0), metadataObject, restClient);
this.objectRoleOperations =
new MetadataObjectRoleOperations(catalogNamespace.level(0), metadataObject, restClient);
this.objectCredentialOperations =
new MetadataObjectCredentialOperations(
catalogNamespace.level(0), metadataObject, restClient);
}

@Override
Expand Down
Loading

0 comments on commit 61b3167

Please sign in to comment.