Refactor storage access configuration handling #1504
Conversation
dimas-b
requested review from
adutra,
ashvina,
dennishuo,
eric-maynard,
jackye1995,
jbonofre,
vvcephei and
collado-mike
as code owners
dimas-b
requested review from
snazy,
RussellSpitzer,
takidau,
MonkeyCanCode,
flyrain and
ebyhr
as code owners
| Map<String, String> credentials(); | ||
|
|
||
| Map<String, String> extraProperties(); |
There was a problem hiding this comment.
What's the need for breaking this out into separate fields? They all end up in the same map for every single caller
There was a problem hiding this comment.
The main idea is to isolate credential and non-credential properties in REST API responses. Specifically in IcebergCatalogHandler.
This PR does not cause any functional change, but prepares for exposing properties like s3.endpoint to clients later.
These properties are not always mixed together. PR #1225 brings some distinction in load table responses.
@collado-mike : Could you clarify what is broken by this PR? I believe there's no behaviour change. |
The purpose is to allow not mixing credential and non-credential properties in Other renames in this PR are meant to clarity code-level distinction between credentials and non-credential properties related to storage access. |
Sorry, I misread the cache code without closely reading the I understand the reasoning for the change now and I agree. |
github-project-automation
bot
moved this from PRs In Progress
to Ready to merge
in Basic Kanban Board
|
@eric-maynard @dennishuo : Please have a look too :) |
There was a problem hiding this comment.
I quite like this refactor, it makes lots of sense to do this. One small, stylistic comment.
One minor question, why the name IcebergStorageAccessProperty? I understand that all tables today are Iceberg, but in the future if they were not, would this class still only be relevant to them only?
| import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo; | ||
| import org.apache.polaris.core.storage.PolarisStorageIntegration; | ||
| import org.apache.polaris.core.storage.StorageLocation; | ||
| import org.apache.polaris.core.storage.*; |
There was a problem hiding this comment.
We should revert this to ensure no wildcard imports.
github-project-automation
bot
moved this from Ready to merge
to PRs In Progress
in Basic Kanban Board
polaris-core/src/main/java/org/apache/polaris/core/storage/IcebergStorageAccessProperty.java
Outdated
Show resolved
Hide resolved
| AWS_ENDPOINT(String.class, "s3.endpoint", "the S3 endpoint to use for requests", false), | ||
| AWS_PATH_STYLE_ACCESS( | ||
| Boolean.class, "s3.path-style-access", "whether to use S3 path style access", false), |
|
The semantic changes look good to me, but there's also a rename happening here that looks a bit unrelated to those changes. I'd like to understand the intent behind the rename a little more if possible. |
This is a step towards supporting non-AWS S3 storage, but this refactoring is relevant to all storage backends. There is no change to existing behaviours. * Rename PolarisCredentialProperty to IcebergStorageAccessProperty and introduce non-credential properties (as an example for now) * IcebergStorageAccessProperty values are ultimately meant to be produced by PolarisStorageIntegration implementations * Some previous entries in IcebergStorageAccessProperty are not really credential properties, but their treatment is not changed in this PR to maintain exactly the same bahaviour as before. * Add AccessConfig to represent both credential and non-credential properties related to storage access.
dimas-b
force-pushed
the
refactor-access-config
branch
from
b9755b3 to
fa3e82a
Compare
| * <p>Most of these properties are meant to configure Iceberg FileIO objects for accessing data in | ||
| * storage. | ||
| */ | ||
| public enum StorageAccessProperty { | ||
| AWS_KEY_ID(String.class, "s3.access-key-id", "the aws access key id"), | ||
| AWS_SECRET_KEY(String.class, "s3.secret-access-key", "the aws access key secret"), | ||
| AWS_TOKEN(String.class, "s3.session-token", "the aws scoped access token"), | ||
| AWS_SESSION_TOKEN_EXPIRES_AT_MS( |
There was a problem hiding this comment.
Is this considered "credential"?
There was a problem hiding this comment.
The Key ID, Secret Key, Session Token, and expiry time is definitely together considered a "credential" for AWS. Not sure if there's a reason why you're asking this?
There was a problem hiding this comment.
I'd say it is part of the credential bunch of properties.
There was a problem hiding this comment.
AWS_SESSION_TOKEN_EXPIRES_AT_MS by itself is definitely not a credential. But it is a property related to credential vending and access to object storage, and so I think having it here makes sense.
github-project-automation
bot
moved this from PRs In Progress
to Ready to merge
in Basic Kanban Board
github-project-automation
bot
moved this from Ready to merge
to Done
in Basic Kanban Board
|
With the other issue arrive S3-compatible storage closed, and this step towards it merged, where can we keep up with the overall progress of S3-compatible storage now? |
This is a step towards supporting non-AWS S3 storage, but this refactoring is relevant to all storage backends.
There is no change to existing behaviours.
Rename PolarisCredentialProperty to IcebergStorageAccessProperty and introduce non-credential properties (as an example for now)
IcebergStorageAccessProperty values are ultimately meant to be produced by PolarisStorageIntegration implementations
Some previous entries in IcebergStorageAccessProperty are not really credential properties, but their treatment is not changed in this PR to maintain exactly the same bahaviour as before.
Add AccessConfig to represent both credential and non-credential properties related to storage access.