Skip to content

Commit bb55a80

Browse files
jasonf20jasonf20
committed
add refresh credentials property to loadTableResult
1 parent de351de commit bb55a80

File tree

2 files changed

+44
-1
lines changed

2 files changed

+44
-1
lines changed

polaris-core/src/main/java/org/apache/polaris/core/rest/PolarisResourcePaths.java

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,17 @@ public String genericTables(Namespace ns) {
5757
"polaris", "v1", prefix, "namespaces", RESTUtil.encodeNamespace(ns), "generic-tables");
5858
}
5959

60+
public String credentialsPath(TableIdentifier ident) {
61+
return SLASH.join(
62+
"v1",
63+
prefix,
64+
"namespaces",
65+
RESTUtil.encodeNamespace(ident.namespace()),
66+
"tables",
67+
RESTUtil.encodeString(ident.name()),
68+
"credentials");
69+
}
70+
6071
public String genericTable(TableIdentifier ident) {
6172
return SLASH.join(
6273
"polaris",

service/common/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@
3838
import java.util.Set;
3939
import java.util.function.Function;
4040
import org.apache.iceberg.MetadataUpdate;
41+
import org.apache.iceberg.aws.AwsClientProperties;
4142
import org.apache.iceberg.catalog.Namespace;
4243
import org.apache.iceberg.catalog.TableIdentifier;
4344
import org.apache.iceberg.exceptions.BadRequestException;
@@ -70,7 +71,9 @@
7071
import org.apache.polaris.core.persistence.resolver.Resolver;
7172
import org.apache.polaris.core.persistence.resolver.ResolverStatus;
7273
import org.apache.polaris.core.rest.PolarisEndpoints;
74+
import org.apache.polaris.core.rest.PolarisResourcePaths;
7375
import org.apache.polaris.core.secrets.UserSecretsManager;
76+
import org.apache.polaris.core.storage.StorageAccessProperty;
7477
import org.apache.polaris.service.catalog.AccessDelegationMode;
7578
import org.apache.polaris.service.catalog.CatalogPrefixParser;
7679
import org.apache.polaris.service.catalog.api.IcebergRestCatalogApiService;
@@ -419,16 +422,45 @@ public Response loadTable(
419422
.loadTableIfStale(tableIdentifier, ifNoneMatch, snapshots)
420423
.orElseThrow(() -> new WebApplicationException(Response.Status.NOT_MODIFIED));
421424
} else {
422-
response =
425+
LoadTableResponse originalResponse =
423426
catalog
424427
.loadTableWithAccessDelegationIfStale(tableIdentifier, ifNoneMatch, snapshots)
425428
.orElseThrow(() -> new WebApplicationException(Response.Status.NOT_MODIFIED));
429+
430+
if (delegationModes.contains(VENDED_CREDENTIALS)) {
431+
response =
432+
injectRefreshVendedCredentialProperties(
433+
originalResponse,
434+
new PolarisResourcePaths(prefix).credentialsPath(tableIdentifier));
435+
} else {
436+
response = originalResponse;
437+
}
426438
}
427439

428440
return tryInsertETagHeader(Response.ok(response), response, namespace, table).build();
429441
});
430442
}
431443

444+
private LoadTableResponse injectRefreshVendedCredentialProperties(
445+
LoadTableResponse originalResponse, String credentialsEndpoint) {
446+
LoadTableResponse.Builder loadResponseBuilder =
447+
LoadTableResponse.builder().withTableMetadata(originalResponse.tableMetadata());
448+
loadResponseBuilder.addAllConfig(originalResponse.config());
449+
loadResponseBuilder.addAllCredentials(originalResponse.credentials());
450+
loadResponseBuilder.addConfig(
451+
AwsClientProperties.REFRESH_CREDENTIALS_ENDPOINT, credentialsEndpoint);
452+
// Only enable credential refresh for currently supported credential types
453+
if (originalResponse.credentials().stream()
454+
.anyMatch(
455+
credential ->
456+
credential
457+
.config()
458+
.containsKey(StorageAccessProperty.AWS_SECRET_KEY.getPropertyName()))) {
459+
loadResponseBuilder.addConfig(AwsClientProperties.REFRESH_CREDENTIALS_ENABLED, "true");
460+
}
461+
return loadResponseBuilder.build();
462+
}
463+
432464
@Override
433465
public Response tableExists(
434466
String prefix,

0 commit comments

Comments
 (0)