WIP cred vend to storage-creds-cache - step 1

Author: snazy

polaris-core/src/main/java/org/apache/polaris/core/persistence/BaseMetaStoreManager.java

@@ -18,20 +18,20 @@
  */
 package org.apache.polaris.core.persistence;
 
+import static java.util.Objects.requireNonNull;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.annotation.Nonnull;
 import java.util.Map;
 import java.util.Set;
 import org.apache.polaris.core.PolarisCallContext;
-import org.apache.polaris.core.PolarisDiagnostics;
 import org.apache.polaris.core.entity.PolarisBaseEntity;
 import org.apache.polaris.core.entity.PolarisEntityConstants;
 import org.apache.polaris.core.entity.PolarisEntitySubType;
 import org.apache.polaris.core.entity.PolarisEntityType;
 import org.apache.polaris.core.persistence.dao.entity.BaseResult;
-import org.apache.polaris.core.persistence.dao.entity.EntityResult;
 import org.apache.polaris.core.persistence.dao.entity.GenerateEntityIdResult;
 import org.apache.polaris.core.persistence.dao.entity.ScopedCredentialsResult;
 import org.apache.polaris.core.storage.AccessConfig;
@@ -54,9 +54,7 @@ public BaseMetaStoreManager(PolarisStorageIntegrationProvider storageIntegration
   @Override
   public @Nonnull ScopedCredentialsResult getSubscopedCredsForEntity(
       @Nonnull PolarisCallContext callCtx,
-      long catalogId,
-      long entityId,
-      PolarisEntityType entityType,
+      @Nonnull PolarisStorageConfigurationInfo storageConfigurationInfo,
       boolean allowListOperation,
       @Nonnull Set<String> allowedReadLocations,
       @Nonnull Set<String> allowedWriteLocations) {
@@ -68,28 +66,12 @@ public BaseMetaStoreManager(PolarisStorageIntegrationProvider storageIntegration
             !allowedReadLocations.isEmpty() || !allowedWriteLocations.isEmpty(),
             "allowed_locations_to_subscope_is_required");
 
-    // reload the entity, error out if not found
-    EntityResult reloadedEntity = loadEntity(callCtx, catalogId, entityId, entityType);
-    if (reloadedEntity.getReturnStatus() != BaseResult.ReturnStatus.SUCCESS) {
-      return new ScopedCredentialsResult(
-          reloadedEntity.getReturnStatus(), reloadedEntity.getExtraInformation());
-    }
-
     // get storage integration
-    PolarisBaseEntity entity = reloadedEntity.getEntity();
     PolarisStorageIntegration<PolarisStorageConfigurationInfo> storageIntegration =
-        storageIntegrationProvider.getStorageIntegrationForConfig(
-            BaseMetaStoreManager.extractStorageConfiguration(callCtx.getDiagServices(), entity));
+        storageIntegrationProvider.getStorageIntegrationForConfig(storageConfigurationInfo);
 
     // cannot be null
-    callCtx
-        .getDiagServices()
-        .checkNotNull(
-            storageIntegration,
-            "storage_integration_not_exists",
-            "catalogId={}, entityId={}",
-            catalogId,
-            entityId);
+    requireNonNull(storageIntegration);
 
     try {
       AccessConfig accessConfig =
@@ -105,22 +87,6 @@ public BaseMetaStoreManager(PolarisStorageIntegrationProvider storageIntegration
     }
   }
 
-  public static PolarisStorageConfigurationInfo extractStorageConfiguration(
-      @Nonnull PolarisDiagnostics diagnostics, PolarisBaseEntity reloadedEntity) {
-    Map<String, String> propMap =
-        PolarisObjectMapperUtil.deserializeProperties(reloadedEntity.getInternalProperties());
-    String storageConfigInfoStr =
-        propMap.get(PolarisEntityConstants.getStorageConfigInfoPropertyName());
-
-    diagnostics.check(
-        storageConfigInfoStr != null,
-        "missing_storage_configuration_info",
-        "catalogId={}, entityId={}",
-        reloadedEntity.getCatalogId(),
-        reloadedEntity.getId());
-    return PolarisStorageConfigurationInfo.deserialize(storageConfigInfoStr);
-  }
-
   /**
    * Given the internal property as a map of key/value pairs, serialize it to a String
    *

polaris-core/src/main/java/org/apache/polaris/core/persistence/TransactionWorkspaceMetaStoreManager.java

@@ -55,6 +55,7 @@
 import org.apache.polaris.core.persistence.pagination.PageToken;
 import org.apache.polaris.core.policy.PolicyEntity;
 import org.apache.polaris.core.policy.PolicyType;
+import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo;
 
 /**
  * Wraps an existing impl of PolarisMetaStoreManager and delegates expected "read" operations
@@ -332,17 +333,13 @@ public EntitiesResult loadTasks(
   @Override
   public ScopedCredentialsResult getSubscopedCredsForEntity(
       @Nonnull PolarisCallContext callCtx,
-      long catalogId,
-      long entityId,
-      PolarisEntityType entityType,
+      @Nonnull PolarisStorageConfigurationInfo storageConfigurationInfo,
       boolean allowListOperation,
       @Nonnull Set<String> allowedReadLocations,
       @Nonnull Set<String> allowedWriteLocations) {
     return delegate.getSubscopedCredsForEntity(
         callCtx,
-        catalogId,
-        entityId,
-        entityType,
+        storageConfigurationInfo,
         allowListOperation,
         allowedReadLocations,
         allowedWriteLocations);

polaris-core/src/main/java/org/apache/polaris/core/storage/PolarisCredentialVendor.java

@@ -21,7 +21,6 @@
 import jakarta.annotation.Nonnull;
 import java.util.Set;
 import org.apache.polaris.core.PolarisCallContext;
-import org.apache.polaris.core.entity.PolarisEntityType;
 import org.apache.polaris.core.persistence.dao.entity.ScopedCredentialsResult;
 
 /** Manage credentials for storage locations. */
@@ -31,20 +30,16 @@ public interface PolarisCredentialVendor {
    * locations.
    *
    * @param callCtx the polaris call context
-   * @param catalogId the catalog id
-   * @param entityId the entity id
+   * @param storageConfigurationInfo storage configuration object
    * @param allowListOperation whether to allow LIST operation on the allowedReadLocations and
    *     allowedWriteLocations
    * @param allowedReadLocations a set of allowed to read locations
    * @param allowedWriteLocations a set of allowed to write locations
    * @return an enum map containing the scoped credentials
    */
-  @Nonnull
   ScopedCredentialsResult getSubscopedCredsForEntity(
       @Nonnull PolarisCallContext callCtx,
-      long catalogId,
-      long entityId,
-      PolarisEntityType entityType,
+      @Nonnull PolarisStorageConfigurationInfo storageConfigurationInfo,
       boolean allowListOperation,
       @Nonnull Set<String> allowedReadLocations,
       @Nonnull Set<String> allowedWriteLocations);

polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java

@@ -18,26 +18,24 @@
  */
 package org.apache.polaris.core.storage.cache;
 
+import static java.util.Objects.requireNonNull;
+
 import com.github.benmanes.caffeine.cache.Caffeine;
 import com.github.benmanes.caffeine.cache.Expiry;
 import com.github.benmanes.caffeine.cache.LoadingCache;
 import com.google.common.annotations.VisibleForTesting;
 import jakarta.annotation.Nonnull;
-import jakarta.annotation.Nullable;
 import java.time.Duration;
-import java.util.Map;
-import java.util.Optional;
 import java.util.Set;
 import java.util.function.Function;
 import org.apache.iceberg.exceptions.UnprocessableEntityException;
 import org.apache.polaris.core.PolarisCallContext;
 import org.apache.polaris.core.config.FeatureConfiguration;
 import org.apache.polaris.core.config.RealmConfig;
-import org.apache.polaris.core.entity.PolarisEntity;
-import org.apache.polaris.core.entity.PolarisEntityType;
 import org.apache.polaris.core.persistence.dao.entity.ScopedCredentialsResult;
 import org.apache.polaris.core.storage.AccessConfig;
 import org.apache.polaris.core.storage.PolarisCredentialVendor;
+import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -93,7 +91,7 @@ private long maxCacheDurationMs(RealmConfig realmConfig) {
    *
    * @param credentialVendor the credential vendor used to generate a new scoped creds if needed
    * @param callCtx the call context
-   * @param polarisEntity the polaris entity that is going to scoped creds
+   * @param storageConfigurationInfo storage configuration
    * @param allowListOperation whether allow list action on the provided read and write locations
    * @param allowedReadLocations a set of allowed to read locations
    * @param allowedWriteLocations a set of allowed to write locations.
@@ -102,19 +100,14 @@ private long maxCacheDurationMs(RealmConfig realmConfig) {
   public AccessConfig getOrGenerateSubScopeCreds(
       @Nonnull PolarisCredentialVendor credentialVendor,
       @Nonnull PolarisCallContext callCtx,
-      @Nonnull PolarisEntity polarisEntity,
+      @Nonnull PolarisStorageConfigurationInfo storageConfigurationInfo,
       boolean allowListOperation,
       @Nonnull Set<String> allowedReadLocations,
       @Nonnull Set<String> allowedWriteLocations) {
-    if (!isTypeSupported(polarisEntity.getType())) {
-      callCtx
-          .getDiagServices()
-          .fail("entity_type_not_suppported_to_scope_creds", "type={}", polarisEntity.getType());
-    }
     StorageCredentialCacheKey key =
         StorageCredentialCacheKey.of(
             callCtx.getRealmContext().getRealmIdentifier(),
-            polarisEntity,
+            storageConfigurationInfo,
             allowListOperation,
             allowedReadLocations,
             allowedWriteLocations);
@@ -125,9 +118,7 @@ public AccessConfig getOrGenerateSubScopeCreds(
           ScopedCredentialsResult scopedCredentialsResult =
               credentialVendor.getSubscopedCredsForEntity(
                   callCtx,
-                  k.catalogId(),
-                  polarisEntity.getId(),
-                  polarisEntity.getType(),
+                  storageConfigurationInfo,
                   k.allowedListAction(),
                   k.allowedReadLocations(),
                   k.allowedWriteLocations());
@@ -144,30 +135,16 @@ public AccessConfig getOrGenerateSubScopeCreds(
               "Failed to get subscoped credentials: %s",
               scopedCredentialsResult.getExtraInformation());
         };
-    return cache.get(key, loader).toAccessConfig();
+    return requireNonNull(cache.get(key, loader)).toAccessConfig();
   }
 
   @VisibleForTesting
-  @Nullable
-  Map<String, String> getIfPresent(StorageCredentialCacheKey key) {
-    return getAccessConfig(key).map(AccessConfig::credentials).orElse(null);
-  }
-
-  @VisibleForTesting
-  Optional<AccessConfig> getAccessConfig(StorageCredentialCacheKey key) {
-    return Optional.ofNullable(cache.getIfPresent(key))
-        .map(StorageCredentialCacheEntry::toAccessConfig);
-  }
-
-  private boolean isTypeSupported(PolarisEntityType type) {
-    return type == PolarisEntityType.CATALOG
-        || type == PolarisEntityType.NAMESPACE
-        || type == PolarisEntityType.TABLE_LIKE
-        || type == PolarisEntityType.TASK;
+  boolean isPresent(StorageCredentialCacheKey key) {
+    return cache.getIfPresent(key) != null;
   }
 
   @VisibleForTesting
-  public long getEstimatedSize() {
+  long getEstimatedSize() {
     return this.cache.estimatedSize();
   }
 

polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheKey.java

@@ -18,10 +18,8 @@
  */
 package org.apache.polaris.core.storage.cache;
 
-import jakarta.annotation.Nullable;
 import java.util.Set;
-import org.apache.polaris.core.entity.PolarisEntity;
-import org.apache.polaris.core.entity.PolarisEntityConstants;
+import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo;
 import org.apache.polaris.immutables.PolarisImmutable;
 import org.immutables.value.Value;
 
@@ -32,35 +30,26 @@ public interface StorageCredentialCacheKey {
   String realmId();
 
   @Value.Parameter(order = 2)
-  long catalogId();
+  PolarisStorageConfigurationInfo storageConfigurationInfo();
 
   @Value.Parameter(order = 3)
-  @Nullable
-  String storageConfigSerializedStr();
-
-  @Value.Parameter(order = 4)
   boolean allowedListAction();
 
-  @Value.Parameter(order = 5)
+  @Value.Parameter(order = 4)
   Set<String> allowedReadLocations();
 
-  @Value.Parameter(order = 6)
+  @Value.Parameter(order = 5)
   Set<String> allowedWriteLocations();
 
   static StorageCredentialCacheKey of(
       String realmId,
-      PolarisEntity entity,
+      PolarisStorageConfigurationInfo storageConfigurationInfo,
       boolean allowedListAction,
       Set<String> allowedReadLocations,
       Set<String> allowedWriteLocations) {
-    String storageConfigSerializedStr =
-        entity
-            .getInternalPropertiesAsMap()
-            .get(PolarisEntityConstants.getStorageConfigInfoPropertyName());
     return ImmutableStorageCredentialCacheKey.of(
         realmId,
-        entity.getCatalogId(),
-        storageConfigSerializedStr,
+        storageConfigurationInfo,
         allowedListAction,
         allowedReadLocations,
         allowedWriteLocations);