FANNG1 commented on code in PR #6071: URL: https://github.com/apache/gravitino/pull/6071#discussion_r1904217626
########## docs/security/credential-vending.md: ########## @@ -0,0 +1,178 @@ +--- +title: "Gravitino credential vending" +slug: /security/credential-vending +keyword: security credential vending +license: "This software is licensed under the Apache License version 2." +--- + +## Background + +Gravitino credential vending is used to generate temporary or static credentials for accessing data. With credential vending, Gravitino provides an unified way to control the access to diverse data sources in different platforms. + +### Capabilities + +- Supports Gravitino Iceberg REST server. +- Supports Gravitino server, only support Hadoop catalog. +- Supports pluggable credentials with build-in credentials: + - S3: `S3TokenCredential`, `S3SecretKeyCredential` + - GCS: `GCSTokenCredential` + - ADLS: `ADLSTokenCredential`, `AzureAccountKeyCredential` + - OSS: `OSSTokenCredential`, `OSSSecretKeyCredential` +- No support to Spark/Trino/Flink connector yet. Review Comment: updated ########## docs/hadoop-catalog.md: ########## @@ -166,6 +178,13 @@ Refer to [Schema operation](./manage-fileset-metadata-using-gravitino.md#schema- | `authentication.type` | The type of authentication for Hadoop catalog fileset, currently we only support `kerberos`, `simple`. | The parent(schema) value | No | 0.6.0-incubating | | `authentication.kerberos.principal` | The principal of the Kerberos authentication for the fileset. | The parent(schema) value | No | 0.6.0-incubating | | `authentication.kerberos.keytab-uri` | The URI of The keytab for the Kerberos authentication for the fileset. | The parent(schema) value | No | 0.6.0-incubating | +| `credential-providers` | The credential provider types, separated by comma. | (none) | No | 0.8.0-incubating | + +Credential providers can be specified in several places, as listed below. Gravatino checks the provider settings in the following order of precedence: Review Comment: done -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
