jerryshao commented on code in PR #5974:
URL: https://github.com/apache/gravitino/pull/5974#discussion_r1904984306
##########
bundles/gcp/src/main/java/org/apache/gravitino/gcs/fs/GCSFileSystemProvider.java:
##########
@@ -43,6 +46,18 @@ public FileSystem getFileSystem(Path path, Map<String,
String> config) throws IO
Configuration configuration = new Configuration();
FileSystemUtils.toHadoopConfigMap(config, GRAVITINO_KEY_TO_GCS_HADOOP_KEY)
.forEach(configuration::set);
+
+ // This is a workaround to judge whether it's from a Gravitino GVFS client.
+ if
(config.containsKey(GravitinoVirtualFileSystemConfiguration.FS_GRAVITINO_SERVER_URI_KEY))
{
+ AccessTokenProvider accessTokenProvider = new GCSCredentialsProvider();
+ accessTokenProvider.setConf(configuration);
+ // Why is this check necessary?if Gravitino fails to get any
credentials, we fall back to
+ // the default behavior of the GoogleHadoopFileSystem to use service
account credentials.
+ if (accessTokenProvider.getAccessToken() != null) {
+ configuration.set(GCS_TOKEN_PROVIDER_IMPL,
GCSCredentialsProvider.class.getName());
+ }
+ }
Review Comment:
I think we should decide whether we should let users to set AKSK or
credential file if credential vending is not enabled. IMO, I think we should
not enable `XXXCredentialsProvider` is credential vending is not enabled in the
server side; if it is enabled, then we should fully rely on credential vending,
no need to configure the user-side credentials again.
WDYT? @FANNG1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
