This is an automated email from the ASF dual-hosted git repository.
mchades pushed a commit to branch branch-1.3
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/branch-1.3 by this push:
new db207f3882 [Cherry-pick to branch-1.3] [#11443] feat(auth): Add Basic
auth support for Spark, Flink, and Trino connectors (#11457) (#11531)
db207f3882 is described below
commit db207f38829ceff22c4dfd395c7d08bdf1bb4dcb
Author: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Wed Jun 10 16:06:53 2026 +0800
[Cherry-pick to branch-1.3] [#11443] feat(auth): Add Basic auth support for
Spark, Flink, and Trino connectors (#11457) (#11531)
**Cherry-pick Information:**
- Original commit: d7fe5f51953e617b9eb8657f273669efcf870506
- Target branch: `branch-1.3`
- Status: ✅ Clean cherry-pick (no conflicts)
---------
Co-authored-by: MaSai <[email protected]>
Co-authored-by: Cursor <[email protected]>
Co-authored-by: Qi Yu <[email protected]>
Co-authored-by: yuqi <[email protected]>
---
.../org/apache/gravitino/auth/AuthProperties.java | 11 +++
clients/client-java/build.gradle.kts | 1 +
.../test/authorization/BasicAuthOperationsIT.java | 80 ++++++++++++++++
.../flink-authentication-with-gravitino.md | 45 ++++++---
.../spark-authentication-with-gravitino.md | 45 ++++++---
docs/trino-connector/authentication.md | 72 ++++++++++-----
docs/trino-connector/configuration.md | 2 +-
.../connector/catalog/GravitinoCatalogManager.java | 33 ++++++-
.../store/GravitinoCatalogStoreFactoryOptions.java | 5 +
.../TestGravitinoCatalogManagerBasicAuth.java | 101 +++++++++++++++++++++
.../spark/connector/GravitinoSparkConfig.java | 4 +
.../connector/plugin/GravitinoDriverPlugin.java | 16 +++-
.../plugin/TestGravitinoSparkBasicAuth.java | 100 ++++++++++++++++++++
.../connector/security/GravitinoAuthProvider.java | 33 ++++++-
.../security/TestGravitinoAuthProvider.java | 58 ++++++++++++
15 files changed, 558 insertions(+), 48 deletions(-)
diff --git
a/catalogs/catalog-common/src/main/java/org/apache/gravitino/auth/AuthProperties.java
b/catalogs/catalog-common/src/main/java/org/apache/gravitino/auth/AuthProperties.java
index 2984ee2ba0..160b9d29b5 100644
---
a/catalogs/catalog-common/src/main/java/org/apache/gravitino/auth/AuthProperties.java
+++
b/catalogs/catalog-common/src/main/java/org/apache/gravitino/auth/AuthProperties.java
@@ -25,9 +25,16 @@ public class AuthProperties {
public static final String GRAVITINO_CLIENT_AUTH_TYPE = "authType";
public static final String SIMPLE_AUTH_TYPE = "simple";
+ public static final String BASIC_AUTH_TYPE = "basic";
public static final String OAUTH2_AUTH_TYPE = "oauth2";
public static final String KERBEROS_AUTH_TYPE = "kerberos";
+ /** The configuration key for the built-in IdP username used in Basic
authentication. */
+ public static final String GRAVITINO_BASIC_USERNAME = "basic.username";
+
+ /** The configuration key for the built-in IdP password used in Basic
authentication. */
+ public static final String GRAVITINO_BASIC_PASSWORD = "basic.password";
+
// oauth2
/** The configuration key for the URI of the default OAuth server. */
public static final String GRAVITINO_OAUTH2_SERVER_URI = "oauth2.serverUri";
@@ -53,5 +60,9 @@ public class AuthProperties {
return authType == null || SIMPLE_AUTH_TYPE.equalsIgnoreCase(authType);
}
+ public static boolean isBasic(String authType) {
+ return BASIC_AUTH_TYPE.equalsIgnoreCase(authType);
+ }
+
private AuthProperties() {}
}
diff --git a/clients/client-java/build.gradle.kts
b/clients/client-java/build.gradle.kts
index b3850d71fe..cf13fa07ed 100644
--- a/clients/client-java/build.gradle.kts
+++ b/clients/client-java/build.gradle.kts
@@ -44,6 +44,7 @@ dependencies {
testImplementation(project(":core"))
testImplementation(project(":integration-test-common", "testArtifacts"))
+ testImplementation(project(":plugins:idp-basic"))
testImplementation(project(":server"))
testImplementation(project(":server-common"))
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/BasicAuthOperationsIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/BasicAuthOperationsIT.java
new file mode 100644
index 0000000000..5d6242a20e
--- /dev/null
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/BasicAuthOperationsIT.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.gravitino.client.integration.test.authorization;
+
+import static org.apache.gravitino.integration.test.util.BaseIT.setEnv;
+
+import com.google.common.collect.Maps;
+import java.io.IOException;
+import java.util.Map;
+import org.apache.gravitino.Configs;
+import org.apache.gravitino.client.GravitinoAdminClient;
+import org.apache.gravitino.client.GravitinoVersion;
+import org.apache.gravitino.idp.auth.BasicAuthenticator;
+import org.apache.gravitino.idp.web.rest.feature.IdpRESTFeature;
+import org.apache.gravitino.integration.test.util.BaseIT;
+import org.apache.gravitino.integration.test.util.ITUtils;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+/** Integration tests for Gravitino client HTTP Basic authentication against
the REST server. */
+public class BasicAuthOperationsIT extends BaseIT {
+
+ private static final String ADMIN = "admin";
+ private static final String ADMIN_PASSWORD = "Passw0rd-For-Admin1";
+
+ public void setGravitinoAdminClient(GravitinoAdminClient client) {
+ this.client = client;
+ }
+
+ @BeforeAll
+ public void startIntegrationTest() throws Exception {
+ setEnv(IdpRESTFeature.INITIAL_ADMIN_PASSWORD_ENV, ADMIN_PASSWORD);
+ Map<String, String> configs = Maps.newHashMap();
+ configs.put(Configs.ENABLE_AUTHORIZATION.getKey(), String.valueOf(false));
+ configs.put(Configs.CACHE_ENABLED.getKey(), String.valueOf(false));
+ configs.put(Configs.STORE_DELETE_AFTER_TIME.getKey(), String.valueOf(20 *
60 * 1000L));
+ configs.put(Configs.SERVICE_ADMINS.getKey(), ADMIN);
+ configs.put(Configs.AUTHENTICATORS.getKey(),
BasicAuthenticator.class.getCanonicalName());
+ configs.put(
+ Configs.REST_API_EXTENSION_PACKAGES.getKey(),
IdpRESTFeature.IDP_REST_EXTENSION_PACKAGE);
+ registerCustomConfigs(configs);
+ super.startIntegrationTest();
+
+ client = GravitinoAdminClient.builder(serverUri).withBasicAuth(ADMIN,
ADMIN_PASSWORD).build();
+ }
+
+ @AfterAll
+ public void stopIntegrationTest() throws IOException, InterruptedException {
+ super.stopIntegrationTest();
+ }
+
+ @Test
+ public void testAuthenticationApi() throws Exception {
+ GravitinoVersion gravitinoVersion = client.serverVersion();
+ Assertions.assertEquals(System.getenv("PROJECT_VERSION"),
gravitinoVersion.version());
+ Assertions.assertFalse(gravitinoVersion.compileDate().isEmpty());
+ if (testMode.equals(ITUtils.EMBEDDED_TEST_MODE)) {
+ final String gitCommitId = readGitCommitIdFromGitFile();
+ Assertions.assertEquals(gitCommitId, gravitinoVersion.gitCommit());
+ }
+ }
+}
diff --git a/docs/flink-connector/flink-authentication-with-gravitino.md
b/docs/flink-connector/flink-authentication-with-gravitino.md
index 72eae72797..a7f627c5ea 100644
--- a/docs/flink-connector/flink-authentication-with-gravitino.md
+++ b/docs/flink-connector/flink-authentication-with-gravitino.md
@@ -1,17 +1,17 @@
---
title: "Flink Authentication"
slug: "/flink-connector/flink-authentication"
-keyword: "flink connector authentication oauth2 kerberos"
+keyword: "flink connector authentication basic oauth2 kerberos"
license: "This software is licensed under the Apache License version 2."
---
## Overview
-Flink connector supports `simple`, `oauth2`, and `kerberos` authentication
when accessing the Gravitino server.
+Flink connector supports `simple`, `basic`, `oauth2`, and `kerberos`
authentication when accessing the Gravitino server.
-| Property | Type | Default
Value | Description
| Required |
Since Version |
-|-----------------------------------------------------------|--------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------|---------------|
-| table.catalog-store.gravitino.gravitino.client.auth.type | string | (none)
| When explicitly set, only `oauth` is supported. If unset, Flink selects
Kerberos or simple authentication based on its security settings. | No |
1.2.0 |
+| Property | Type |
Default Value | Description
|
Required | Since Version |
+|------------------------------------------------------------|----------|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------|------------|-----------------|
+| table.catalog-store.gravitino.gravitino.client.auth.type | string |
(none) | When explicitly set, only `oauth2` and `basic` are supported.
|
No | 1.2.0 |
## Simple Mode
@@ -19,16 +19,39 @@ In simple mode, the username originates from Flink. The
resolution order is:
1. `HADOOP_USER_NAME` environment variable
2. The logged-in OS user
+## Basic Mode
+
+In Basic mode, the Flink connector authenticates to the Gravitino server using
HTTP Basic credentials
+against the built-in IDP. The Gravitino server must have Basic authentication
enabled. See
+[How to authenticate](../security/how-to-authenticate.md#basic-mode) for
server-side setup.
+
+| Property |
Type | Default Value | Description
| Required | Since Version |
+|-------------------------------------------------------------------------|----------|-----------------|----------------------------------------------------|----------------------------------|-----------------|
+| table.catalog-store.gravitino.gravitino.client.auth.type |
string | (none) | Set to `basic` to enable Basic authentication.
| Yes, for Basic mode | 1.3.0 |
+| table.catalog-store.gravitino.gravitino.client.basic.username |
string | (none) | The built-in IDP username.
| Yes, for Basic mode | 1.3.0 |
+| table.catalog-store.gravitino.gravitino.client.basic.password |
string | (none) | The built-in IDP password.
| Yes, for Basic mode | 1.3.0 |
+
+### Basic Configuration Example
+
+```yaml
+table.catalog-store.kind: gravitino
+table.catalog-store.gravitino.gravitino.uri: http://localhost:8090
+table.catalog-store.gravitino.gravitino.metalake: my_metalake
+table.catalog-store.gravitino.gravitino.client.auth.type: basic
+table.catalog-store.gravitino.gravitino.client.basic.username: admin
+table.catalog-store.gravitino.gravitino.client.basic.password:
YourSecureGravitinoPassword
+```
+
## OAuth2 Mode
In OAuth2 mode, configure the following settings to fetch an OAuth2 token to
access the Gravitino server:
-| Property | Type
| Default Value | Description | Required
| Since Version |
-|-----------------------------------------------------------------------|--------|---------------|--------------------------------------------------|--------------------------------|---------------|
-| table.catalog-store.gravitino.gravitino.client.oauth2.serverUri |
string | (none) | The OAuth2 server URI. |
Yes, for OAuth2 mode | 1.2.0 |
-| table.catalog-store.gravitino.gravitino.client.oauth2.tokenPath |
string | (none) | The token endpoint path on the OAuth2 server. |
Yes, for OAuth2 mode | 1.2.0 |
-| table.catalog-store.gravitino.gravitino.client.oauth2.credential |
string | (none) | The credential used to request the OAuth2 token. |
Yes, for OAuth2 mode | 1.2.0 |
-| table.catalog-store.gravitino.gravitino.client.oauth2.scope |
string | (none) | The scope used to request the OAuth2 token. |
Yes, for OAuth2 mode | 1.2.0 |
+| Property |
Type | Default Value | Description
| Required | Since Version |
+|-------------------------------------------------------------------------|----------|-----------------|----------------------------------------------------|----------------------------------|-----------------|
+| table.catalog-store.gravitino.gravitino.client.oauth2.serverUri |
string | (none) | The OAuth2 server URI.
| Yes, for OAuth2 mode | 1.2.0 |
+| table.catalog-store.gravitino.gravitino.client.oauth2.tokenPath |
string | (none) | The token endpoint path on the OAuth2 server.
| Yes, for OAuth2 mode | 1.2.0 |
+| table.catalog-store.gravitino.gravitino.client.oauth2.credential |
string | (none) | The credential used to request the OAuth2 token.
| Yes, for OAuth2 mode | 1.2.0 |
+| table.catalog-store.gravitino.gravitino.client.oauth2.scope |
string | (none) | The scope used to request the OAuth2 token.
| Yes, for OAuth2 mode | 1.2.0 |
### OAuth2 Configuration Example
diff --git a/docs/spark-connector/spark-authentication-with-gravitino.md
b/docs/spark-connector/spark-authentication-with-gravitino.md
index 4b13cb7be0..7d46958c91 100644
--- a/docs/spark-connector/spark-authentication-with-gravitino.md
+++ b/docs/spark-connector/spark-authentication-with-gravitino.md
@@ -1,17 +1,17 @@
---
title: "Spark Authentication"
slug: "/spark-connector/spark-authentication"
-keyword: "spark connector authentication oauth2 kerberos"
+keyword: "spark connector authentication basic oauth2 kerberos"
license: "This software is licensed under the Apache License version 2."
---
## Overview
-Spark connector supports `simple` `oauth2` and `kerberos` authentication when
accessing Gravitino server.
+Spark connector supports `simple`, `basic`, `oauth2`, and `kerberos`
authentication when accessing Gravitino server.
-| Property | Type | Default Value | Description
| Required | Since Version |
-|------------------------------|--------|---------------|-----------------------------------------------------------------------------------------------------------------------------|----------|------------------|
-| spark.sql.gravitino.authType | string | `simple` | The authentication
mechanism for communicating with the Gravitino server. Supported values:
`simple`, `oauth2`, `kerberos`. | No | 0.7.0-incubating |
+| Property | Type | Default Value | Description
| Required | Since Version |
+|--------------------------------|----------|-----------------|--------------------------------------------------------------------------------------------------------------------------------------|------------|--------------------|
+| spark.sql.gravitino.authType | string | `simple` | The
authentication mechanism for communicating with the Gravitino server. Supported
values: `simple`, `basic`, `oauth2`, `kerberos`. | No |
0.7.0-incubating |
## Simple Mode
@@ -20,16 +20,39 @@ In the simple mode, the username originates from Spark, and
is obtained using th
2. The environment variable of `HADOOP_USER_NAME`
3. The user login in the machine
+## Basic Mode
+
+In Basic mode, the Spark connector authenticates to the Gravitino server using
HTTP Basic credentials
+against the built-in IDP. The Gravitino server must have Basic authentication
enabled. See
+[How to authenticate](../security/how-to-authenticate.md#basic-mode) for
server-side setup.
+
+| Property | Type | Default Value |
Description | Required |
Since Version |
+|-----------------------------------------|----------|-----------------|-------------------------------------------------|------------------------|--------------------|
+| spark.sql.gravitino.authType | string | `simple` | Set
to `basic` to enable Basic authentication. | Yes, for Basic mode | 1.3.0
|
+| spark.sql.gravitino.basic.username | string | (none) | The
built-in IDP username. | Yes, for Basic mode | 1.3.0
|
+| spark.sql.gravitino.basic.password | string | (none) | The
built-in IDP password. | Yes, for Basic mode | 1.3.0
|
+
+### Basic Configuration Example
+
+```properties
+spark.plugins=org.apache.gravitino.spark.connector.plugin.GravitinoSparkPlugin
+spark.sql.gravitino.uri=http://localhost:8090
+spark.sql.gravitino.metalake=my_metalake
+spark.sql.gravitino.authType=basic
+spark.sql.gravitino.basic.username=admin
+spark.sql.gravitino.basic.password=YourSecureGravitinoPassword
+```
+
## OAuth2 Mode
In the OAuth2 mode, you could use the following configuration to fetch an
OAuth2 token to access Gravitino server.
-| Property | Type | Default Value | Description
| Required | Since Version |
-|---------------------------------------|--------|---------------|-----------------------------------------------|----------------------|------------------|
-| spark.sql.gravitino.oauth2.serverUri | string | None | The OAuth2
server uri address. | Yes, for OAuth2 mode | 0.7.0-incubating |
-| spark.sql.gravitino.oauth2.tokenPath | string | None | The path of
token interface in OAuth2 server. | Yes, for OAuth2 mode | 0.7.0-incubating |
-| spark.sql.gravitino.oauth2.credential | string | None | The
credential to request the OAuth2 token. | Yes, for OAuth2 mode |
0.7.0-incubating |
-| spark.sql.gravitino.oauth2.scope | string | None | The scope
to request the OAuth2 token. | Yes, for OAuth2 mode | 0.7.0-incubating |
+| Property | Type | Default Value |
Description | Required |
Since Version |
+|-----------------------------------------|----------|-----------------|-------------------------------------------------|------------------------|--------------------|
+| spark.sql.gravitino.oauth2.serverUri | string | None | The
OAuth2 server uri address. | Yes, for OAuth2 mode |
0.7.0-incubating |
+| spark.sql.gravitino.oauth2.tokenPath | string | None | The
path of token interface in OAuth2 server. | Yes, for OAuth2 mode |
0.7.0-incubating |
+| spark.sql.gravitino.oauth2.credential | string | None | The
credential to request the OAuth2 token. | Yes, for OAuth2 mode |
0.7.0-incubating |
+| spark.sql.gravitino.oauth2.scope | string | None | The
scope to request the OAuth2 token. | Yes, for OAuth2 mode |
0.7.0-incubating |
## Kerberos Mode
diff --git a/docs/trino-connector/authentication.md
b/docs/trino-connector/authentication.md
index c317486971..9b966e2e75 100644
--- a/docs/trino-connector/authentication.md
+++ b/docs/trino-connector/authentication.md
@@ -7,7 +7,7 @@ license: "This software is licensed under the Apache License
version 2."
## Introduction
-The Gravitino Trino connector supports authenticating to the Gravitino server
using the same authentication mechanisms as the Gravitino Java client: Simple,
OAuth2, and Kerberos. Authentication is configured through the Trino connector
properties file using the `gravitino.client.*` prefix.
+The Gravitino Trino connector supports authenticating to the Gravitino server
using the same authentication mechanisms as the Gravitino Java client: Simple,
Basic, OAuth2, and Kerberos. Authentication is configured through the Trino
connector properties file using the `gravitino.client.*` prefix.
If `gravitino.client.authType` is not set, the connector operates in
no-authentication mode and connects to the Gravitino server without any
credentials.
@@ -29,10 +29,37 @@ gravitino.user=admin
**Configuration properties:**
-| Property | Description
| Default value | Required
| Since version |
-|-----------------------------------|----------------------------------------------------------------------|------------------|----------------------------------------|---------------|
-| `gravitino.client.authType` | Authentication type: `simple`, `oauth2`,
or `kerberos` | (none) | No
| 1.3.0 |
-| `gravitino.user` | Username for simple authentication
| (none) | No (uses system user if not
specified) | 1.3.0 |
+| Property | Description
| Default value | Required
| Since version |
+|-------------------------------|---------------------------------------------------------------------|-----------------|------------------------------------------|-----------------|
+| `gravitino.client.authType` | Authentication type: `simple`, `basic`,
`oauth2`, or `kerberos` | (none) | No
| 1.3.0 |
+| `gravitino.user` | Username for simple authentication
| (none) | No (uses system user if not
specified) | 1.3.0 |
+
+### Basic Authentication
+
+Basic authentication uses HTTP Basic credentials against the Gravitino
built-in IDP. The Gravitino
+server must have Basic authentication enabled. See
+[How to authenticate](../security/how-to-authenticate.md#basic-mode) for
server-side setup.
+
+**Configuration in `etc/catalog/gravitino.properties`:**
+
+```properties
+connector.name=gravitino
+gravitino.metalake=metalake
+gravitino.uri=http://localhost:8090
+
+# Basic authentication with built-in IDP
+gravitino.client.authType=basic
+gravitino.client.basic.username=admin
+gravitino.client.basic.password=YourSecureGravitinoPassword
+```
+
+**Configuration properties:**
+
+| Property | Description
| Default value | Required |
Since version |
+|-------------------------------------|---------------------------------------------------------------------|-----------------|------------------------------|-----------------|
+| `gravitino.client.authType` | Authentication type: `simple`,
`basic`, `oauth2`, or `kerberos` | (none) | Yes (to enable Basic)
| 1.3.0 |
+| `gravitino.client.basic.username` | Built-in IDP username
| (none) | Yes if authType is `basic` |
1.3.0 |
+| `gravitino.client.basic.password` | Built-in IDP password
| (none) | Yes if authType is `basic` |
1.3.0 |
### OAuth2 Authentication
@@ -55,13 +82,13 @@ gravitino.client.oauth2.scope=gravitino
**Configuration properties:**
-| Property | Description
| Default value | Required | Since version |
-|--------------------------------------|--------------------------------------------------------|---------------|-----------------------------|---------------|
-| `gravitino.client.authType` | Authentication type: `simple`,
`oauth2`, or `kerberos` | (none) | Yes (to enable OAuth2) |
1.3.0 |
-| `gravitino.client.oauth2.serverUri` | OAuth2 server URI
| (none) | Yes if authType is `oauth2` | 1.3.0 |
-| `gravitino.client.oauth2.credential` | OAuth2 credentials in format
`client_id:client_secret` | (none) | Yes if authType is `oauth2` | 1.3.0
|
-| `gravitino.client.oauth2.path` | OAuth2 token endpoint path
| (none) | Yes if authType is `oauth2` | 1.3.0 |
-| `gravitino.client.oauth2.scope` | OAuth2 scope
| (none) | Yes if authType is `oauth2` | 1.3.0 |
+| Property | Description
| Default value | Required
| Since version |
+|----------------------------------------|---------------------------------------------------------------------|-----------------|------------------------------|-----------------|
+| `gravitino.client.authType` | Authentication type: `simple`,
`basic`, `oauth2`, or `kerberos` | (none) | Yes (to enable OAuth2)
| 1.3.0 |
+| `gravitino.client.oauth2.serverUri` | OAuth2 server URI
| (none) | Yes if authType is `oauth2`
| 1.3.0 |
+| `gravitino.client.oauth2.credential` | OAuth2 credentials in format
`client_id:client_secret` | (none) | Yes if authType is
`oauth2` | 1.3.0 |
+| `gravitino.client.oauth2.path` | OAuth2 token endpoint path
| (none) | Yes if authType is `oauth2`
| 1.3.0 |
+| `gravitino.client.oauth2.scope` | OAuth2 scope
| (none) | Yes if authType is `oauth2`
| 1.3.0 |
### Kerberos Authentication
@@ -82,11 +109,11 @@
gravitino.client.kerberos.keytabFilePath=/path/to/user.keytab
**Configuration properties:**
-| Property | Description | Default
value | Required | Since
version |
-|--------------------------------------------|---------------------|---------------|------------------------------------------------------------|---------------|
-| `gravitino.client.authType` | Authentication type: `simple`,
`oauth2`, or `kerberos` | (none) | Yes (to enable Kerberos)
| 1.3.0 |
-| `gravitino.client.kerberos.principal` | Kerberos principal | (none)
| Yes if authType is `kerberos` | 1.3.0 |
-| `gravitino.client.kerberos.keytabFilePath` | Path to keytab file | (none)
| No (uses ticket cache if not specified) | 1.3.0 |
+| Property | Description
| Default value | Required
| Since version |
+|----------------------------------------------|---------------------------------------------------------------------|-----------------|-------------------------------------------|-----------------|
+| `gravitino.client.authType` | Authentication type:
`simple`, `basic`, `oauth2`, or `kerberos` | (none) | Yes (to
enable Kerberos) | 1.3.0 |
+| `gravitino.client.kerberos.principal` | Kerberos principal
| (none) | Yes if authType is
`kerberos` | 1.3.0 |
+| `gravitino.client.kerberos.keytabFilePath` | Path to keytab file
| (none) | No (uses ticket cache
if not specified) | 1.3.0 |
### Example: Connecting to OAuth-Protected Gravitino Server
@@ -141,11 +168,11 @@ gravitino.client.session.forwardUser=true
**Configuration properties:**
-| Property | Description
|
Default value | Required | Since version |
-|------------------------------------------------------------|--------------------------------------------------------------------------------------------|---------------|----------|---------------|
-| `gravitino.client.session.forwardUser` | When `true`
with `authType=simple`, forwards the Trino session user to Gravitino per-query
| `false` | No | 1.3.0 |
-| `gravitino.client.session.cache.maxSize` | Maximum number
of per-user sessions to keep in the cache |
`500` | No | 1.3.0 |
-| `gravitino.client.session.cache.expireAfterAccessSeconds` | Seconds before
an idle per-user session is evicted from the cache |
`3600` | No | 1.3.0 |
+| Property | Description
| Default value | Required | Since version |
+|--------------------------------------------------------------|----------------------------------------------------------------------------------------------|-----------------|------------|-----------------|
+| `gravitino.client.session.forwardUser` | When `true`
with `authType=simple`, forwards the Trino session user to Gravitino per-query
| `false` | No | 1.3.0 |
+| `gravitino.client.session.cache.maxSize` | Maximum
number of per-user sessions to keep in the cache
| `500` | No | 1.3.0 |
+| `gravitino.client.session.cache.expireAfterAccessSeconds` | Seconds
before an idle per-user session is evicted from the cache
| `3600` | No | 1.3.0 |
### Notes
@@ -157,4 +184,5 @@ gravitino.client.session.forwardUser=true
### See Also
- [Gravitino Server Authentication
Configuration](../security/how-to-authenticate.md)
+- [How to use the built-in IDP](../security/how-to-use-built-in-idp.md)
- [Trino Connector Configuration](./configuration.md)
diff --git a/docs/trino-connector/configuration.md
b/docs/trino-connector/configuration.md
index f20b8a5fb6..63ec3065b4 100644
--- a/docs/trino-connector/configuration.md
+++ b/docs/trino-connector/configuration.md
@@ -28,4 +28,4 @@ Multi-metalake mode (`gravitino.use-single-metalake=false`)
is supported on Trin
## Authentication
-The Gravitino Trino connector supports authenticating to the Gravitino server
using Simple, OAuth, and Kerberos authentication. For detailed authentication
configuration, refer to [Trino Connector Authentication](./authentication.md).
+The Gravitino Trino connector supports authenticating to the Gravitino server
using Simple, Basic, OAuth, and Kerberos authentication. For detailed
authentication configuration, refer to [Trino Connector
Authentication](./authentication.md).
diff --git
a/flink-connector/flink-common/src/main/java/org/apache/gravitino/flink/connector/catalog/GravitinoCatalogManager.java
b/flink-connector/flink-common/src/main/java/org/apache/gravitino/flink/connector/catalog/GravitinoCatalogManager.java
index 7eeb4fab71..6dd927e961 100644
---
a/flink-connector/flink-common/src/main/java/org/apache/gravitino/flink/connector/catalog/GravitinoCatalogManager.java
+++
b/flink-connector/flink-common/src/main/java/org/apache/gravitino/flink/connector/catalog/GravitinoCatalogManager.java
@@ -25,6 +25,7 @@ import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
import org.apache.gravitino.Catalog;
import org.apache.gravitino.client.DefaultOAuth2TokenProvider;
import org.apache.gravitino.client.GravitinoAdminClient;
@@ -66,11 +67,14 @@ public class GravitinoCatalogManager {
// simple auth otherwise).
if (GravitinoCatalogStoreFactoryOptions.OAUTH2.equalsIgnoreCase(authType))
{
this.gravitinoClient = buildOAuthClient(gravitinoUri,
gravitinoClientConfig);
+ } else if
(GravitinoCatalogStoreFactoryOptions.BASIC.equalsIgnoreCase(authType)) {
+ this.gravitinoClient = buildBasicClient(gravitinoUri,
gravitinoClientConfig);
} else {
if (authType != null) {
throw new IllegalArgumentException(
String.format(
- "Unsupported auth type '%s'. Only OAUTH is supported; leave %s
unset to use Flink Kerberos settings (or simple auth if security is disabled).",
+ "Unsupported auth type '%s'. Only OAUTH and BASIC are
supported; leave %s unset to"
+ + " use Flink Kerberos settings (or simple auth if
security is disabled).",
authType, GravitinoCatalogStoreFactoryOptions.AUTH_TYPE));
}
@@ -244,6 +248,33 @@ public class GravitinoCatalogManager {
&&
gravitinoCatalogManager.gravitinoClientConfig.equals(gravitinoClientConfig);
}
+ private static GravitinoAdminClient buildBasicClient(
+ String gravitinoUri, Map<String, String> config) {
+ String username =
config.get(GravitinoCatalogStoreFactoryOptions.BASIC_USERNAME);
+ String password =
config.get(GravitinoCatalogStoreFactoryOptions.BASIC_PASSWORD);
+ Preconditions.checkArgument(
+ StringUtils.isNotBlank(username),
+ "Basic username is required. Please set %s",
+ GravitinoCatalogStoreFactoryOptions.BASIC_USERNAME);
+ Preconditions.checkArgument(
+ StringUtils.isNotBlank(password),
+ "Basic password is required. Please set %s",
+ GravitinoCatalogStoreFactoryOptions.BASIC_PASSWORD);
+
+ Set<String> basicConfigKeys =
+ Sets.newHashSet(
+ GravitinoCatalogStoreFactoryOptions.AUTH_TYPE,
+ GravitinoCatalogStoreFactoryOptions.BASIC_USERNAME,
+ GravitinoCatalogStoreFactoryOptions.BASIC_PASSWORD);
+ for (String key : basicConfigKeys) {
+ config.remove(key);
+ }
+ return GravitinoAdminClient.builder(gravitinoUri)
+ .withBasicAuth(username, password)
+ .withClientConfig(config)
+ .build();
+ }
+
private static GravitinoAdminClient buildOAuthClient(
String gravitinoUri, Map<String, String> config) {
String serverUri =
config.get(GravitinoCatalogStoreFactoryOptions.OAUTH2_SERVER_URI);
diff --git
a/flink-connector/flink-common/src/main/java/org/apache/gravitino/flink/connector/store/GravitinoCatalogStoreFactoryOptions.java
b/flink-connector/flink-common/src/main/java/org/apache/gravitino/flink/connector/store/GravitinoCatalogStoreFactoryOptions.java
index f2ac8b52ff..6c2d0085fb 100644
---
a/flink-connector/flink-common/src/main/java/org/apache/gravitino/flink/connector/store/GravitinoCatalogStoreFactoryOptions.java
+++
b/flink-connector/flink-common/src/main/java/org/apache/gravitino/flink/connector/store/GravitinoCatalogStoreFactoryOptions.java
@@ -55,6 +55,11 @@ public class GravitinoCatalogStoreFactoryOptions {
public static final String AUTH_TYPE = "gravitino.client.auth.type";
public static final String OAUTH2 = "oauth2";
+ public static final String BASIC = "basic";
+
+ // Basic auth config keys
+ public static final String BASIC_USERNAME =
"gravitino.client.basic.username";
+ public static final String BASIC_PASSWORD =
"gravitino.client.basic.password";
// OAuth2 config keys
public static final String OAUTH2_SERVER_URI =
"gravitino.client.oauth2.serverUri";
diff --git
a/flink-connector/flink-common/src/test/java/org/apache/gravitino/flink/connector/catalog/TestGravitinoCatalogManagerBasicAuth.java
b/flink-connector/flink-common/src/test/java/org/apache/gravitino/flink/connector/catalog/TestGravitinoCatalogManagerBasicAuth.java
new file mode 100644
index 0000000000..bd2b30f8c4
--- /dev/null
+++
b/flink-connector/flink-common/src/test/java/org/apache/gravitino/flink/connector/catalog/TestGravitinoCatalogManagerBasicAuth.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.gravitino.flink.connector.catalog;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import com.google.common.collect.ImmutableMap;
+import java.util.HashMap;
+import java.util.Map;
+import org.apache.gravitino.client.GravitinoAdminClient;
+import
org.apache.gravitino.flink.connector.store.GravitinoCatalogStoreFactoryOptions;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Test;
+
+/** Unit tests for Flink catalog store Basic authentication client
configuration. */
+public class TestGravitinoCatalogManagerBasicAuth {
+
+ private static final String GRAVITINO_URI = "http://127.0.0.1:8090";;
+ private static final String METALAKE = "flink_basic_auth";
+
+ @AfterEach
+ void tearDown() {
+ try {
+ GravitinoCatalogManager.get().close();
+ } catch (IllegalStateException ignore) {
+ // GravitinoCatalogManager was not created in this test.
+ }
+ }
+
+ @Test
+ void testCreateWithBasicAuth() {
+ Map<String, String> config = basicAuthConfig("alice", "secret");
+ GravitinoAdminClient client =
+ GravitinoAdminClient.builder(GRAVITINO_URI)
+ .withBasicAuth(
+ config.get(GravitinoCatalogStoreFactoryOptions.BASIC_USERNAME),
+ config.get(GravitinoCatalogStoreFactoryOptions.BASIC_PASSWORD))
+ .build();
+ assertNotNull(client);
+ }
+
+ @Test
+ void testCreateWithBasicAuthMissingUsername() {
+ Map<String, String> config = basicAuthConfig("alice", "secret");
+ config.remove(GravitinoCatalogStoreFactoryOptions.BASIC_USERNAME);
+ assertThrows(
+ IllegalArgumentException.class,
+ () -> GravitinoCatalogManager.create(GRAVITINO_URI, METALAKE, config));
+ }
+
+ @Test
+ void testCreateWithBasicAuthMissingPassword() {
+ Map<String, String> config = basicAuthConfig("alice", "secret");
+ config.remove(GravitinoCatalogStoreFactoryOptions.BASIC_PASSWORD);
+ assertThrows(
+ IllegalArgumentException.class,
+ () -> GravitinoCatalogManager.create(GRAVITINO_URI, METALAKE, config));
+ }
+
+ @Test
+ void testCreateWithBasicAuthBlankCredentials() {
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoCatalogManager.create(
+ GRAVITINO_URI, METALAKE, basicAuthConfig(" ", "secret")));
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoCatalogManager.create(GRAVITINO_URI, METALAKE,
basicAuthConfig("alice", " ")));
+ }
+
+ private static Map<String, String> basicAuthConfig(String username, String
password) {
+ return new HashMap<>(
+ ImmutableMap.of(
+ GravitinoCatalogStoreFactoryOptions.AUTH_TYPE,
+ GravitinoCatalogStoreFactoryOptions.BASIC,
+ GravitinoCatalogStoreFactoryOptions.BASIC_USERNAME,
+ username,
+ GravitinoCatalogStoreFactoryOptions.BASIC_PASSWORD,
+ password));
+ }
+}
diff --git
a/spark-connector/spark-common/src/main/java/org/apache/gravitino/spark/connector/GravitinoSparkConfig.java
b/spark-connector/spark-common/src/main/java/org/apache/gravitino/spark/connector/GravitinoSparkConfig.java
index 30e5b990d3..be108c9af1 100644
---
a/spark-connector/spark-common/src/main/java/org/apache/gravitino/spark/connector/GravitinoSparkConfig.java
+++
b/spark-connector/spark-common/src/main/java/org/apache/gravitino/spark/connector/GravitinoSparkConfig.java
@@ -42,6 +42,10 @@ public class GravitinoSparkConfig {
GRAVITINO_PREFIX + AuthProperties.GRAVITINO_OAUTH2_CREDENTIAL;
public static final String GRAVITINO_OAUTH2_SCOPE =
GRAVITINO_PREFIX + AuthProperties.GRAVITINO_OAUTH2_SCOPE;
+ public static final String GRAVITINO_BASIC_USERNAME =
+ GRAVITINO_PREFIX + AuthProperties.GRAVITINO_BASIC_USERNAME;
+ public static final String GRAVITINO_BASIC_PASSWORD =
+ GRAVITINO_PREFIX + AuthProperties.GRAVITINO_BASIC_PASSWORD;
public static final String GRAVITINO_KERBEROS_PRINCIPAL =
"spark.kerberos.principal";
public static final String GRAVITINO_KERBEROS_KEYTAB_FILE_PATH =
"spark.kerberos.keytab";
diff --git
a/spark-connector/spark-common/src/main/java/org/apache/gravitino/spark/connector/plugin/GravitinoDriverPlugin.java
b/spark-connector/spark-common/src/main/java/org/apache/gravitino/spark/connector/plugin/GravitinoDriverPlugin.java
index 7f0f31ab6c..ea0e03aa9d 100644
---
a/spark-connector/spark-common/src/main/java/org/apache/gravitino/spark/connector/plugin/GravitinoDriverPlugin.java
+++
b/spark-connector/spark-common/src/main/java/org/apache/gravitino/spark/connector/plugin/GravitinoDriverPlugin.java
@@ -191,7 +191,17 @@ public class GravitinoDriverPlugin implements DriverPlugin
{
}
}
- private static GravitinoClient createGravitinoClient(
+ /**
+ * Creates a Gravitino client using authentication settings from the Spark
configuration.
+ *
+ * @param uri Gravitino REST server URI
+ * @param metalake Gravitino metalake name
+ * @param sparkConf Spark configuration containing auth settings
+ * @param sparkUser Spark session user for simple authentication
+ * @param clientConfig additional Gravitino client configuration
+ * @return configured Gravitino client
+ */
+ public static GravitinoClient createGravitinoClient(
String uri,
String metalake,
SparkConf sparkConf,
@@ -206,6 +216,10 @@ public class GravitinoDriverPlugin implements DriverPlugin
{
!UserGroupInformation.isSecurityEnabled(),
"Spark simple auth mode doesn't support setting kerberos
configurations");
builder.withSimpleAuth(sparkUser);
+ } else if (AuthProperties.isBasic(authType)) {
+ String username = getRequiredConfig(sparkConf,
GravitinoSparkConfig.GRAVITINO_BASIC_USERNAME);
+ String password = getRequiredConfig(sparkConf,
GravitinoSparkConfig.GRAVITINO_BASIC_PASSWORD);
+ builder.withBasicAuth(username, password);
} else if (AuthProperties.isOAuth2(authType)) {
String oAuthUri = getRequiredConfig(sparkConf,
GravitinoSparkConfig.GRAVITINO_OAUTH2_URI);
String credential =
diff --git
a/spark-connector/spark-common/src/test/java/org/apache/gravitino/spark/connector/plugin/TestGravitinoSparkBasicAuth.java
b/spark-connector/spark-common/src/test/java/org/apache/gravitino/spark/connector/plugin/TestGravitinoSparkBasicAuth.java
new file mode 100644
index 0000000000..8e6491ab9b
--- /dev/null
+++
b/spark-connector/spark-common/src/test/java/org/apache/gravitino/spark/connector/plugin/TestGravitinoSparkBasicAuth.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.gravitino.spark.connector.plugin;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.util.Collections;
+import org.apache.gravitino.auth.AuthProperties;
+import org.apache.gravitino.client.GravitinoAdminClient;
+import org.apache.gravitino.spark.connector.GravitinoSparkConfig;
+import org.apache.spark.SparkConf;
+import org.junit.jupiter.api.Test;
+
+/** Unit tests for Spark connector Basic authentication client configuration.
*/
+public class TestGravitinoSparkBasicAuth {
+
+ private static final String GRAVITINO_URI = "http://127.0.0.1:8090";;
+ private static final String METALAKE = "spark_basic_auth";
+ private static final String SPARK_USER = "spark-user";
+
+ @Test
+ void testCreateClientWithBasicAuth() {
+ SparkConf sparkConf = basicAuthSparkConf("alice", "secret");
+ GravitinoAdminClient client =
+ GravitinoAdminClient.builder(GRAVITINO_URI)
+ .withBasicAuth(
+ sparkConf.get(GravitinoSparkConfig.GRAVITINO_BASIC_USERNAME),
+ sparkConf.get(GravitinoSparkConfig.GRAVITINO_BASIC_PASSWORD))
+ .build();
+ assertNotNull(client);
+ }
+
+ @Test
+ void testCreateClientWithBasicAuthMissingUsername() {
+ SparkConf sparkConf =
+ new SparkConf()
+ .set(GravitinoSparkConfig.GRAVITINO_AUTH_TYPE,
AuthProperties.BASIC_AUTH_TYPE)
+ .set(GravitinoSparkConfig.GRAVITINO_BASIC_PASSWORD, "secret");
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoDriverPlugin.createGravitinoClient(
+ GRAVITINO_URI, METALAKE, sparkConf, SPARK_USER,
Collections.emptyMap()));
+ }
+
+ @Test
+ void testCreateClientWithBasicAuthMissingPassword() {
+ SparkConf sparkConf =
+ new SparkConf()
+ .set(GravitinoSparkConfig.GRAVITINO_AUTH_TYPE,
AuthProperties.BASIC_AUTH_TYPE)
+ .set(GravitinoSparkConfig.GRAVITINO_BASIC_USERNAME, "alice");
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoDriverPlugin.createGravitinoClient(
+ GRAVITINO_URI, METALAKE, sparkConf, SPARK_USER,
Collections.emptyMap()));
+ }
+
+ @Test
+ void testCreateClientWithBasicAuthBlankCredentials() {
+ SparkConf blankUsernameConf = basicAuthSparkConf(" ", "secret");
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoDriverPlugin.createGravitinoClient(
+ GRAVITINO_URI, METALAKE, blankUsernameConf, SPARK_USER,
Collections.emptyMap()));
+
+ SparkConf blankPasswordConf = basicAuthSparkConf("alice", " ");
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoDriverPlugin.createGravitinoClient(
+ GRAVITINO_URI, METALAKE, blankPasswordConf, SPARK_USER,
Collections.emptyMap()));
+ }
+
+ private static SparkConf basicAuthSparkConf(String username, String
password) {
+ return new SparkConf()
+ .set(GravitinoSparkConfig.GRAVITINO_AUTH_TYPE,
AuthProperties.BASIC_AUTH_TYPE)
+ .set(GravitinoSparkConfig.GRAVITINO_BASIC_USERNAME, username)
+ .set(GravitinoSparkConfig.GRAVITINO_BASIC_PASSWORD, password);
+ }
+}
diff --git
a/trino-connector/trino-connector/src/main/java/org/apache/gravitino/trino/connector/security/GravitinoAuthProvider.java
b/trino-connector/trino-connector/src/main/java/org/apache/gravitino/trino/connector/security/GravitinoAuthProvider.java
index 247639c6cd..21e2e25604 100644
---
a/trino-connector/trino-connector/src/main/java/org/apache/gravitino/trino/connector/security/GravitinoAuthProvider.java
+++
b/trino-connector/trino-connector/src/main/java/org/apache/gravitino/trino/connector/security/GravitinoAuthProvider.java
@@ -18,6 +18,7 @@
*/
package org.apache.gravitino.trino.connector.security;
+import com.google.common.base.Preconditions;
import io.trino.spi.connector.ConnectorSession;
import java.io.File;
import java.util.Locale;
@@ -54,6 +55,14 @@ public class GravitinoAuthProvider {
public static final String FORWARD_SESSION_USER_KEY =
GravitinoClientConfiguration.GRAVITINO_CLIENT_CONFIG_PREFIX +
"session.forwardUser";
+ /** Built-in IdP username configuration key for Basic authentication. */
+ public static final String BASIC_USERNAME_KEY =
+ GravitinoClientConfiguration.GRAVITINO_CLIENT_CONFIG_PREFIX +
"basic.username";
+
+ /** Built-in IdP password configuration key for Basic authentication. */
+ public static final String BASIC_PASSWORD_KEY =
+ GravitinoClientConfiguration.GRAVITINO_CLIENT_CONFIG_PREFIX +
"basic.password";
+
/** OAuth2 server URI configuration key. */
public static final String OAUTH_SERVER_URI_KEY =
GravitinoClientConfiguration.GRAVITINO_CLIENT_CONFIG_PREFIX +
"oauth2.serverUri";
@@ -90,6 +99,7 @@ public class GravitinoAuthProvider {
/** Authentication types supported by the Trino connector. */
public enum AuthType {
SIMPLE,
+ BASIC,
OAUTH2,
KERBEROS,
NONE
@@ -118,6 +128,9 @@ public class GravitinoAuthProvider {
case SIMPLE:
buildSimpleAuth(builder, config.getUser());
break;
+ case BASIC:
+ buildBasicAuth(builder, clientConfig);
+ break;
case OAUTH2:
builder.withOAuth(buildOAuthProvider(clientConfig));
break;
@@ -202,7 +215,8 @@ public class GravitinoAuthProvider {
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException(
String.format(
- "Invalid authentication type: %s. Valid values are: simple,
oauth2, kerberos, none",
+ "Invalid authentication type: %s. Valid values are: simple,
basic, oauth2, kerberos,"
+ + " none",
authTypeStr),
e);
}
@@ -210,6 +224,8 @@ public class GravitinoAuthProvider {
private static void removeAuthSpecificKeys(Map<String, String> clientConfig)
{
clientConfig.remove(AUTH_TYPE_KEY);
+ clientConfig.remove(BASIC_USERNAME_KEY);
+ clientConfig.remove(BASIC_PASSWORD_KEY);
clientConfig.remove(OAUTH_SERVER_URI_KEY);
clientConfig.remove(OAUTH_CREDENTIAL_KEY);
clientConfig.remove(OAUTH_PATH_KEY);
@@ -230,6 +246,21 @@ public class GravitinoAuthProvider {
}
}
+ private static void buildBasicAuth(
+ GravitinoAdminClient.AdminClientBuilder builder, Map<String, String>
config) {
+ String username = config.get(BASIC_USERNAME_KEY);
+ String password = config.get(BASIC_PASSWORD_KEY);
+ Preconditions.checkArgument(
+ StringUtils.isNotBlank(username),
+ "Basic username is required. Please set %s",
+ BASIC_USERNAME_KEY);
+ Preconditions.checkArgument(
+ StringUtils.isNotBlank(password),
+ "Basic password is required. Please set %s",
+ BASIC_PASSWORD_KEY);
+ builder.withBasicAuth(username, password);
+ }
+
private static DefaultOAuth2TokenProvider buildOAuthProvider(Map<String,
String> config) {
String serverUri = config.get(OAUTH_SERVER_URI_KEY);
String credential = config.get(OAUTH_CREDENTIAL_KEY);
diff --git
a/trino-connector/trino-connector/src/test/java/org/apache/gravitino/trino/connector/security/TestGravitinoAuthProvider.java
b/trino-connector/trino-connector/src/test/java/org/apache/gravitino/trino/connector/security/TestGravitinoAuthProvider.java
index 53e5e3df5f..131eee6af2 100644
---
a/trino-connector/trino-connector/src/test/java/org/apache/gravitino/trino/connector/security/TestGravitinoAuthProvider.java
+++
b/trino-connector/trino-connector/src/test/java/org/apache/gravitino/trino/connector/security/TestGravitinoAuthProvider.java
@@ -69,6 +69,64 @@ public class TestGravitinoAuthProvider {
buildConfig(ImmutableMap.of(GravitinoAuthProvider.AUTH_TYPE_KEY, "simple"))));
}
+ @Test
+ public void testBuildBasicAuth() {
+ GravitinoAdminClient client =
+ GravitinoAuthProvider.build(
+ buildConfig(
+ ImmutableMap.of(
+ GravitinoAuthProvider.AUTH_TYPE_KEY, "basic",
+ GravitinoAuthProvider.BASIC_USERNAME_KEY, "alice",
+ GravitinoAuthProvider.BASIC_PASSWORD_KEY, "secret")));
+ assertNotNull(client);
+ }
+
+ @Test
+ public void testBuildBasicAuthMissingUsername() {
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoAuthProvider.build(
+ buildConfig(
+ ImmutableMap.of(
+ GravitinoAuthProvider.AUTH_TYPE_KEY, "basic",
+ GravitinoAuthProvider.BASIC_PASSWORD_KEY, "secret"))));
+ }
+
+ @Test
+ public void testBuildBasicAuthMissingPassword() {
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoAuthProvider.build(
+ buildConfig(
+ ImmutableMap.of(
+ GravitinoAuthProvider.AUTH_TYPE_KEY, "basic",
+ GravitinoAuthProvider.BASIC_USERNAME_KEY, "alice"))));
+ }
+
+ @Test
+ public void testBuildBasicAuthBlankCredentials() {
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoAuthProvider.build(
+ buildConfig(
+ ImmutableMap.of(
+ GravitinoAuthProvider.AUTH_TYPE_KEY, "basic",
+ GravitinoAuthProvider.BASIC_USERNAME_KEY, " ",
+ GravitinoAuthProvider.BASIC_PASSWORD_KEY, "secret"))));
+ assertThrows(
+ IllegalArgumentException.class,
+ () ->
+ GravitinoAuthProvider.build(
+ buildConfig(
+ ImmutableMap.of(
+ GravitinoAuthProvider.AUTH_TYPE_KEY, "basic",
+ GravitinoAuthProvider.BASIC_USERNAME_KEY, "alice",
+ GravitinoAuthProvider.BASIC_PASSWORD_KEY, " "))));
+ }
+
@Test
public void testBuildClientInvalidAuthType() {
assertThrows(
