[GitHub] [iceberg] singhpk234 commented on a diff in pull request #4695: AWS: Add Cache for LakeFormation Credentials

Thu, 05 May 2022 00:25:24 -0700 


singhpk234 commented on code in PR #4695:
URL: https://github.com/apache/iceberg/pull/4695#discussion_r865605441


##########
aws/src/main/java/org/apache/iceberg/aws/lakeformation/LakeFormationAwsClientFactory.java:
##########
@@ -135,24 +141,57 @@ private LakeFormationClient lakeFormation() {
   static class LakeFormationCredentialsProvider implements 
AwsCredentialsProvider {
     private LakeFormationClient client;
     private String tableArn;
+    private final long expiryLeadTimeForRefreshInMins;
+
+    private LakeFormationTemporaryCredentials cachedCredentials;
+    private final Cache<String, LakeFormationTemporaryCredentials> cache;
 
     LakeFormationCredentialsProvider(LakeFormationClient lakeFormationClient, 
String tableArn) {
       this.client = lakeFormationClient;
       this.tableArn = tableArn;
+      this.expiryLeadTimeForRefreshInMins = 1;
+      this.cache = Caffeine.newBuilder()
+          .initialCapacity(1)
+          .recordStats()
+          .build();
     }
 
     @Override
     public AwsCredentials resolveCredentials() {
-      GetTemporaryGlueTableCredentialsRequest 
getTemporaryGlueTableCredentialsRequest =
-          GetTemporaryGlueTableCredentialsRequest.builder()
-              .tableArn(tableArn)
-              // Now only two permission types (COLUMN_PERMISSION and 
CELL_FILTER_PERMISSION) are supported
-              // and Iceberg only supports COLUMN_PERMISSION at this time
-              .supportedPermissionTypes(PermissionType.COLUMN_PERMISSION)
-              .build();
-      GetTemporaryGlueTableCredentialsResponse response =
-          
client.getTemporaryGlueTableCredentials(getTemporaryGlueTableCredentialsRequest);
-      return AwsSessionCredentials.create(response.accessKeyId(), 
response.secretAccessKey(), response.sessionToken());
+      LakeFormationTemporaryCredentials credentials = 
cache.getIfPresent(tableArn);
+      if (credentials != null && shouldRefresh(credentials)) {
+        cache.invalidate(tableArn);
+      }

Review Comment:
   [question] should we use expireAfter(Expiry) for variable TTL based on 
record instead, while creating the Caffeine obj itself, Your thoughts ?
   - can ref https://github.com/ben-manes/caffeine/wiki/Eviction#time-based



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to