dimas-b commented on code in PR #2280:
URL: https://github.com/apache/polaris/pull/2280#discussion_r2504118201
##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/io/AccessConfigProvider.java:
##########
@@ -101,4 +120,58 @@ public AccessConfig getAccessConfig(
storageInfo.get(),
refreshCredentialsEndpoint);
}
+
+ /**
+ * Generates a remote signing configuration for accessing table storage at
explicit locations.
+ *
+ * @param callContext the call context containing realm, principal, and
security context
+ * @param catalogName the name of the catalog
+ * @param tableIdentifier the table identifier, used for logging and refresh
endpoint construction
+ * @param resolvedPath the entity hierarchy to search for storage
configuration
+ * @return {@link AccessConfig} with scoped credentials and metadata; empty
if no storage config
+ * found
+ */
+ public AccessConfig getAccessConfigForRemoteSigning(
+ @Nonnull CallContext callContext,
+ @Nonnull String catalogName,
+ @Nonnull TableIdentifier tableIdentifier,
+ @Nonnull PolarisResolvedPathWrapper resolvedPath) {
+ LOGGER
+ .atDebug()
+ .addKeyValue("tableIdentifier", tableIdentifier)
+ .log("Fetching remote signing config for table");
+
+ Optional<PolarisEntity> storageInfo =
FileIOUtil.findStorageInfoFromHierarchy(resolvedPath);
+ Optional<PolarisStorageConfigurationInfo> configurationInfo =
+ storageInfo
+ .map(PolarisEntity::getInternalPropertiesAsMap)
+ .map(info ->
info.get(PolarisEntityConstants.getStorageConfigInfoPropertyName()))
+ .map(PolarisStorageConfigurationInfo::deserialize);
+
+ if (configurationInfo.isEmpty()) {
+ LOGGER
+ .atWarn()
+ .addKeyValue("tableIdentifier", tableIdentifier)
+ .log("Table entity has no storage configuration in its hierarchy");
+ return AccessConfig.EMPTY;
+ }
+
+ PolarisStorageIntegration<AwsStorageConfigurationInfo> storageIntegration =
+
storageIntegrationProvider.getStorageIntegrationForConfig(configurationInfo.get());
+
+ if (!(storageIntegration
+ instanceof AwsCredentialsStorageIntegration
awsCredentialsStorageIntegration)) {
+ LOGGER
+ .atWarn()
+ .addKeyValue("tableIdentifier", tableIdentifier)
+ .log("Table entity storage integration is not an AWS credentials
storage integration");
+ return AccessConfig.EMPTY;
+ }
+
+ String prefix =
prefixParser.catalogNameToPrefix(callContext.getRealmContext(), catalogName);
+ URI signerUri = uriInfo.getBaseUri().resolve("api/");
Review Comment:
+1 to `PolarisResourcePaths`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
