dimas-b commented on code in PR #3729: URL: https://github.com/apache/polaris/pull/3729#discussion_r2789642289
########## runtime/server/src/test/java/org/apache/polaris/service/storage/gcp/ProtobufSmokeTest.java: ########## @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.storage.gcp; + +import static java.lang.String.format; + +import org.junit.jupiter.api.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class ProtobufSmokeTest { + + public static final Logger LOGGER = LoggerFactory.getLogger(ProtobufSmokeTest.class); + + @Test + public void testProtobufVersions() throws ClassNotFoundException { + LOGGER.info( + format( + "The static initializers of %s will throw an error if the versions of libraries " Review Comment: maybe `Assertions.assertThatCode(...).doesNotThrowAnyException()`? ########## spec/polaris-management-service.yml: ########## @@ -987,6 +988,23 @@ components: BEARER: "#/components/schemas/BearerAuthenticationParameters" SIGV4: "#/components/schemas/SigV4AuthenticationParameters" IMPLICIT: "#/components/schemas/ImplicitAuthenticationParameters" + GCP: "#/components/schemas/GoogleAuthenticationParameters" + + GoogleAuthenticationParameters: + type: object + description: Leads to GoogleAuthManager being used. See https://github.com/apache/polaris/issues/3451 Review Comment: nit: GH links in OpenAPI descriptions seem like an overkill 🤔 ########## runtime/server/build.gradle.kts: ########## @@ -51,7 +51,10 @@ dependencies { } // enforce the Quarkus _platform_ here, to get a consistent and validated set of dependencies - implementation(enforcedPlatform(libs.quarkus.bom)) + implementation(enforcedPlatform(libs.quarkus.bom)) { + exclude(group = "com.google.protobuf", module = "protobuf-java") Review Comment: Could you explain why we have to exclude `protobuf`? ########## polaris-core/src/main/java/org/apache/polaris/core/connection/ConnectionConfigInfoDpo.java: ########## @@ -121,7 +121,7 @@ public AuthenticationParametersDpo getAuthenticationParameters() { return serviceIdentity; } - private static final ObjectMapper DEFAULT_MAPPER; + static final ObjectMapper DEFAULT_MAPPER; Review Comment: It looks like the wider access benefits only test classes. Could they use their own mapper to avoid increasing the accessible surface of core code? ########## runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergRESTExternalCatalogFactoryTest.java: ########## @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.catalog.iceberg; + +import static org.apache.polaris.service.catalog.iceberg.IcebergRESTExternalCatalogFactory.HEADER_PREFIX; +import static org.apache.polaris.service.catalog.iceberg.IcebergRESTExternalCatalogFactory.extraHeadersFrom; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.util.HashMap; +import java.util.Map; +import org.junit.jupiter.api.Test; + +class IcebergRESTExternalCatalogFactoryTest { + + @Test + void testHeadersStrippedAndFiltered() { + HashMap<String, String> properties = new HashMap<>(); + String extraHeader = "X-Iceberg-Access-Delegation"; + properties.put(HEADER_PREFIX + extraHeader, "vended-credentials"); + properties.put("not interesting", "ignore"); + Map<String, String> actual = extraHeadersFrom(properties); + assertEquals(1, actual.size()); + assertEquals(2, properties.size()); + assertTrue(actual.containsKey(extraHeader)); Review Comment: Could you assert exact key/value pairs? ########## spec/polaris-management-service.yml: ########## @@ -987,6 +988,23 @@ components: BEARER: "#/components/schemas/BearerAuthenticationParameters" SIGV4: "#/components/schemas/SigV4AuthenticationParameters" IMPLICIT: "#/components/schemas/ImplicitAuthenticationParameters" + GCP: "#/components/schemas/GoogleAuthenticationParameters" + + GoogleAuthenticationParameters: + type: object + description: Leads to GoogleAuthManager being used. See https://github.com/apache/polaris/issues/3451 + allOf: + - $ref: '#/components/schemas/AuthenticationParameters' + properties: + clientId: + type: string + description: The user who accesses the BigLake metastore. Note it can be distinct from the gcsServiceAccount. Review Comment: is `BigLake` the only use case? ########## runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergRESTExternalCatalogFactory.java: ########## @@ -50,13 +53,18 @@ public Catalog createCatalog( } SessionCatalog.SessionContext context = SessionCatalog.SessionContext.createEmpty(); + Map<String, String> extraHeaders = + extraHeadersFrom(icebergConfig.asIcebergCatalogProperties(polarisCredentialManager)); + RESTCatalog federatedCatalog = new RESTCatalog( context, - (config) -> - HTTPClient.builder(config) - .uri(config.get(org.apache.iceberg.CatalogProperties.URI)) - .build()); + (config) -> { + return HTTPClient.builder(config) + .withHeaders(extraHeaders) + .uri(config.get(org.apache.iceberg.CatalogProperties.URI)) Review Comment: nit: use import? ########## spec/polaris-management-service.yml: ########## @@ -987,6 +988,23 @@ components: BEARER: "#/components/schemas/BearerAuthenticationParameters" SIGV4: "#/components/schemas/SigV4AuthenticationParameters" IMPLICIT: "#/components/schemas/ImplicitAuthenticationParameters" + GCP: "#/components/schemas/GoogleAuthenticationParameters" + + GoogleAuthenticationParameters: Review Comment: REST API changes in Polaris require a `dev` ML discussion. Could you open a thread for that? ########## runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java: ########## @@ -689,6 +689,8 @@ private Map<String, SecretReference> extractSecretReferences( // service identity managed by Polaris. Nothing to do here. break; } + case GCP: + break; Review Comment: Could you add a comment similar to the SigV4 case for clarity? ########## runtime/service/src/test/java/org/apache/polaris/service/catalog/iceberg/IcebergRESTExternalCatalogFactoryTest.java: ########## @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.polaris.service.catalog.iceberg; + +import static org.apache.polaris.service.catalog.iceberg.IcebergRESTExternalCatalogFactory.HEADER_PREFIX; +import static org.apache.polaris.service.catalog.iceberg.IcebergRESTExternalCatalogFactory.extraHeadersFrom; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.util.HashMap; +import java.util.Map; +import org.junit.jupiter.api.Test; + +class IcebergRESTExternalCatalogFactoryTest { + + @Test + void testHeadersStrippedAndFiltered() { + HashMap<String, String> properties = new HashMap<>(); + String extraHeader = "X-Iceberg-Access-Delegation"; + properties.put(HEADER_PREFIX + extraHeader, "vended-credentials"); + properties.put("not interesting", "ignore"); + Map<String, String> actual = extraHeadersFrom(properties); + assertEquals(1, actual.size()); + assertEquals(2, properties.size()); Review Comment: what;s the point of this assert? It seems to be self-evident from the test code above 🤔 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
