[#5894] feat(iceberg): support Azure account key credential #5938
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FANNG1
reviewed
Dec 21, 2024
api/src/main/java/org/apache/gravitino/credential/ADLSAccountKeyCredential.java
Outdated
Show resolved
Hide resolved
|
LGTM, just one naming issue. |
FANNG1
reviewed
Dec 21, 2024
...src/test/java/org/apache/gravitino/iceberg/integration/test/IcebergRESTADLSAccountKeyIT.java
Outdated
Show resolved
Hide resolved
FANNG1
reviewed
Dec 21, 2024
...s/azure-bundle/src/main/java/org/apache/gravitino/abs/credential/ADLSAccountKeyProvider.java
Outdated
Show resolved
Hide resolved
FANNG1
reviewed
Dec 21, 2024
...s/azure-bundle/src/main/java/org/apache/gravitino/abs/credential/ADLSAccountKeyProvider.java
Outdated
Show resolved
Hide resolved
|
@FANNG1 I think we should use public class ADLSAccountKeyCredential implements Credential {
public static final String ADLS_ACCOUNT_KEY_CREDENTIAL_TYPE = "adls-account-key";
public static final String GRAVITINO_ADLS_STORAGE_ACCOUNT_NAME = "adls-storage-account-name";
public static final String GRAVITINO_ADLS_STORAGE_ACCOUNT_KEY = "adls-storage-account-key";
@VisibleForTesting static final String ICEBERG_ADLS_ACCOUNT_NAME = "adls.auth.shared-key.account.name";
@VisibleForTesting static final String ICEBERG_ADLS_ACCOUNT_KEY = "adls.auth.shared-key.account.key";
ImmutableMap.of(
ADLSAccountKeyCredential.GRAVITINO_ADLS_STORAGE_ACCOUNT_NAME,
ICEBERG_ADLS_ACCOUNT_NAME,
ADLSAccountKeyCredential.GRAVITINO_ADLS_STORAGE_ACCOUNT_KEY,
ICEBERG_ADLS_ACCOUNT_KEY);
if(credential instanceof ADLSAccountKeyCredential) {
return transformProperties(credential.credentialInfo(), icebergCredentialPropertyMap);
}Iceberg use We could change ADLSCredentialConfig to AzureCredentialConfig, as it's more general. WDYT? |
tengqm
reviewed
Dec 21, 2024
api/src/main/java/org/apache/gravitino/credential/AzureAccountKeyCredential.java
Outdated
Show resolved
Hide resolved
For Iceberg it just supports ADLS, but this credential will be used by Gravitino server too, and if supports ABS storage, it will be odd to use ADLSxxxCredential. |
FANNG1
approved these changes
Dec 22, 2024
|
LGTM, @tengqm any other comments? |
FANNG1
changed the title
All good from my side. |
jerryshao
pushed a commit
that referenced
this pull request
Dec 24, 2024
…nnector (#5952) ### What changes were proposed in this pull request? 1. Most code work is implemented in #5938 #5737 including catalog properties convert and add Iceberg azure bundle jar, this PR mainly about test and document. 2. Remove hidden properties of the cloud secret key from the Iceberg catalog, as Gravitino doesn't have an unified security management yet and Iceberg REST server need to fetch catalog cloud properties to initiate `IcebergWrapper` dymaticly. Another benefit is spark connector does not need to specify the secret key explictly. Supports ADLS for Iceberg catalog and spark connector ### Why are the changes needed? Fix: #5954 ### Does this PR introduce _any_ user-facing change? Yes, the user no need to specify the cloud secret key in spark connector. ### How was this patch tested? test in local enviroment
Abyss-lord
pushed a commit
to Abyss-lord/gravitino
that referenced
this pull request
Dec 29, 2024
…ache#5938) ### What changes were proposed in this pull request? Support Azure account key credential ### Why are the changes needed? Fix: apache#5894 ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Unit Test IcebergRESTADLSAccountKeyIT at iceberg 1.6.0
Abyss-lord
pushed a commit
to Abyss-lord/gravitino
that referenced
this pull request
Dec 29, 2024
…ark connector (apache#5952) ### What changes were proposed in this pull request? 1. Most code work is implemented in apache#5938 apache#5737 including catalog properties convert and add Iceberg azure bundle jar, this PR mainly about test and document. 2. Remove hidden properties of the cloud secret key from the Iceberg catalog, as Gravitino doesn't have an unified security management yet and Iceberg REST server need to fetch catalog cloud properties to initiate `IcebergWrapper` dymaticly. Another benefit is spark connector does not need to specify the secret key explictly. Supports ADLS for Iceberg catalog and spark connector ### Why are the changes needed? Fix: apache#5954 ### Does this PR introduce _any_ user-facing change? Yes, the user no need to specify the cloud secret key in spark connector. ### How was this patch tested? test in local enviroment
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
Support Azure account key credential
Why are the changes needed?
Fix: #5894
Does this PR introduce any user-facing change?
No
How was this patch tested?
Unit Test IcebergRESTADLSAccountKeyIT at iceberg 1.6.0