All Classes and Interfaces
Class
Description
Represents access mechanisms defined in the Iceberg REST API specification (values for the
X-Iceberg-Access-Delegation header).Emitted after an attempt of an async task, such as manifest file cleanup, finishes.
A custom
SecurityIdentityAugmentor that, after Quarkus OIDC or Internal Auth extracted
and validated the principal credentials, augments the SecurityIdentity by authenticating
the principal and setting a PolarisPrincipal as the identity's principal.An interface for authenticating principals based on provided
credentials.
CDI qualifier to indicate which authentication type a
ConnectionCredentialVendor
supports.Helper for creating
AuthType qualifiers programmatically.Configuration interface for AWS CloudWatch event listener integration.
Configuration for an AWS IAM service identity used by Polaris to access AWS services.
BatchFileCleanupTaskHandler responsible for batch file cleanup by processing multiple
file deletions in a single task handler.Connection credential vendor for Bearer token authentication.
Emitted before an attempt of an async task, such as manifest file cleanup, begins.
Emitted before the RateLimiterFilter rejects a request due to exceeding the rate limit.
FIXME: this seems unused.
A common interface for adapters between the REST interface and
CatalogHandler
implementationsAn ABC for catalog wrappers which provides authorize methods that should be called before a
request is actually forwarded to a catalog.
CODE_COPIED_TO_POLARIS Copied from CatalogHandler in Iceberg 1.8.0 Contains a collection of
utilities related to managing Iceberg entities
Event records for Catalog Policy operations.
An extension point for converting Iceberg REST API "prefix" values to Polaris Catalog names.
Event fired after a grant is added to a catalog role in Polaris.
Event fired after a grant is revoked from a catalog role in Polaris.
Event fired before a grant is added to a catalog role in Polaris.
Event fired before a grant is revoked from a catalog role in Polaris.
Utility methods for working with Polaris catalog entities.
Priority constants for credential vendor implementations.
The default
Authenticator.A default FileIO factory implementation for creating Iceberg
FileIO instances with
contextual table-level properties.Default implementation of the
IcebergRestOAuth2ApiService that generates a JWT token for
the client if the client secret matches.Default implementation of
PolarisCredentialManager responsible for retrieving credentials
used by Polaris to access external systems such as remote catalogs or cloud storage.Default implementation of
RequestIdGenerator, striking a balance between randomness and
performance.Default implementation of
ServiceIdentityProvider that provides service identity
credentials from statically configured values.A
FileIO implementation that wraps an existing FileIO and re-maps exceptionsFileCleanupTaskHandler responsible for cleaning up files in table tasks.Interface for providing a way to construct FileIO objects, such as for reading/writing S3.
Defines the relationship between PolarisEntities and Iceberg's business logic.
An adapter between generated service types like `IcebergRestCatalogApiService` and
`IcebergCatalogHandler`.
Authorization-aware adapter between REST stubs and shared Iceberg SDK CatalogHandlers.
Utility class that encapsulates logic pertaining to Iceberg REST specific concepts.
See Dropwizard's
io.dropwizard.jersey.jackson.JsonProcessingExceptionMapperEvent records for Iceberg REST Catalog operations.
Factory class for creating an Iceberg REST catalog handle based on connection configuration.
Logical representation of an HTTP compliant If-None-Match header.
Connection credential vendor for Implicit (no authentication) type.
Uses a PolarisTreeMapStore for the underlying persistence layer but uses it to initialize an
AtomicOperationMetaStoreManager instead of the transactional version.
Generates a JWT Token.
A collection of utilities related to table locations CODE_COPIED_TO_POLARIS From Apache Iceberg
Version: 1.9.1
ManifestFileCleanupTaskHandler responsible for deleting all the files in a manifest and
the manifest itself.Serialized Task data sent from the
TableCleanupTaskHandlerEvent listener that does nothing.
Rate limiter that always allows the request
Connection credential vendor for OAuth 2.0 Client Credentials authentication.
Polaris-specific configuration for OIDC tenants.
A
SecurityIdentityAugmentor that maps the access token claims, as provided by the OIDC
authentication mechanism, to a PolarisCredential.Polaris-specific, per-tenant configuration for OIDC authentication.
Resolves the Polaris OIDC tenant to use for the given
SecurityIdentity.A
SecurityIdentityAugmentor that resolves the Polaris OIDC tenant configuration for the
given identity and adds it as an attribute to the SecurityIdentity.Just as an Iceberg Catalog represents the logical model of Iceberg business logic to manage
Namespaces, Tables and Views, abstracted away from Iceberg REST objects, this class represents
the logical model for managing realm-level Catalogs, Principals, Roles, and Grants.
A Quarkus Security
Credential exposing Polaris-specific attributes: the principal id,
name, and roles.Quarkus configuration mapping for Polaris Credential Manager.
Represents an event emitted by Polaris.
Represents an event listener that can respond to notable moments during Polaris's execution.
Concrete implementation of the Polaris API services
Maps the
SecurityIdentity, as provided by the OIDC authentication mechanism, to a Polaris
principal.A mapper for extracting Polaris-specific role names from the
SecurityIdentity of a user.This class provides a common framework for transforming Polaris events into a HashMap, which can
be used to transform the event further, such as transforming into a JSON string, and send them to
various destinations.
Interface for rate limiting requests
Request filter that returns a 429 Too Many Requests if the rate limiter says so
An interface for resolving the realm context for a given request.
Interface for configurations that can have default values and realm-specific overrides.
Represents service identity configuration for a specific realm.
Rate limiter that maps the request's realm identifier to its own TokenBucket, with its own
capacity.
A generator for request IDs.
Used to track entity properties reserved for use by the catalog.
Represents a service identity configuration that can be converted into a fully initialized
ServiceIdentityCredential.Wraps around
BehaviorChangesConfiguration but removes properties from `defaults` that
shouldn't be thereWraps around
FeaturesConfiguration but removes properties from `defaults` that shouldn't
be thereGenerates a JWT using a Public/Private RSA Key
Configuration interface containing parameters for clients accessing S3 services from Polaris
servers.
Deserializer for
AddGrantRequest Backward compatible with previous version of the apiDeserializer for
CreateCatalogRequest.Deserializer for
CreateCatalogRoleRequest Backward compatible with the previous version
of the apiDeserializer for
CreatePrincipalRequest.Deserializer for
CreatePrincipalRoleRequest.Deserializer for
GrantCatalogRoleRequest Backward compatible with the previous version
of the apiDeserializer for
GrantPrincipalRoleRequest.Deserializer for
RevokeGrantRequest Backward compatible with previous version of the
apiConfiguration interface for managing service identities across multiple realms in Polaris.
A pairing of a realm identifier and its associated service identity configuration.
Connection credential vendor for AWS SigV4 authentication.
Provides temporary, scoped credentials for accessing table data in object storage (S3, GCS, Azure
Blob Storage).
Maintains a pool of STS clients.
Generates a JWT using a Symmetric Key.
Table cleanup handler resolves the latest
TableMetadata file for a dropped table and
schedules a deletion task for each Snapshot found in the TableMetadata.Execute a task asynchronously with a provided context.
Given a list of registered
TaskHandlers, execute tasks asynchronously with the provided
CallContext.For local/dev testing, this resolver simply expects a custom bearer-token format that is a
semicolon-separated list of colon-separated key/value pairs that constitute the realm properties.
A broker for generating and verifying tokens.
Factory that creates a
TokenBroker for generating and parsing.General-purpose Token bucket implementation.
Factory for creating token buckets per realm.
A
FileIO implementation that translates WASB paths into ABFS paths and then delegates to
another underlying FileIO implementationA
FileIOFactory that translates WASB paths to ABFS ones