Package org.apache.polaris.service.catalog.io

Class StorageAccessConfigProvider

java.lang.Object
org.apache.polaris.service.catalog.io.StorageAccessConfigProvider
@RequestScoped public class StorageAccessConfigProvider extends Object
Provides temporary, scoped credentials for accessing table data in object storage (S3, GCS, Azure Blob Storage).

This provider decouples credential vending from catalog implementations, and should be the primary entrypoint to get sub-scoped credentials for accessing table data.

  • Constructor Summary

    Constructors
    Constructor
    Description
    StorageAccessConfigProvider(org.apache.polaris.core.storage.cache.StorageCredentialCache storageCredentialCache, org.apache.polaris.core.storage.StorageCredentialsVendor storageCredentialsVendor)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    org.apache.polaris.core.storage.StorageAccessConfig
    getStorageAccessConfig(org.apache.iceberg.catalog.TableIdentifier tableIdentifier, Set<String> tableLocations, Set<org.apache.polaris.core.storage.PolarisStorageActions> storageActions, Optional<String> refreshCredentialsEndpoint, org.apache.polaris.core.persistence.PolarisResolvedPathWrapper resolvedPath)
    Vends credentials for accessing table storage at explicit locations.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • StorageAccessConfigProvider

      @Inject public StorageAccessConfigProvider(org.apache.polaris.core.storage.cache.StorageCredentialCache storageCredentialCache, org.apache.polaris.core.storage.StorageCredentialsVendor storageCredentialsVendor)

  • Method Details

    • getStorageAccessConfig

      public org.apache.polaris.core.storage.StorageAccessConfig getStorageAccessConfig(@Nonnull org.apache.iceberg.catalog.TableIdentifier tableIdentifier, @Nonnull Set<String> tableLocations, @Nonnull Set<org.apache.polaris.core.storage.PolarisStorageActions> storageActions, @Nonnull Optional<String> refreshCredentialsEndpoint, @Nonnull org.apache.polaris.core.persistence.PolarisResolvedPathWrapper resolvedPath)
      Vends credentials for accessing table storage at explicit locations.
      Parameters:
      tableIdentifier - the table identifier, used for logging and refresh endpoint construction
      tableLocations - set of storage location URIs to scope credentials to
      storageActions - the storage operations (READ, WRITE, LIST, DELETE) to scope credentials to
      refreshCredentialsEndpoint - optional endpoint URL for clients to refresh credentials
      resolvedPath - the entity hierarchy to search for storage configuration
      Returns:
      StorageAccessConfig with scoped credentials and metadata; empty if no storage config found