Package org.apache.polaris.service.identity

Interface ResolvableServiceIdentityConfiguration

All Known Subinterfaces:
AwsIamServiceIdentityConfiguration
public interface ResolvableServiceIdentityConfiguration
Represents a service identity configuration that can be converted into a fully initialized ServiceIdentityCredential.

This interface allows identity configurations (e.g., AWS IAM) to encapsulate the logic required to construct runtime credentials and metadata needed to authenticate as a Polaris-managed service identity.

  • Method Summary

    Modifier and Type
    Method
    Description
    default Optional<? extends org.apache.polaris.core.identity.credential.ServiceIdentityCredential>
    asServiceIdentityCredential(org.apache.polaris.core.secrets.SecretReference secretReference)
    Converts this configuration into a ServiceIdentityCredential with actual credentials.
    default Optional<? extends org.apache.polaris.core.admin.model.ServiceIdentityInfo>
    asServiceIdentityInfoModel()
    Converts this configuration into a ServiceIdentityInfo model containing identity metadata without credentials.
    static ResolvableServiceIdentityConfiguration
    defaultConfiguration()
    Returns the default resolvable service identity configuration.
    default org.apache.polaris.core.identity.ServiceIdentityType
    getType()
    Returns the type of service identity represented by this configuration.

  • Method Details

    • getType

      default org.apache.polaris.core.identity.ServiceIdentityType getType()
      Returns the type of service identity represented by this configuration.
      Returns:
      the service identity type, or ServiceIdentityType.NULL_TYPE if not specified

    • asServiceIdentityInfoModel

      default Optional<? extends org.apache.polaris.core.admin.model.ServiceIdentityInfo> asServiceIdentityInfoModel()
      Converts this configuration into a ServiceIdentityInfo model containing identity metadata without credentials.

      This method is used when only identity information (e.g., IAM ARN) is needed for API responses, without exposing sensitive credentials.

      Returns:
      an optional service identity info model, or empty if required configuration is missing

    • asServiceIdentityCredential

      default Optional<? extends org.apache.polaris.core.identity.credential.ServiceIdentityCredential> asServiceIdentityCredential(@Nonnull org.apache.polaris.core.secrets.SecretReference secretReference)
      Converts this configuration into a ServiceIdentityCredential with actual credentials.

      This method should only be called when credentials are actually needed for authentication. Implementations should construct the appropriate credential object (e.g., AwsIamServiceIdentityCredential) using the configured values and the provided secret reference.

      Parameters:
      secretReference - the secret reference to associate with this credential for persistence
      Returns:
      an optional service identity credential, or empty if required configuration is missing

    • defaultConfiguration

      static ResolvableServiceIdentityConfiguration defaultConfiguration()
      Returns the default resolvable service identity configuration.

      This configuration is used only when the default realm (DEFAULT_REALM_KEY) has no explicit configuration. It serves as a fallback for development scenarios where credentials are obtained from the environment without requiring explicit configuration.

      Returns:
      the default resolvable service identity configuration