adutra commented on code in PR #10621: URL: https://github.com/apache/iceberg/pull/10621#discussion_r1664022154
########## core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Manager.java: ########## @@ -0,0 +1,241 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.iceberg.rest.auth; + +import java.util.List; +import java.util.Map; +import java.util.concurrent.Future; +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.TimeUnit; +import java.util.function.Supplier; +import org.apache.iceberg.relocated.com.google.common.collect.ImmutableList; +import org.apache.iceberg.rest.RESTClient; +import org.apache.iceberg.rest.RESTUtil; +import org.apache.iceberg.rest.ResourcePaths; +import org.apache.iceberg.rest.responses.OAuthTokenResponse; +import org.apache.iceberg.util.Pair; +import org.apache.iceberg.util.PropertyUtil; +import org.apache.iceberg.util.ThreadPools; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class OAuth2Manager implements AuthManager { + + private static final Logger LOG = LoggerFactory.getLogger(OAuth2Manager.class); + + private static final List<String> TOKEN_PREFERENCE_ORDER = + ImmutableList.of( + OAuth2Properties.ID_TOKEN_TYPE, + OAuth2Properties.ACCESS_TOKEN_TYPE, + OAuth2Properties.JWT_TOKEN_TYPE, + OAuth2Properties.SAML2_TOKEN_TYPE, + OAuth2Properties.SAML1_TOKEN_TYPE); + + private String name; + private long startTimeMillis; + private Map<String, String> authHeaders; + private String credential; + private String scope; + private Map<String, String> optionalOAuthParams; + private String oauth2ServerUri; + private boolean keepTokenRefreshed = true; Review Comment: There is something fishy with this field, it's never updated. ########## core/src/main/java/org/apache/iceberg/rest/auth/AuthSession.java: ########## @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.iceberg.rest.auth; + +import java.util.Map; + +public interface AuthSession { + + Map<String, String> headers(); + + void stopRefreshing(); Review Comment: `stopRefreshing` sounds very "oauthy". I'm not sure the notion of token refreshing makes sense generally for all auth schemes. I suggest that you make `AuthSession` extend `Closeable` and rename this method `close`. Looking at the places where this method is called, it's always used to dispose the session when it gets evicted from the session cache, so I think that calling this `close` makes sense and indicates to implementors that they should release all resources. ########## core/src/main/java/org/apache/iceberg/rest/auth/AuthManager.java: ########## @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.iceberg.rest.auth; + +import java.util.Map; +import java.util.function.Supplier; +import org.apache.iceberg.rest.RESTClient; +import org.apache.iceberg.util.Pair; + +public interface AuthManager extends AutoCloseable { + + Map<String, String> mergeAuthHeadersForGetConfig( Review Comment: This can be improved. Here we are constructing an initial auth session so a better signature would be: ```java AuthSession initialAuth(RESTClient initialAuthClient, Map<String, String> initialHeaders); ``` It's very easy to adapt the only call site of that method. ########## core/src/main/java/org/apache/iceberg/rest/auth/AuthSession.java: ########## @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.iceberg.rest.auth; + +import java.util.Map; + +public interface AuthSession { + + Map<String, String> headers(); Review Comment: As I stated in a previous comment, this is where I think we need something more powerful than just returning some headers to include in the request. This is because some auth schemes will need to inspect the whole request and make decisions based on its content/state. Here is what I have currently: ```java void applyAuth( URI requestUri, String method, Map<String, String> queryParams, Object requestBody, Map<String, List<String>> currentHeaders, BiConsumer<String, String> headerConsumer); ``` Most impls would simply inject additional headers: ```java headerConsumer.accept("Authorization", "Bearer ****"); ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
