obelix74 commented on code in PR #3327:
URL: https://github.com/apache/polaris/pull/3327#discussion_r2651522412
##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/io/StorageAccessConfigProvider.java:
##########
@@ -137,4 +150,56 @@ public StorageAccessConfig getStorageAccessConfig(
}
return accessConfig;
}
+
+ /**
+ * Builds a credential vending context from the table identifier and
resolved path. This context
+ * is used to populate session tags in cloud provider credentials for
audit/correlation purposes.
+ *
+ * @param tableIdentifier the table identifier containing namespace and
table name
+ * @param resolvedPath the resolved entity path containing the catalog entity
+ * @return a credential vending context with catalog, namespace, table, and
request ID
+ */
+ private CredentialVendingContext buildCredentialVendingContext(
+ TableIdentifier tableIdentifier, PolarisResolvedPathWrapper
resolvedPath) {
+ CredentialVendingContext.Builder builder =
CredentialVendingContext.builder();
+
+ // Extract catalog name from the first entity in the resolved path
+ List<PolarisEntity> fullPath = resolvedPath.getRawFullPath();
+ if (fullPath != null && !fullPath.isEmpty()) {
+ builder.catalogName(fullPath.get(0).getName());
+ }
+
+ // Extract namespace from table identifier
+ Namespace namespace = tableIdentifier.namespace();
+ if (namespace != null && namespace.length() > 0) {
+ builder.namespace(String.join(".", namespace.levels()));
+ }
+
+ // Extract table name from table identifier
+ builder.tableName(tableIdentifier.name());
+
+ // Extract request ID from the current request context
+ getRequestId().ifPresent(builder::requestId);
+
+ return builder.build();
+ }
+
+ /**
+ * Extracts the request ID from the current request context.
+ *
+ * <p>Note: we must avoid injecting {@link
jakarta.ws.rs.container.ContainerRequestContext} here,
+ * because this may cause some tests to fail, e.g. when running with no
active request scope.
+ *
+ * @return the request ID if available, empty otherwise
+ */
+ private Optional<String> getRequestId() {
+ // See org.jboss.resteasy.reactive.server.injection.ContextProducers
+ ResteasyReactiveRequestContext context = CurrentRequestManager.get();
Review Comment:
Good point. Refactored to use `MDC.get(RequestIdFilter.REQUEST_ID_KEY)`
instead. This works both within REST API request handlers and in async tasks
where the MDC context is propagated, avoiding the dependency on
Resteasy-specific classes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
