diqiu50 commented on code in PR #10730:
URL: https://github.com/apache/gravitino/pull/10730#discussion_r3085252502
##########
trino-connector/trino-connector/src/main/java/org/apache/gravitino/trino/connector/security/GravitinoAuthProvider.java:
##########
@@ -122,17 +130,118 @@ public static GravitinoAdminClient
buildClient(GravitinoConfig config) {
}
}
- // Remove auth-specific keys before passing to withClientConfig
+ removeAuthSpecificKeys(clientConfig);
+ builder.withClientConfig(clientConfig);
+
+ return builder.build();
+ }
+
+ /**
+ * Alias for {@link #build(GravitinoConfig)}, kept for backward
compatibility with existing tests.
+ *
+ * @deprecated Use {@link #build(GravitinoConfig)} directly.
+ */
+ @Deprecated
+ @SuppressWarnings("InlineMeSuggester")
+ public static GravitinoAdminClient buildClient(GravitinoConfig config) {
+ return build(config);
+ }
+
+ /**
+ * Builds a per-user {@link GravitinoAdminClient} whose credentials come
from the given Trino
+ * connector session. This is the entry point for the per-user client cache
when {@code
+ * forwardUser=true}.
+ *
+ * <p>Supported combinations:
+ *
+ * <ul>
+ * <li>{@code authType=simple + forwardUser=true}: uses the Trino session
user name
+ * <li>{@code authType=oauth2 + forwardUser=true}: reads a Bearer token
from the session's extra
+ * credentials using the key configured via {@link
#OAUTH2_TOKEN_CREDENTIAL_KEY}
+ * </ul>
+ *
+ * @param config the Gravitino connector configuration
+ * @param session the current Trino connector session
+ * @return a new {@link GravitinoAdminClient} authenticated for the session
user
+ * @throws IllegalArgumentException if forwarding is not configured or auth
type does not support
+ * it
+ */
+ public static GravitinoAdminClient buildForSession(
+ GravitinoConfig config, ConnectorSession session) {
+ Map<String, String> clientConfig = config.getClientConfig();
+ String uri = config.getURI();
+ String authTypeStr = clientConfig.get(AUTH_TYPE_KEY);
+ boolean forwardUser =
+
Boolean.parseBoolean(clientConfig.getOrDefault(FORWARD_SESSION_USER_KEY,
"false"));
+
+ if (!forwardUser) {
+ throw new IllegalArgumentException(
+ "buildForSession called but forwardUser is not enabled in config");
+ }
+
+ if (StringUtils.isBlank(authTypeStr)) {
+ throw new IllegalArgumentException(
+ "buildForSession requires an authType to be set in config");
+ }
+
+ AuthType authType = parseAuthType(authTypeStr);
+
+ GravitinoAdminClient.AdminClientBuilder builder =
GravitinoAdminClient.builder(uri);
+
+ switch (authType) {
+ case SIMPLE:
+ builder.withSimpleAuth(session.getUser());
+ break;
+ case OAUTH2:
Review Comment:
fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
