apache
diff --git a/‎clients/client-python/gravitino/api/credential/__init__.py
+16 b/‎clients/client-python/gravitino/api/credential/__init__.py
+16
diff --git a/‎clients/client-python/gravitino/api/credential/credential.py
+51 b/‎clients/client-python/gravitino/api/credential/credential.py
+51
diff --git a/‎clients/client-python/gravitino/api/credential/gcs_token_credential.py
+75 b/‎clients/client-python/gravitino/api/credential/gcs_token_credential.py
+75
diff --git a/‎clients/client-python/gravitino/api/credential/oss_token_credential.py
+105 b/‎clients/client-python/gravitino/api/credential/oss_token_credential.py
+105
diff --git a/‎clients/client-python/gravitino/api/credential/s3_secret_key_credential.py
+91 b/‎clients/client-python/gravitino/api/credential/s3_secret_key_credential.py
+91
@@ -0,0 +1,16 @@
+#   Licensed to the Apache Software Foundation (ASF) under one
+#   or more contributor license agreements.  See the NOTICE file
+#   distributed with this work for additional information
+#   regarding copyright ownership.  The ASF licenses this file
+#   to you under the Apache License, Version 2.0 (the
+#   "License"); you may not use this file except in compliance
+#   with the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing,
+#   software distributed under the License is distributed on an
+#   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#   KIND, either express or implied.  See the License for the
+#   specific language governing permissions and limitations
+#   under the License.
@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from abc import ABC, abstractmethod
+from typing import Dict
+
+
+class Credential(ABC):
+    """Represents the credential in Gravitino."""
+
+    @abstractmethod
+    def credential_type(self) -> str:
+        """The type of the credential.
+
+        Returns:
+             the type of the credential.
+        """
+        pass
+
+    @abstractmethod
+    def expire_time_in_ms(self) -> int:
+        """Returns the expiration time of the credential in milliseconds since
+        the epoch, 0 means it will never expire.
+
+        Returns:
+             The expiration time of the credential.
+        """
+        pass
+
+    @abstractmethod
+    def credential_info(self) -> Dict[str, str]:
+        """The credential information.
+
+        Returns:
+             The credential information.
+        """
+        pass
@@ -0,0 +1,75 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from abc import ABC
+from typing import Dict
+
+from gravitino.api.credential.credential import Credential
+from gravitino.utils.precondition import Precondition
+
+
+class GCSTokenCredential(Credential, ABC):
+    """Represents the GCS token credential."""
+
+    GCS_TOKEN_CREDENTIAL_TYPE: str = "gcs-token"
+    _GCS_TOKEN_NAME: str = "token"
+
+    _expire_time_in_ms: int = 0
+
+    def __init__(self, credential_info: Dict[str, str], expire_time_in_ms: int):
+        self._token = credential_info[self._GCS_TOKEN_NAME]
+        self._expire_time_in_ms = expire_time_in_ms
+        Precondition.check_string_not_empty(
+            self._token, "GCS token should not be empty"
+        )
+        Precondition.check_argument(
+            self._expire_time_in_ms > 0,
+            "The expiration time of GCS token credential should be greater than 0",
+        )
+
+    def credential_type(self) -> str:
+        """The type of the credential.
+
+        Returns:
+             the type of the credential.
+        """
+        return self.GCS_TOKEN_CREDENTIAL_TYPE
+
+    def expire_time_in_ms(self) -> int:
+        """Returns the expiration time of the credential in milliseconds since
+        the epoch, 0 means it will never expire.
+
+        Returns:
+             The expiration time of the credential.
+        """
+        return self._expire_time_in_ms
+
+    def credential_info(self) -> Dict[str, str]:
+        """The credential information.
+
+        Returns:
+             The credential information.
+        """
+        return {self._GCS_TOKEN_NAME: self._token}
+
+    def token(self) -> str:
+        """The GCS token.
+
+        Returns:
+            The GCS token.
+        """
+        return self._token
@@ -0,0 +1,105 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from abc import ABC
+from typing import Dict
+
+from gravitino.api.credential.credential import Credential
+from gravitino.utils.precondition import Precondition
+
+
+class OSSTokenCredential(Credential, ABC):
+    """Represents OSS token credential."""
+
+    OSS_TOKEN_CREDENTIAL_TYPE: str = "oss-token"
+    _GRAVITINO_OSS_SESSION_ACCESS_KEY_ID: str = "oss-access-key-id"
+    _GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY: str = "oss-secret-access-key"
+    _GRAVITINO_OSS_TOKEN: str = "oss-security-token"
+
+    def __init__(self, credential_info: Dict[str, str], expire_time_in_ms: int):
+        self._access_key_id = credential_info[self._GRAVITINO_OSS_SESSION_ACCESS_KEY_ID]
+        self._secret_access_key = credential_info[
+            self._GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY
+        ]
+        self._security_token = credential_info[self._GRAVITINO_OSS_TOKEN]
+        self._expire_time_in_ms = expire_time_in_ms
+        Precondition.check_string_not_empty(
+            self._access_key_id, "The OSS access key ID should not be empty"
+        )
+        Precondition.check_string_not_empty(
+            self._secret_access_key, "The OSS secret access key should not be empty"
+        )
+        Precondition.check_string_not_empty(
+            self._security_token, "The OSS security token should not be empty"
+        )
+        Precondition.check_argument(
+            self._expire_time_in_ms > 0,
+            "The expiration time of OSS token credential should be greater than 0",
+        )
+
+    def credential_type(self) -> str:
+        """The type of the credential.
+
+        Returns:
+             the type of the credential.
+        """
+        return self.OSS_TOKEN_CREDENTIAL_TYPE
+
+    def expire_time_in_ms(self) -> int:
+        """Returns the expiration time of the credential in milliseconds since
+        the epoch, 0 means it will never expire.
+
+        Returns:
+             The expiration time of the credential.
+        """
+        return self._expire_time_in_ms
+
+    def credential_info(self) -> Dict[str, str]:
+        """The credential information.
+
+        Returns:
+             The credential information.
+        """
+        return {
+            self._GRAVITINO_OSS_TOKEN: self._security_token,
+            self._GRAVITINO_OSS_SESSION_ACCESS_KEY_ID: self._access_key_id,
+            self._GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY: self._secret_access_key,
+        }
+
+    def access_key_id(self) -> str:
+        """The OSS access key id.
+
+        Returns:
+            The OSS access key id.
+        """
+        return self._access_key_id
+
+    def secret_access_key(self) -> str:
+        """The OSS secret access key.
+
+        Returns:
+            The OSS secret access key.
+        """
+        return self._secret_access_key
+
+    def security_token(self) -> str:
+        """The OSS security token.
+
+        Returns:
+            The OSS security token.
+        """
+        return self._security_token
@@ -0,0 +1,91 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+from abc import ABC
+from typing import Dict
+
+from gravitino.api.credential.credential import Credential
+from gravitino.utils.precondition import Precondition
+
+
+class S3SecretKeyCredential(Credential, ABC):
+    """Represents S3 secret key credential."""
+
+    S3_SECRET_KEY_CREDENTIAL_TYPE: str = "s3-secret-key"
+    _GRAVITINO_S3_STATIC_ACCESS_KEY_ID: str = "s3-access-key-id"
+    _GRAVITINO_S3_STATIC_SECRET_ACCESS_KEY: str = "s3-secret-access-key"
+
+    def __init__(self, credential_info: Dict[str, str], expire_time: int):
+        self._access_key_id = credential_info[self._GRAVITINO_S3_STATIC_ACCESS_KEY_ID]
+        self._secret_access_key = credential_info[
+            self._GRAVITINO_S3_STATIC_SECRET_ACCESS_KEY
+        ]
+        Precondition.check_string_not_empty(
+            self._access_key_id, "S3 access key id should not be empty"
+        )
+        Precondition.check_string_not_empty(
+            self._secret_access_key, "S3 secret access key should not be empty"
+        )
+        Precondition.check_argument(
+            expire_time == 0,
+            "The expiration time of S3 secret key credential should be 0",
+        )
+
+    def credential_type(self) -> str:
+        """Returns the expiration time of the credential in milliseconds since
+        the epoch, 0 means it will never expire.
+
+        Returns:
+             The expiration time of the credential.
+        """
+        return self.S3_SECRET_KEY_CREDENTIAL_TYPE
+
+    def expire_time_in_ms(self) -> int:
+        """Returns the expiration time of the credential in milliseconds since
+        the epoch, 0 means it will never expire.
+
+        Returns:
+             The expiration time of the credential.
+        """
+        return 0
+
+    def credential_info(self) -> Dict[str, str]:
+        """The credential information.
+
+        Returns:
+             The credential information.
+        """
+        return {
+            self._GRAVITINO_S3_STATIC_SECRET_ACCESS_KEY: self._secret_access_key,
+            self._GRAVITINO_S3_STATIC_ACCESS_KEY_ID: self._access_key_id,
+        }
+
+    def access_key_id(self) -> str:
+        """The S3 access key id.
+
+        Returns:
+            The S3 access key id.
+        """
+        return self._access_key_id
+
+    def secret_access_key(self) -> str:
+        """The S3 secret access key.
+
+        Returns:
+            The S3 secret access key.
+        """
+        return self._secret_access_key