[#5623] feat(python): supports credential API in python client #5777
Conversation
FANNG1
force-pushed
the
credential-python
branch
from
5f02995 to
020bca1
Compare
FANNG1
force-pushed
the
credential-python
branch
from
85f8540 to
e9b21b3
Compare
FANNG1
changed the title
|
It's ready to review now, @jerryshao @yuqi1129 please help to review, thanks |
jerryshao
requested review from
noidname01,
xunliu,
xloya and
yuqi1129
and removed request for
xunliu
clients/client-python/gravitino/client/metadata_object_credential_operations.py
Outdated
Show resolved
Hide resolved
|
@jerryshao @xloya , all comments are addressed, please help to review again |
clients/client-python/gravitino/api/credential/gcs_token_credential.py
Outdated
Show resolved
Hide resolved
clients/client-python/gravitino/api/credential/oss_token_credential.py
Outdated
Show resolved
Hide resolved
clients/client-python/gravitino/api/credential/oss_token_credential.py
Outdated
Show resolved
Hide resolved
clients/client-python/gravitino/api/credential/oss_token_credential.py
Outdated
Show resolved
Hide resolved
| ) | ||
| Precondition.check_argument( | ||
| self.expire_time_in_ms, | ||
| "The expiration time of S3 token credential should greater than 0", |
There was a problem hiding this comment.
should be,
Please check other similar problems like this.
| """The s3 session token. | ||
|
|
||
| Returns: | ||
| The S3 session token. |
There was a problem hiding this comment.
You'd better use s3 or S3 in the whole class or in this PR uniformly.
| self._session_token, "The S3 session token should not be empty" | ||
| ) | ||
| Precondition.check_argument( | ||
| self.expire_time_in_ms, |
There was a problem hiding this comment.
I think this is not a boolean expression, it should be a problem here.
| """Retrieves an array of Credential objects. | ||
|
|
||
| Returns: | ||
| An array of Credential objects. In most cases the array only contains |
There was a problem hiding this comment.
Array or List? Please describe it correctly.
| a catalog but the credential provider couldn't generate the credential | ||
| for the catalog, like S3 token credential provider only generate | ||
| credential for the specific object like Fileset,Table. There will be at | ||
| most one credential for one credential type. |
There was a problem hiding this comment.
Remove the prefix whitespace in this line.
|
Generally LGTM from the logic, @xunliu @noidname01 would you please help to review this PR, to see if it follows Python's convention. |
|
LGTM! |
There was a problem hiding this comment.
Look like lose two java function in the Python side
- void initialize(Map<String, String> credentialInfo, long expireTimeInMs);
- default Map<String, String> toProperties()
Don't we need these two function?
There was a problem hiding this comment.
no, toProperties is used to serialize credential objects in server side, initialize is something like deserialize in client side, for python implementation, we only focus on the deserialize part, so create the credential with credentialInfo and expireTimeInMs.
| GCS_TOKEN_CREDENTIAL_TYPE = "gcs-token" | ||
| _GCS_TOKEN_NAME = "token" | ||
|
|
||
| _expire_time_in_ms = 0 |
There was a problem hiding this comment.
Please add variable types for these variables
| OSS_TOKEN_CREDENTIAL_TYPE = "oss-token" | ||
| _GRAVITINO_OSS_SESSION_ACCESS_KEY_ID = "oss-access-key-id" | ||
| _GRAVITINO_OSS_SESSION_SECRET_ACCESS_KEY = "oss-secret-access-key" | ||
| _GRAVITINO_OSS_TOKEN = "oss-security-token" |
There was a problem hiding this comment.
Please add variable types for these variables
| S3_SECRET_KEY_CREDENTIAL_TYPE = "s3-secret-key" | ||
| _GRAVITINO_S3_STATIC_ACCESS_KEY_ID = "s3-access-key-id" | ||
| _GRAVITINO_S3_STATIC_SECRET_ACCESS_KEY = "s3-secret-access-key" |
There was a problem hiding this comment.
Please add variable types for these variables
There was a problem hiding this comment.
I think we can keep the consistent Java class name CredentialFactory.
| @@ -74,6 +79,11 @@ def __init__( | |||
| self.rest_client = rest_client | |||
| self._catalog_namespace = catalog_namespace | |||
|
|
|||
| metadata_object = MetadataObjectImpl([name], MetadataObject.Type.CATALOG) | |||
| self._credential_operations = MetadataObjectCredentialOperations( | |||
There was a problem hiding this comment.
I think better to change _credential_operations to _objectCredentialOperations, keep consistent Java side.
and add _objectCredentialOperations into BaseSchemaCatalog member variable.
| def __init__( | ||
| self, fileset: FilesetDTO, rest_client: HTTPClient, full_namespace: Namespace | ||
| ): | ||
| self._fileset = fileset |
There was a problem hiding this comment.
Please add _fileset into GenericFileset member variable.
| self._rest_client = rest_client | ||
| metadata_object_type = metadata_object.type().value | ||
| metadata_object_name = metadata_object.name() | ||
| self._request_path = ( | ||
| f"api/metalakes/{metalake_name}objects/{metadata_object_type}/" | ||
| f"{metadata_object_name}/credentials" | ||
| ) |
There was a problem hiding this comment.
Please add _rest_client and _request_path into MetadataObjectCredentialOperations member variable.
…pache#5777) ### What changes were proposed in this pull request? supports credential API in python client ```python catalog = gravitino_client.load_catalog(catalog_name) catalog.as_fileset_catalog().support_credentials().get_credentials() fileset = catalog.as_fileset_catalog().load_fileset( NameIdentifier.of("schema", "fileset") ) credentials = fileset.support_credentials().get_credentials() ``` ### Why are the changes needed? Fix: apache#5623 ### Does this PR introduce _any_ user-facing change? no ### How was this patch tested? 1. add UT 2. setup a Gravitino server which returns credential, test with python client
What changes were proposed in this pull request?
supports credential API in python client
Why are the changes needed?
Fix: #5623
Does this PR introduce any user-facing change?
no
How was this patch tested?