feat: add restcatalog authentication api #479
Conversation
| /// \param properties Configuration properties. | ||
| /// \return A session for initialization, or the catalog session by default. | ||
| virtual std::shared_ptr<AuthSession> InitSession( | ||
| HttpClient* init_client, |
There was a problem hiding this comment.
why use raw pointer?🤔 use std::shared_ptr instead?
There was a problem hiding this comment.
AuthManager simply borrows the HTTP client owned by the catalog, it isn’t supposed to manage that client’s lifetime, so here use raw pointer.
There was a problem hiding this comment.
Perhaps it is better to use HttpClient& to save the null check?
| set(ICEBERG_REST_AUTH_SOURCES auth_session.cc auth_manager.cc auth_managers.cc) | ||
|
|
||
| # Expose sources to parent scope for inclusion in iceberg_rest library | ||
| set(ICEBERG_REST_AUTH_SOURCES | ||
| ${ICEBERG_REST_AUTH_SOURCES} | ||
| PARENT_SCOPE) |
There was a problem hiding this comment.
| set(ICEBERG_REST_AUTH_SOURCES auth_session.cc auth_manager.cc auth_managers.cc) | |
| # Expose sources to parent scope for inclusion in iceberg_rest library | |
| set(ICEBERG_REST_AUTH_SOURCES | |
| ${ICEBERG_REST_AUTH_SOURCES} | |
| PARENT_SCOPE) | |
| iceberg_install_all_headers(iceberg/catalog/rest/auth) |
The current pattern is inconsistent with other CMake config. We should only install headers for this subdirectory here.
| # Add auth sources with proper path prefix | ||
| foreach(AUTH_SOURCE ${ICEBERG_REST_AUTH_SOURCES}) | ||
| list(APPEND ICEBERG_REST_SOURCES "auth/${AUTH_SOURCE}") | ||
| endforeach() | ||
|
|
There was a problem hiding this comment.
| # Add auth sources with proper path prefix | |
| foreach(AUTH_SOURCE ${ICEBERG_REST_AUTH_SOURCES}) | |
| list(APPEND ICEBERG_REST_SOURCES "auth/${AUTH_SOURCE}") | |
| endforeach() |
Let's remove these lines by directly adding those files in the above set(ICEBERG_REST_SOURCES).
| # specific language governing permissions and limitations | ||
| # under the License. | ||
|
|
||
| # Include auth subdirectory |
There was a problem hiding this comment.
| # Include auth subdirectory |
This comment is unnecessary.
|
|
||
| } // namespace iceberg::rest | ||
|
|
||
| namespace iceberg::rest::auth { |
There was a problem hiding this comment.
Do we really need the extra auth namespace?
There was a problem hiding this comment.
Here mirrors the Java package structure (org.apache.iceberg.rest.auth), making it easier to navigate between implementations.
| /// \brief Convert a string to lowercase for case-insensitive comparison. | ||
| std::string ToLower(std::string_view str) { | ||
| std::string result(str); | ||
| std::ranges::transform(result, result.begin(), | ||
| [](unsigned char c) { return std::tolower(c); }); | ||
| return result; | ||
| } |
There was a problem hiding this comment.
There is a StringUtils::ToLower func in util/string_util.h
| void Close() override { | ||
| // No resources to release | ||
| } |
There was a problem hiding this comment.
Can be removed if do nothing.
| /// \brief Authentication manager interface for REST catalog. | ||
|
|
||
| namespace iceberg::rest { | ||
| class HttpClient; |
There was a problem hiding this comment.
Remove this by include type_fwd.h.
| #include <string> | ||
| #include <unordered_map> | ||
|
|
||
| #include "iceberg/catalog/rest/auth/auth_session.h" |
There was a problem hiding this comment.
Remove this to use forward declaration.
| /// | ||
| /// This interface is modeled after Java Iceberg's AuthManager interface. |
There was a problem hiding this comment.
| /// | |
| /// This interface is modeled after Java Iceberg's AuthManager interface. |
| /// \param properties Configuration properties. | ||
| /// \return A session for initialization, or the catalog session by default. | ||
| virtual std::shared_ptr<AuthSession> InitSession( | ||
| HttpClient* init_client, |
There was a problem hiding this comment.
Perhaps it is better to use HttpClient& to save the null check?
| /// \param properties Configuration properties (merged with server config). | ||
| /// \return A session for catalog operations, or an error if session creation fails | ||
| /// (e.g., missing required credentials, network failure during token fetch). | ||
| virtual Result<std::shared_ptr<AuthSession>> CatalogSession( |
| /// (i.e., request headers take precedence). | ||
| /// | ||
| /// \param headers The headers map to add authentication information to. | ||
| void Authenticate(std::unordered_map<std::string, std::string>& headers) override; |
There was a problem hiding this comment.
Do you think it is worth adding a class HttpRequest? We don't have it yet.
| /// OAuth2 authentication. Otherwise, defaults to no authentication. | ||
| /// | ||
| /// This behavior is consistent with Java Iceberg's AuthManagers. | ||
| std::string InferAuthType( |
There was a problem hiding this comment.
Should we add a enum class for the auth type?
| } // namespace | ||
|
|
||
| std::unordered_map<std::string, AuthManagerFactory>& AuthManagers::GetRegistry() { | ||
| static std::unordered_map<std::string, AuthManagerFactory> registry; |
There was a problem hiding this comment.
| static std::unordered_map<std::string, AuthManagerFactory> registry; | |
| static std::unordered_map<std::string, AuthManagerFactory, StringHash, StringEqual> registry; |
Let's support heterogeneous lookup
|
|
||
| private: | ||
| /// \brief Get the global registry of auth manager factories. | ||
| static std::unordered_map<std::string, AuthManagerFactory>& GetRegistry(); |
There was a problem hiding this comment.
We don't need this function in the header file, right?
| /// other properties (e.g., presence of "credential" or "token" implies oauth2). | ||
| /// If no auth-related properties are found, it defaults to "none". | ||
| /// | ||
| /// \param name A name for the manager (used for logging). |
There was a problem hiding this comment.
| /// \param name A name for the manager (used for logging). | |
| /// \param name A name for the manager. |
4 participants
feat: add restcatalog authentication api