|
| 1 | +/* |
| 2 | + * Licensed to the Apache Software Foundation (ASF) under one |
| 3 | + * or more contributor license agreements. See the NOTICE file |
| 4 | + * distributed with this work for additional information |
| 5 | + * regarding copyright ownership. The ASF licenses this file |
| 6 | + * to you under the Apache License, Version 2.0 (the |
| 7 | + * "License"); you may not use this file except in compliance |
| 8 | + * with the License. You may obtain a copy of the License at |
| 9 | + * |
| 10 | + * http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | + * |
| 12 | + * Unless required by applicable law or agreed to in writing, |
| 13 | + * software distributed under the License is distributed on an |
| 14 | + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| 15 | + * KIND, either express or implied. See the License for the |
| 16 | + * specific language governing permissions and limitations |
| 17 | + * under the License. |
| 18 | + */ |
| 19 | + |
| 20 | +#pragma once |
| 21 | + |
| 22 | +#include <memory> |
| 23 | +#include <string> |
| 24 | +#include <unordered_map> |
| 25 | + |
| 26 | +#include "iceberg/catalog/rest/auth/auth_session.h" |
| 27 | +#include "iceberg/catalog/rest/iceberg_rest_export.h" |
| 28 | +#include "iceberg/table_identifier.h" |
| 29 | + |
| 30 | +/// \file iceberg/catalog/rest/auth/auth_manager.h |
| 31 | +/// \brief Authentication manager interface for REST catalog. |
| 32 | + |
| 33 | +namespace iceberg::rest { |
| 34 | +class HttpClient; |
| 35 | +} // namespace iceberg::rest |
| 36 | + |
| 37 | +namespace iceberg::rest::auth { |
| 38 | + |
| 39 | +/// \brief Manager for authentication sessions. |
| 40 | +/// |
| 41 | +/// This interface is used to create sessions for the catalog, tables/views, |
| 42 | +/// and any other context that requires authentication. |
| 43 | +/// |
| 44 | +/// Managers are typically stateful and may require initialization and cleanup. |
| 45 | +/// The manager is created by the catalog and is closed when the catalog is closed. |
| 46 | +/// |
| 47 | +/// This interface is modeled after Java Iceberg's AuthManager interface. |
| 48 | +class ICEBERG_REST_EXPORT AuthManager { |
| 49 | + public: |
| 50 | + virtual ~AuthManager() = default; |
| 51 | + |
| 52 | + /// \brief Return a temporary session for contacting the configuration endpoint. |
| 53 | + /// |
| 54 | + /// This session is used only during catalog initialization to fetch server |
| 55 | + /// configuration. The returned session will be closed after the configuration |
| 56 | + /// endpoint is contacted and should not be cached. |
| 57 | + /// |
| 58 | + /// The provided HTTP client is a short-lived client; it should only be used |
| 59 | + /// to fetch initial credentials if required, and must be discarded after that. |
| 60 | + /// |
| 61 | + /// This method cannot return null. By default, it returns the catalog session. |
| 62 | + /// |
| 63 | + /// \param init_client A short-lived HTTP client for initialization. |
| 64 | + /// \param properties Configuration properties. |
| 65 | + /// \return A session for initialization, or the catalog session by default. |
| 66 | + virtual std::shared_ptr<AuthSession> InitSession( |
| 67 | + HttpClient* init_client, |
| 68 | + const std::unordered_map<std::string, std::string>& properties); |
| 69 | + |
| 70 | + /// \brief Return a long-lived session for catalog operations. |
| 71 | + /// |
| 72 | + /// This session's lifetime is tied to the owning catalog. It serves as the |
| 73 | + /// parent session for all other sessions (contextual and table-specific). |
| 74 | + /// It is closed when the owning catalog is closed. |
| 75 | + /// |
| 76 | + /// The provided HTTP client is a long-lived, shared client. Implementors may |
| 77 | + /// store it and reuse it for subsequent requests to the authorization server |
| 78 | + /// (e.g., for renewing or refreshing credentials). It is not necessary to |
| 79 | + /// close it when Close() is called. |
| 80 | + /// |
| 81 | + /// This method cannot return null. |
| 82 | + /// |
| 83 | + /// It is not required to cache the returned session internally, as the catalog |
| 84 | + /// will keep it alive for the lifetime of the catalog. |
| 85 | + /// |
| 86 | + /// \param shared_client A long-lived, shared HTTP client. |
| 87 | + /// \param properties Configuration properties (merged with server config). |
| 88 | + /// \return A session for catalog operations. |
| 89 | + virtual std::shared_ptr<AuthSession> CatalogSession( |
| 90 | + HttpClient* shared_client, |
| 91 | + const std::unordered_map<std::string, std::string>& properties) = 0; |
| 92 | + |
| 93 | + /// \brief Return a session for a specific table or view. |
| 94 | + /// |
| 95 | + /// If the table or view requires a specific AuthSession (e.g., vended credentials), |
| 96 | + /// this method should return a new AuthSession instance. Otherwise, it should |
| 97 | + /// return the parent session. |
| 98 | + /// |
| 99 | + /// This method cannot return null. By default, it returns the parent session. |
| 100 | + /// |
| 101 | + /// Implementors should cache table sessions internally, as the catalog will not |
| 102 | + /// cache them. Also, the owning catalog never closes table sessions; implementations |
| 103 | + /// should manage their lifecycle and close them when they are no longer needed. |
| 104 | + /// |
| 105 | + /// \param table The table identifier. |
| 106 | + /// \param properties Properties returned by the table/view endpoint. |
| 107 | + /// \param parent The parent session (typically the catalog session). |
| 108 | + /// \return A session for the table, or the parent session by default. |
| 109 | + virtual std::shared_ptr<AuthSession> TableSession( |
| 110 | + const TableIdentifier& table, |
| 111 | + const std::unordered_map<std::string, std::string>& properties, |
| 112 | + std::shared_ptr<AuthSession> parent); |
| 113 | + |
| 114 | + /// \brief Close the manager and release any resources. |
| 115 | + /// |
| 116 | + /// This method is called when the owning catalog is closed. Implementations |
| 117 | + /// should release any resources held by the manager, such as cached sessions |
| 118 | + /// or background threads. |
| 119 | + virtual void Close() {} |
| 120 | +}; |
| 121 | + |
| 122 | +} // namespace iceberg::rest::auth |
0 commit comments