Azure: Avoid depending on KeyWrapAlgorithm in AzureProperties (#16186)

ebyhr · web-flow · commit e7a5a87f26f9 · 2026-05-08T11:39:59.000-07:00
* Azure: Avoid depending on KeyWrapAlgorithm in AzureProperties

* fixup! Azure: Avoid depending on KeyWrapAlgorithm in AzureProperties
diff --git a/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java b/azure/src/main/java/org/apache/iceberg/azure/AzureProperties.java
@@ -21,7 +21,6 @@
 import com.azure.core.credential.AccessToken;
 import com.azure.core.credential.TokenCredential;
 import com.azure.core.credential.TokenRequestContext;
-import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
 import com.azure.storage.common.StorageSharedKeyCredential;
 import com.azure.storage.file.datalake.DataLakeFileSystemClientBuilder;
 import java.io.Serializable;
@@ -53,6 +52,9 @@ public class AzureProperties implements Serializable {
   public static final String AZURE_KEYVAULT_KEY_WRAP_ALGORITHM =
       "azure.keyvault.key-wrap-algorithm";
 
+  // Must match KeyWrapAlgorithm.RSA_OAEP_256.getValue() from azure-security-keyvault-keys
+  private static final String DEFAULT_KEY_WRAP_ALGORITHM = "RSA-OAEP-256";
+
   /**
    * Configure the ADLS token credential provider used to get {@link TokenCredential}. A fully
    * qualified concrete class with package that implements the {@link AdlsTokenCredentialProvider}
@@ -136,8 +138,7 @@ public AzureProperties(Map<String, String> properties) {
 
     this.keyWrapAlgorithm =
         properties.getOrDefault(
-            AzureProperties.AZURE_KEYVAULT_KEY_WRAP_ALGORITHM,
-            KeyWrapAlgorithm.RSA_OAEP_256.getValue());
+            AzureProperties.AZURE_KEYVAULT_KEY_WRAP_ALGORITHM, DEFAULT_KEY_WRAP_ALGORITHM);
   }
 
   public Optional<Integer> adlsReadBlockSize() {
@@ -204,8 +205,8 @@ public Mono<AccessToken> getToken(TokenRequestContext request) {
     }
   }
 
-  public KeyWrapAlgorithm keyWrapAlgorithm() {
-    return KeyWrapAlgorithm.fromString(this.keyWrapAlgorithm);
+  public String keyWrapAlgorithm() {
+    return this.keyWrapAlgorithm;
   }
 
   public Optional<String> keyVaultUrl() {
diff --git a/azure/src/main/java/org/apache/iceberg/azure/keymanagement/AzureKeyManagementClient.java b/azure/src/main/java/org/apache/iceberg/azure/keymanagement/AzureKeyManagementClient.java
@@ -80,7 +80,8 @@ private ClientState state() {
               keyClientBuilder
                   .credential(AdlsTokenCredentialProviders.from(allProperties).credential())
                   .buildClient();
-          KeyWrapAlgorithm keyWrapAlgorithm = azureProperties.keyWrapAlgorithm();
+          KeyWrapAlgorithm keyWrapAlgorithm =
+              KeyWrapAlgorithm.fromString(azureProperties.keyWrapAlgorithm());
           state = new ClientState(keyClient, keyWrapAlgorithm);
         }
       }

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,8 @@ private ClientState state() {`
`80`	`80`	`keyClientBuilder`
`81`	`81`	`.credential(AdlsTokenCredentialProviders.from(allProperties).credential())`
`82`	`82`	`.buildClient();`
`83`		`- KeyWrapAlgorithm keyWrapAlgorithm = azureProperties.keyWrapAlgorithm();`
	`83`	`+ KeyWrapAlgorithm keyWrapAlgorithm =`
	`84`	`+ KeyWrapAlgorithm.fromString(azureProperties.keyWrapAlgorithm());`
`84`	`85`	`state = new ClientState(keyClient, keyWrapAlgorithm);`
`85`	`86`	`}`
`86`	`87`	`}`