Package org.apache.gravitino.credential

Interface CredentialProvider

All Superinterfaces:
AutoCloseable, Closeable
All Known Implementing Classes:
CredentialProviderDelegator
public interface CredentialProvider extends Closeable
An interface for providing credentials to access external systems.

Implementations of this interface are discovered using Java's ServiceLoader. To prevent class loading issues and unnecessary dependency bloat, all implementations must be lightweight. Any logic that requires heavy external dependencies (e.g., cloud SDKs) should be isolated in a separate CredentialGenerator class and loaded reflectively at runtime. The CredentialProviderDelegator provides a convenient base class for this pattern.

  • Method Details

    • initialize

      void initialize(Map<String,String> properties)
      Initializes the credential provider with catalog properties.
      Parameters:
      properties - catalog properties that can be used to configure the provider. The specific properties required vary by implementation.

    • credentialType

      String credentialType()
      Returns the type of credential, it should be identical in Gravitino.
      Returns:
      A string identifying the type of credentials.

    • supportsScheme

      default boolean supportsScheme(String scheme)
      Checks whether this provider supports generating credentials for the given URI scheme.

      By default, it returns true. Path-based credential flows should only use providers that explicitly declare supported schemes.

      Parameters:
      scheme - The URI scheme (e.g. s3, s3a, gs, abfs).
      Returns:
      True if the provider supports the scheme.

    • getCredential

      @Nullable Credential getCredential(CredentialContext context)
      Gets a credential based on the provided context information.
      Parameters:
      context - A context object providing necessary information for retrieving credentials.
      Returns:
      A Credential object containing the authentication information needed to access a system or resource. null will be returned if no credential is available.

    • getCredentialOptional

      default Optional<Credential> getCredentialOptional(CredentialContext context)
      Gets a credential based on the provided context information.
      Parameters:
      context - A context object providing necessary information for retrieving credentials.
      Returns:
      An Optional containing the Credential with the authentication information needed to access a system or resource, or Optional.empty() if no credential is available.