[openhouse] Create GET /accesss endpoint for fetching DataAccessCredentials for a given table #243
Conversation
…ntials for a given table DataAccessCredentials are credentials that grant you access to a given table. This commit introduces the /access endpoint for minting DataAccessCredentials that can be subsequently leveraged by clients to get a credential that grants access to the underlying storage of their tables
| description = "Map with the access credentials", | ||
| example = "{'token':'header.payload.signature', 'path':'/my/table'}") | ||
| @JsonProperty(access = JsonProperty.Access.READ_ONLY) | ||
| private Map<String, String> credential; |
There was a problem hiding this comment.
What are the possible key value pairs here? The example shows token and path. Do we expect any additional details?
| @Parameter(description = "Database ID", required = true) @PathVariable String databaseId, | ||
| @Parameter(description = "Table ID", required = true) @PathVariable String tableId, | ||
| @Parameter(description = "Other Params", required = false) @PathVariable | ||
| Map<String, String> params) { |
There was a problem hiding this comment.
Is the params here used for passing STS ID token?
|
|
||
| Storage storage = storageManager.getStorage(tableStorageType); | ||
|
|
||
| return storage.getDataAccessCredentialForTableLocation(tableDto.getTableLocation(), params); |
There was a problem hiding this comment.
Is the storage layer going to interact with STS service to return the STS Access token?
| if (!dataAccessCredential.isPresent()) { | ||
| throw new UnsupportedClientOperationException( | ||
| UnsupportedClientOperationException.Operation.DATA_ACCESS_CREDENTIAL_UNSUPPORTED, | ||
| "Unable to get a DataAccessCredential for the given table."); |
There was a problem hiding this comment.
Add the table id and database id in the response message?
| @ApiResponses( | ||
| value = { | ||
| @ApiResponse(responseCode = "200", description = "Access GET: OK"), | ||
| @ApiResponse(responseCode = "400", description = "Access GET: ACCESS_UNSUPPORTED"), |
There was a problem hiding this comment.
HTTP status 400 should be associated with bad request such invalid input is provided. Can we consider some other HTTP code for unsupported?
| value = { | ||
| @ApiResponse(responseCode = "200", description = "Access GET: OK"), | ||
| @ApiResponse(responseCode = "400", description = "Access GET: ACCESS_UNSUPPORTED"), | ||
| }) |
There was a problem hiding this comment.
Please as table not found as well.
@ApiResponse(responseCode = "404", description = "access GET: TABLE_NOT_FOUND")
Summary
[Issue] https://github.com/linkedin/openhouse/issues/242] Briefly discuss the summary of the changes made in this
pull request in 2-3 lines.
DataAccessCredentials are credentials that grant you access to a given table.
This commit introduces the /access endpoint for minting DataAccessCredentials that can be subsequently leveraged by clients to get a credential that grants access to the underlying storage of their tables
Changes
For all the boxes checked, please include additional details of the changes made in this pull request.
Testing Done
TODO
For all the boxes checked, include a detailed description of the testing done for the changes made in this pull request.
Additional Information
For all the boxes checked, include additional details of the changes made in this pull request.