Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:Risingwavelabs Risingwave GlueCredentialProvider

From Leeroopedia


Property Value
File java/connector-node/risingwave-sink-iceberg/src/main/java/com/risingwave/connector/catalog/GlueCredentialProvider.java
Language Java
Lines 114
Category Credential Provider
Package com.risingwave.connector.catalog

Overview

GlueCredentialProvider is an AWS credential provider for the Iceberg catalog integration in RisingWave. It implements AwsCredentialsProvider and supports multiple credential resolution strategies: static credentials (access key/secret key), the AWS default credential chain, and IAM role assumption via STS. This enables RisingWave's Iceberg sink to authenticate with AWS Glue catalog services using flexible credential configurations.

Code Reference

Source Location

java/connector-node/risingwave-sink-iceberg/src/main/java/com/risingwave/connector/catalog/GlueCredentialProvider.java

Signature

public class GlueCredentialProvider implements AwsCredentialsProvider {
    private GlueCredentialProvider(AwsCredentials credentials);
    public static GlueCredentialProvider create(Map<String, String> config);
    public AwsCredentials resolveCredentials();
}

Imports

import java.util.Map;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
import software.amazon.awssdk.services.sts.model.Credentials;
import software.amazon.awssdk.utils.StringUtils;
import software.amazon.awssdk.utils.Validate;

I/O Contract

Configuration Properties

The create(Map<String, String> config) factory method reads the following properties:

Property Key Required Description
glue.access-key-id Conditional AWS access key ID (required unless default credential chain is used)
glue.secret-access-key Conditional AWS secret access key (required unless default credential chain is used)
glue.use-default-credential-chain No If "true", uses the AWS default credential chain instead of static credentials (default: false)
glue.iam-role-arn No IAM role ARN to assume via STS; if blank, base credentials are used directly
glue.iam-role-session-name No Session name for the assumed role (default: "risingwave-glue")
glue.region No AWS region for the STS client when assuming a role

Credential Resolution Flow

  1. Base credential resolution (resolveBaseCredentials):
    • If both accessKey and secretKey are provided, creates AwsBasicCredentials.
    • If useDefaultChain is true, uses DefaultCredentialsProvider.
    • Otherwise, validation fails with a null check exception.
  2. Role assumption (optional):
    • If glue.iam-role-arn is set, creates an StsClient with the base credentials and calls assumeRole().
    • Returns AwsSessionCredentials containing the temporary access key, secret key, and session token.

Output

  • resolveCredentials() returns the stored AwsCredentials instance (either basic or session credentials).

Usage Examples

// Create with static credentials
Map<String, String> config = new HashMap<>();
config.put("glue.access-key-id", "AKIAIOSFODNN7EXAMPLE");
config.put("glue.secret-access-key", "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY");
GlueCredentialProvider provider = GlueCredentialProvider.create(config);
AwsCredentials creds = provider.resolveCredentials();

// Create with role assumption
Map<String, String> config = new HashMap<>();
config.put("glue.access-key-id", "AKIAIOSFODNN7EXAMPLE");
config.put("glue.secret-access-key", "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY");
config.put("glue.iam-role-arn", "arn:aws:iam::123456789012:role/MyRole");
config.put("glue.region", "us-east-1");
GlueCredentialProvider provider = GlueCredentialProvider.create(config);

// Create with default credential chain
Map<String, String> config = new HashMap<>();
config.put("glue.use-default-credential-chain", "true");
GlueCredentialProvider provider = GlueCredentialProvider.create(config);

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Risingwavelabs_Risingwave_GlueCredentialProvider&oldid=17521"