TemporaryPathCredentialsService¶

TemporaryPathCredentialsService is an API service of UnityCatalogServer to handle HTTP requests at /api/2.1/unity-catalog/temporary-path-credentials URL.

TemporaryPathCredentialsService handles POST requests only with the following authorization guarantees:

Demo¶

$ http http://localhost:8080/api/2.1/unity-catalog/temporary-path-credentials \
    url=s3://uc-japila \
    operation=PATH_CREATE_TABLE
HTTP/1.1 200 OK
content-length: 1198
content-type: application/json
date: Sat, 2 Nov 2024 19:51:29 GMT
server: Armeria/1.28.4

{
    "aws_temp_credentials": {
        "access_key_id": "xxx",
        "secret_access_key": "xxx",
        "session_token": "xxx"
    },
    "azure_user_delegation_sas": null,
    "expiration_time": null,
    "gcp_oauth_token": null
}

Creating Instance¶

TemporaryPathCredentialsService takes the following to be created:

• CredentialOperations

TemporaryPathCredentialsService is created when:

• UnityCatalogServer is requested to register the API services

Generate Temporary Path Credentials¶

HttpResponse generateTemporaryPathCredential(
  GenerateTemporaryPathCredential generateTemporaryPathCredential)

generateTemporaryPathCredential requests this CredentialOperations to vendCredential for the url and operation properties (of the given GenerateTemporaryPathCredential).

Privileges by Path Operation¶

Set<CredentialContext.Privilege> pathOperationToPrivileges(
  PathOperation pathOperation)

pathOperationToPrivileges converts the given PathOperation to Privileges: