[core] RESTCatalog: support dlf token loader (apache#5285)

Author: shyjsarah

paimon-core/src/main/java/org/apache/paimon/rest/RESTCatalogOptions.java

@@ -79,4 +79,10 @@ public class RESTCatalogOptions {
                     .stringType()
                     .noDefaultValue()
                     .withDescription("REST Catalog auth DLF security token");
+
+    public static final ConfigOption<String> DLF_TOKEN_LOADER =
+            ConfigOptions.key("dlf.token-loader")
+                    .stringType()
+                    .noDefaultValue()
+                    .withDescription("REST Catalog auth DLF token loader.");
 }

paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthProvider.java

@@ -18,14 +18,8 @@
 
 package org.apache.paimon.rest.auth;
 
-import org.apache.paimon.utils.FileIOUtils;
-
 import okhttp3.MediaType;
 
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.UncheckedIOException;
 import java.time.LocalDateTime;
 import java.time.ZoneOffset;
 import java.time.ZonedDateTime;
@@ -34,8 +28,6 @@
 import java.util.Map;
 import java.util.Optional;
 
-import static org.apache.paimon.rest.RESTObjectMapper.OBJECT_MAPPER;
-
 /** Auth provider for <b>Ali CLoud</b> DLF. */
 public class DLFAuthProvider implements AuthProvider {
 
@@ -55,9 +47,8 @@ public class DLFAuthProvider implements AuthProvider {
     public static final DateTimeFormatter AUTH_DATE_FORMATTER =
             DateTimeFormatter.ofPattern("yyyyMMdd");
     protected static final MediaType MEDIA_TYPE = MediaType.parse("application/json");
-    private static final long[] READ_TOKEN_FILE_BACKOFF_WAIT_TIME_MILLIS = {1_000, 3_000, 5_000};
 
-    private final String tokenFilePath;
+    private final DLFTokenLoader tokenLoader;
 
     protected DLFToken token;
     private final boolean keepRefreshed;
@@ -66,11 +57,11 @@ public class DLFAuthProvider implements AuthProvider {
     private final String region;
 
     public static DLFAuthProvider buildRefreshToken(
-            String tokenFilePath, Long tokenRefreshInMills, String region) {
-        DLFToken token = readToken(tokenFilePath, 0);
+            DLFTokenLoader tokenLoader, Long tokenRefreshInMills, String region) {
+        DLFToken token = tokenLoader.loadToken();
         Long expiresAtMillis = getExpirationInMills(token.getExpiration());
         return new DLFAuthProvider(
-                tokenFilePath, token, true, expiresAtMillis, tokenRefreshInMills, region);
+                tokenLoader, token, true, expiresAtMillis, tokenRefreshInMills, region);
     }
 
     public static DLFAuthProvider buildAKToken(
@@ -80,13 +71,13 @@ public static DLFAuthProvider buildAKToken(
     }
 
     public DLFAuthProvider(
-            String tokenFilePath,
+            DLFTokenLoader tokenLoader,
             DLFToken token,
             boolean keepRefreshed,
             Long expiresAtMillis,
             Long tokenRefreshInMills,
             String region) {
-        this.tokenFilePath = tokenFilePath;
+        this.tokenLoader = tokenLoader;
         this.token = token;
         this.keepRefreshed = keepRefreshed;
         this.expiresAtMillis = expiresAtMillis;
@@ -135,7 +126,7 @@ public static Map<String, String> generateSignHeaders(
     @Override
     public boolean refresh() {
         long start = System.currentTimeMillis();
-        DLFToken newToken = readToken(tokenFilePath, 0);
+        DLFToken newToken = tokenLoader.loadToken();
         if (newToken == null) {
             return false;
         }
@@ -169,25 +160,6 @@ public Optional<Long> tokenRefreshInMills() {
         return Optional.ofNullable(this.tokenRefreshInMills);
     }
 
-    protected static DLFToken readToken(String tokenFilePath, int retryTimes) {
-        try {
-            File tokenFile = new File(tokenFilePath);
-            if (tokenFile.exists()) {
-                String tokenStr = FileIOUtils.readFileUtf8(tokenFile);
-                return OBJECT_MAPPER.readValue(tokenStr, DLFToken.class);
-            } else if (retryTimes < READ_TOKEN_FILE_BACKOFF_WAIT_TIME_MILLIS.length - 1) {
-                Thread.sleep(READ_TOKEN_FILE_BACKOFF_WAIT_TIME_MILLIS[retryTimes]);
-                return readToken(tokenFilePath, retryTimes + 1);
-            } else {
-                throw new FileNotFoundException(tokenFilePath);
-            }
-        } catch (IOException e) {
-            throw new UncheckedIOException(e);
-        } catch (InterruptedException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
     private static Long getExpirationInMills(String dateStr) {
         try {
             if (dateStr == null) {

paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthProviderFactory.java

@@ -24,7 +24,6 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import static org.apache.paimon.rest.RESTCatalogOptions.DLF_TOKEN_PATH;
 import static org.apache.paimon.rest.RESTCatalogOptions.TOKEN_REFRESH_TIME;
 import static org.apache.paimon.rest.RESTCatalogOptions.URI;
 
@@ -41,10 +40,17 @@ public AuthProvider create(Options options) {
         String region =
                 options.getOptional(RESTCatalogOptions.DLF_REGION)
                         .orElseGet(() -> parseRegionFromUri(options.get(URI)));
-        if (options.getOptional(RESTCatalogOptions.DLF_TOKEN_PATH).isPresent()) {
-            String tokenFilePath = options.get(DLF_TOKEN_PATH);
+        if (options.getOptional(RESTCatalogOptions.DLF_TOKEN_LOADER).isPresent()) {
+            DLFTokenLoader dlfTokenLoader =
+                    DLFTokenLoaderFactory.createDLFTokenLoader(
+                            options.get(RESTCatalogOptions.DLF_TOKEN_LOADER), options);
             long tokenRefreshInMills = options.get(TOKEN_REFRESH_TIME).toMillis();
-            return DLFAuthProvider.buildRefreshToken(tokenFilePath, tokenRefreshInMills, region);
+            return DLFAuthProvider.buildRefreshToken(dlfTokenLoader, tokenRefreshInMills, region);
+        } else if (options.getOptional(RESTCatalogOptions.DLF_TOKEN_PATH).isPresent()) {
+            DLFTokenLoader dlfTokenLoader =
+                    DLFTokenLoaderFactory.createDLFTokenLoader("local_file", options);
+            long tokenRefreshInMills = options.get(TOKEN_REFRESH_TIME).toMillis();
+            return DLFAuthProvider.buildRefreshToken(dlfTokenLoader, tokenRefreshInMills, region);
         } else if (options.getOptional(RESTCatalogOptions.DLF_ACCESS_KEY_ID).isPresent()
                 && options.getOptional(RESTCatalogOptions.DLF_ACCESS_KEY_SECRET).isPresent()) {
             return DLFAuthProvider.buildAKToken(

paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFLocalFileTokenLoader.java

@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.paimon.rest.auth;
+
+import org.apache.paimon.utils.FileIOUtils;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+
+import static org.apache.paimon.rest.RESTObjectMapper.OBJECT_MAPPER;
+
+/** DLF Token Loader for local file. */
+public class DLFLocalFileTokenLoader implements DLFTokenLoader {
+
+    private static final long[] READ_TOKEN_FILE_BACKOFF_WAIT_TIME_MILLIS = {1_000, 3_000, 5_000};
+
+    private final String tokenFilePath;
+
+    public DLFLocalFileTokenLoader(String tokenFilePath) {
+        this.tokenFilePath = tokenFilePath;
+    }
+
+    @Override
+    public DLFToken loadToken() {
+        return readToken(tokenFilePath, 0);
+    }
+
+    protected static DLFToken readToken(String tokenFilePath, int retryTimes) {
+        try {
+            File tokenFile = new File(tokenFilePath);
+            if (tokenFile.exists()) {
+                String tokenStr = FileIOUtils.readFileUtf8(tokenFile);
+                return OBJECT_MAPPER.readValue(tokenStr, DLFToken.class);
+            } else if (retryTimes < READ_TOKEN_FILE_BACKOFF_WAIT_TIME_MILLIS.length - 1) {
+                Thread.sleep(READ_TOKEN_FILE_BACKOFF_WAIT_TIME_MILLIS[retryTimes]);
+                return readToken(tokenFilePath, retryTimes + 1);
+            } else {
+                throw new FileNotFoundException(tokenFilePath);
+            }
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        } catch (InterruptedException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}

paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFLocalFileTokenLoaderFactory.java

@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.paimon.rest.auth;
+
+import org.apache.paimon.options.Options;
+
+import static org.apache.paimon.rest.RESTCatalogOptions.DLF_TOKEN_PATH;
+
+/** Factory for {@link DLFLocalFileTokenLoader}. */
+public class DLFLocalFileTokenLoaderFactory implements DLFTokenLoaderFactory {
+
+    @Override
+    public String identifier() {
+        return "local_file";
+    }
+
+    @Override
+    public DLFTokenLoader create(Options options) {
+        String tokenFilePath = options.get(DLF_TOKEN_PATH);
+        return new DLFLocalFileTokenLoader(tokenFilePath);
+    }
+}

paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFTokenLoader.java

@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.paimon.rest.auth;
+
+/** DLF Token Loader. */
+public interface DLFTokenLoader {
+
+    DLFToken loadToken();
+}

paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFTokenLoaderFactory.java

@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.paimon.rest.auth;
+
+import org.apache.paimon.factories.Factory;
+import org.apache.paimon.factories.FactoryUtil;
+import org.apache.paimon.options.Options;
+
+/** Factory for {@link DLFTokenLoader}. */
+public interface DLFTokenLoaderFactory extends Factory {
+
+    DLFTokenLoader create(Options options);
+
+    static DLFTokenLoader createDLFTokenLoader(String name, Options options) {
+        DLFTokenLoaderFactory factory =
+                FactoryUtil.discoverFactory(
+                        DLFTokenLoaderFactory.class.getClassLoader(),
+                        DLFTokenLoaderFactory.class,
+                        name);
+        return factory.create(options);
+    }
+}

paimon-core/src/main/resources/META-INF/services/org.apache.paimon.factories.Factory

@@ -40,3 +40,4 @@ org.apache.paimon.rest.RESTCatalogFactory
 org.apache.paimon.iceberg.migrate.IcebergMigrateHadoopMetadataFactory
 org.apache.paimon.rest.auth.BearTokenAuthProviderFactory
 org.apache.paimon.rest.auth.DLFAuthProviderFactory
+org.apache.paimon.rest.auth.DLFLocalFileTokenLoaderFactory

paimon-core/src/test/java/org/apache/paimon/rest/MockRESTCatalogTest.java

@@ -29,6 +29,8 @@
 import org.apache.paimon.rest.auth.AuthProviderEnum;
 import org.apache.paimon.rest.auth.BearTokenAuthProvider;
 import org.apache.paimon.rest.auth.DLFAuthProvider;
+import org.apache.paimon.rest.auth.DLFTokenLoader;
+import org.apache.paimon.rest.auth.DLFTokenLoaderFactory;
 import org.apache.paimon.rest.auth.RESTAuthParameter;
 import org.apache.paimon.rest.exceptions.NotAuthorizedException;
 import org.apache.paimon.rest.responses.ConfigResponse;
@@ -130,8 +132,14 @@ void testDlfStSTokenPathAuth() throws Exception {
         String region = "cn-hangzhou";
         String tokenPath = dataPath + UUID.randomUUID();
         generateTokenAndWriteToFile(tokenPath);
+        DLFTokenLoader tokenLoader =
+                DLFTokenLoaderFactory.createDLFTokenLoader(
+                        "local_file",
+                        new Options(
+                                ImmutableMap.of(
+                                        RESTCatalogOptions.DLF_TOKEN_PATH.key(), tokenPath)));
         DLFAuthProvider authProvider =
-                DLFAuthProvider.buildRefreshToken(tokenPath, 1000_000L, region);
+                DLFAuthProvider.buildRefreshToken(tokenLoader, 1000_000L, region);
         restCatalogServer =
                 new RESTCatalogServer(dataPath, authProvider, this.config, restWarehouse);
         restCatalogServer.start();