Package org.apache.iceberg.gcp.auth

Class GoogleAuthManager

java.lang.Object

org.apache.iceberg.gcp.auth.GoogleAuthManager

All Implemented Interfaces:

AutoCloseable, AuthManager

public class GoogleAuthManager
extends Object
implements AuthManager

An authentication manager that uses Google Credentials (typically Application Default Credentials) to create GoogleAuthSession instances.

This manager can be configured with properties such as:

• gcp.auth.credentials-path: Path to a service account JSON key file. If not set, Application Default Credentials will be used.
• gcp.auth.scopes: Comma-separated list of OAuth scopes to request. Defaults to "https://www.googleapis.com/auth/cloud-platform".

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_SCOPES
static final String	GCP_CREDENTIALS_PATH_PROPERTY
static final String	GCP_SCOPES_PROPERTY

Constructor Summary

Constructors

Constructor	Description
GoogleAuthManager(String managerName)

Method Summary

Modifier and Type	Method	Description
AuthSession	catalogSession(RESTClient sharedClient, Map<String,String> properties)	Returns a long-lived session tied to the catalog's lifecycle.
void	close()	Closes the manager.
AuthSession	contextualSession(SessionCatalog.SessionContext context, AuthSession parent)	Returns a session for a specific context.
AuthSession	initSession(RESTClient initClient, Map<String,String> properties)	Initializes and returns a short-lived session, typically for fetching configuration.
String	name()
AuthSession	tableSession(TableIdentifier table, Map<String,String> properties, AuthSession parent)	Returns a session for a specific table or view.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.iceberg.rest.auth.AuthManager

tableSession

Field Details

DEFAULT_SCOPES

public static final String DEFAULT_SCOPES

See Also:

• Constant Field Values

GCP_CREDENTIALS_PATH_PROPERTY

public static final String GCP_CREDENTIALS_PATH_PROPERTY

See Also:

• Constant Field Values

GCP_SCOPES_PROPERTY

public static final String GCP_SCOPES_PROPERTY

See Also:

• Constant Field Values

Constructor Details

GoogleAuthManager

public GoogleAuthManager(String managerName)

Method Details

name

public String name()

initSession

public AuthSession initSession(RESTClient initClient,
 Map<String,String> properties)

Initializes and returns a short-lived session, typically for fetching configuration. This implementation reuses the long-lived catalog session logic.

Specified by:

initSession in interface AuthManager

catalogSession

public AuthSession catalogSession(RESTClient sharedClient,
 Map<String,String> properties)

Returns a long-lived session tied to the catalog's lifecycle. This session uses Google Application Default Credentials or a specified service account.

Specified by:

catalogSession in interface AuthManager

Parameters:

sharedClient - The long-lived RESTClient (not used by this implementation for credential fetching).

properties - Configuration properties for the auth manager.

Returns:

A GoogleAuthSession.

Throws:

UncheckedIOException - if credential loading fails.

contextualSession

public AuthSession contextualSession(SessionCatalog.SessionContext context,
 AuthSession parent)

Returns a session for a specific context. Defaults to the catalog session. For GCP, tokens are typically not context-specific in this manner.

Specified by:

contextualSession in interface AuthManager

tableSession

public AuthSession tableSession(TableIdentifier table,
 Map<String,String> properties,
 AuthSession parent)

Returns a session for a specific table or view. Defaults to the catalog session.

Specified by:

tableSession in interface AuthManager

close

public void close()

Closes the manager. This is a no-op for GoogleAuthManager.

Specified by:

close in interface AuthManager

Specified by:

close in interface AutoCloseable