Auth Manager API part 4: RESTClient, HTTPClient

aws/src/main/java/org/apache/iceberg/aws/s3/VendedCredentialsProvider.java

@@ -27,6 +27,7 @@
 import org.apache.iceberg.rest.ErrorHandlers;
 import org.apache.iceberg.rest.HTTPClient;
 import org.apache.iceberg.rest.RESTClient;
+import org.apache.iceberg.rest.auth.AuthSession;
 import org.apache.iceberg.rest.auth.OAuth2Properties;
 import org.apache.iceberg.rest.auth.OAuth2Util;
 import org.apache.iceberg.rest.credentials.Credential;
@@ -84,6 +85,7 @@ private RESTClient httpClient() {
 
   private LoadCredentialsResponse fetchCredentials() {
     return httpClient()
+        .withAuthSession(AuthSession.EMPTY)
         .get(
             properties.get(URI),
             null,

aws/src/main/java/org/apache/iceberg/aws/s3/signer/S3V4RestSignerClient.java

@@ -206,21 +206,24 @@ private AuthSession authSession() {
       return authSessionCache()
           .get(
               token,
-              id ->
-                  AuthSession.fromAccessToken(
-                      httpClient(),
-                      tokenRefreshExecutor(),
-                      token,
-                      expiresAtMillis(properties()),
-                      new AuthSession(
-                          ImmutableMap.of(),
-                          AuthConfig.builder()
-                              .token(token)
-                              .credential(credential())
-                              .scope(SCOPE)
-                              .oauth2ServerUri(oauth2ServerUri())
-                              .optionalOAuthParams(optionalOAuthParams())
-                              .build())));
+              id -> {
+                RESTClient client =
+                    httpClient().withAuthSession(org.apache.iceberg.rest.auth.AuthSession.EMPTY);
+                return AuthSession.fromAccessToken(
+                    client,
+                    tokenRefreshExecutor(),
+                    token,
+                    expiresAtMillis(properties()),
+                    new AuthSession(
+                        ImmutableMap.of(),
+                        AuthConfig.builder()
+                            .token(token)
+                            .credential(credential())
+                            .scope(SCOPE)
+                            .oauth2ServerUri(oauth2ServerUri())
+                            .optionalOAuthParams(optionalOAuthParams())
+                            .build()));
+              });
     }
 
     if (credentialProvided()) {
@@ -238,16 +241,18 @@ private AuthSession authSession() {
                             .optionalOAuthParams(optionalOAuthParams())
                             .build());
                 long startTimeMillis = System.currentTimeMillis();
+                RESTClient client =
+                    httpClient().withAuthSession(org.apache.iceberg.rest.auth.AuthSession.EMPTY);
                 OAuthTokenResponse authResponse =
                     OAuth2Util.fetchToken(
-                        httpClient(),
+                        client,
                         session.headers(),
                         credential(),
                         SCOPE,
                         oauth2ServerUri(),
                         optionalOAuthParams());
                 return AuthSession.fromTokenResponse(
-                    httpClient(), tokenRefreshExecutor(), authResponse, startTimeMillis, session);
+                    client, tokenRefreshExecutor(), authResponse, startTimeMillis, session);
               });
     }
 
@@ -338,6 +343,7 @@ public SdkHttpFullRequest sign(
       Consumer<Map<String, String>> responseHeadersConsumer = responseHeaders::putAll;
       S3SignResponse s3SignResponse =
           httpClient()
+              .withAuthSession(org.apache.iceberg.rest.auth.AuthSession.EMPTY)
               .post(
                   endpoint(),
                   remoteSigningRequest,

aws/src/test/java/org/apache/iceberg/aws/TestRESTSigV4Signer.java

@@ -27,6 +27,7 @@
 import org.apache.iceberg.relocated.com.google.common.collect.ImmutableMap;
 import org.apache.iceberg.relocated.com.google.common.collect.Maps;
 import org.apache.iceberg.rest.HTTPClient;
+import org.apache.iceberg.rest.auth.AuthSession;
 import org.apache.iceberg.rest.auth.OAuth2Util;
 import org.apache.iceberg.rest.responses.ConfigResponse;
 import org.apache.iceberg.rest.responses.OAuthTokenResponse;
@@ -64,7 +65,8 @@ public static void beforeClass() {
         HTTPClient.builder(properties)
             .uri("http://localhost:" + mockServer.getLocalPort())
             .withHeader(HttpHeaders.AUTHORIZATION, "Bearer existing_token")
-            .build();
+            .build()
+            .withAuthSession(AuthSession.EMPTY);
   }
 
   @AfterAll

core/src/main/java/org/apache/iceberg/rest/BaseHTTPClient.java

@@ -0,0 +1,126 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iceberg.rest;
+
+import java.util.Map;
+import java.util.function.Consumer;
+import org.apache.iceberg.rest.HTTPRequest.HTTPMethod;
+import org.apache.iceberg.rest.auth.AuthSession;
+import org.apache.iceberg.rest.responses.ErrorResponse;
+
+/**
+ * A base class for {@link RESTClient} implementations.
+ *
+ * <p>All methods in {@link RESTClient} are implemented in the same way: first, an {@link
+ * HTTPRequest} is {@linkplain #buildRequest(HTTPMethod, String, Map, Map, Object) built from the
+ * method arguments}, then {@linkplain #execute(HTTPRequest, Class, Consumer, Consumer) executed}.
+ *
+ * <p>This allows subclasses to provide a consistent way to execute all requests, regardless of the
+ * method or arguments.
+ */
+public abstract class BaseHTTPClient implements RESTClient {
+
+  @Override
+  public abstract RESTClient withAuthSession(AuthSession session);
+
+  @Override
+  public void head(String path, Map<String, String> headers, Consumer<ErrorResponse> errorHandler) {
+    HTTPRequest request = buildRequest(HTTPMethod.HEAD, path, null, headers, null);
+    execute(request, null, errorHandler, h -> {});
+  }
+
+  @Override
+  public <T extends RESTResponse> T delete(
+      String path,
+      Class<T> responseType,
+      Map<String, String> headers,
+      Consumer<ErrorResponse> errorHandler) {
+    HTTPRequest request = buildRequest(HTTPMethod.DELETE, path, null, headers, null);
+    return execute(request, responseType, errorHandler, h -> {});
+  }
+
+  @Override
+  public <T extends RESTResponse> T delete(
+      String path,
+      Map<String, String> queryParams,
+      Class<T> responseType,
+      Map<String, String> headers,
+      Consumer<ErrorResponse> errorHandler) {
+    HTTPRequest request = buildRequest(HTTPMethod.DELETE, path, queryParams, headers, null);
+    return execute(request, responseType, errorHandler, h -> {});
+  }
+
+  @Override
+  public <T extends RESTResponse> T get(
+      String path,
+      Map<String, String> queryParams,
+      Class<T> responseType,
+      Map<String, String> headers,
+      Consumer<ErrorResponse> errorHandler) {
+    HTTPRequest request = buildRequest(HTTPMethod.GET, path, queryParams, headers, null);
+    return execute(request, responseType, errorHandler, h -> {});
+  }
+
+  @Override
+  public <T extends RESTResponse> T post(
+      String path,
+      RESTRequest body,
+      Class<T> responseType,
+      Map<String, String> headers,
+      Consumer<ErrorResponse> errorHandler) {
+    HTTPRequest request = buildRequest(HTTPMethod.POST, path, null, headers, body);
+    return execute(request, responseType, errorHandler, h -> {});
+  }
+
+  @Override
+  public <T extends RESTResponse> T post(
+      String path,
+      RESTRequest body,
+      Class<T> responseType,
+      Map<String, String> headers,
+      Consumer<ErrorResponse> errorHandler,
+      Consumer<Map<String, String>> responseHeaders) {
+    HTTPRequest request = buildRequest(HTTPMethod.POST, path, null, headers, body);
+    return execute(request, responseType, errorHandler, responseHeaders);
+  }
+
+  @Override
+  public <T extends RESTResponse> T postForm(
+      String path,
+      Map<String, String> formData,
+      Class<T> responseType,
+      Map<String, String> headers,
+      Consumer<ErrorResponse> errorHandler) {
+    HTTPRequest request = buildRequest(HTTPMethod.POST, path, null, headers, formData);
+    return execute(request, responseType, errorHandler, h -> {});
+  }
+
+  protected abstract HTTPRequest buildRequest(
+      HTTPMethod method,
+      String path,
+      Map<String, String> queryParams,
+      Map<String, String> headers,
+      Object body);
+
+  protected abstract <T extends RESTResponse> T execute(
+      HTTPRequest request,
+      Class<T> responseType,
+      Consumer<ErrorResponse> errorHandler,
+      Consumer<Map<String, String>> responseHeaders);
+}