Rename the config options.

TileDB-Inc · Apr 8, 2024 · 3e6922b · 3e6922b
1 parent a2037b6
commit 3e6922b
Show file tree

Hide file tree

Showing 8 changed files with 54 additions and 56 deletions.
diff --git a/test/src/unit-capi-config.cc b/test/src/unit-capi-config.cc
@@ -690,8 +690,8 @@ TEST_CASE("C API: Test config iter", "[capi][config]") {
   all_param_values["vfs.read_logging_mode"] = "";
   all_param_values["vfs.gcs.endpoint"] = "";
   all_param_values["vfs.gcs.project_id"] = "";
-  all_param_values["vfs.gcs.service_account_credentials"] = "";
-  all_param_values["vfs.gcs.external_account_credentials"] = "";
+  all_param_values["vfs.gcs.service_account_key"] = "";
+  all_param_values["vfs.gcs.workload_identity_configuration"] = "";
   all_param_values["vfs.gcs.impersonate_service_account"] = "";
   all_param_values["vfs.gcs.max_parallel_ops"] =
       std::to_string(std::thread::hardware_concurrency());
@@ -763,8 +763,8 @@ TEST_CASE("C API: Test config iter", "[capi][config]") {
   vfs_param_values["read_logging_mode"] = "";
   vfs_param_values["gcs.endpoint"] = "";
   vfs_param_values["gcs.project_id"] = "";
-  vfs_param_values["gcs.service_account_credentials"] = "";
-  vfs_param_values["gcs.external_account_credentials"] = "";
+  vfs_param_values["gcs.service_account_key"] = "";
+  vfs_param_values["gcs.workload_identity_configuration"] = "";
   vfs_param_values["gcs.impersonate_service_account"] = "";
   vfs_param_values["gcs.max_parallel_ops"] =
       std::to_string(std::thread::hardware_concurrency());
@@ -829,8 +829,8 @@ TEST_CASE("C API: Test config iter", "[capi][config]") {
   std::map<std::string, std::string> gcs_param_values;
   gcs_param_values["endpoint"] = "";
   gcs_param_values["project_id"] = "";
-  gcs_param_values["service_account_credentials"] = "";
-  gcs_param_values["external_account_credentials"] = "";
+  gcs_param_values["service_account_key"] = "";
+  gcs_param_values["workload_identity_configuration"] = "";
   gcs_param_values["impersonate_service_account"] = "";
   gcs_param_values["max_parallel_ops"] =
       std::to_string(std::thread::hardware_concurrency());

diff --git a/test/src/unit-vfs.cc b/test/src/unit-vfs.cc
@@ -800,10 +800,10 @@ TEST_CASE(
   GCS gcs;
   // The content of the credentials does not matter; it does not get parsed
   // until it is used in an API request, which we are not doing.
-  std::string service_account_credentials = "{\"foo\": \"bar\"}";
+  std::string service_account_key = "{\"foo\": \"bar\"}";
 
-  require_tiledb_ok(cfg.set(
-      "vfs.gcs.service_account_credentials", service_account_credentials));
+  require_tiledb_ok(
+      cfg.set("vfs.gcs.service_account_key", service_account_key));
 
   require_tiledb_ok(gcs.init(cfg, &thread_pool));
 
@@ -815,7 +815,7 @@ TEST_CASE(
           credentials.get());
 
   REQUIRE(service_account != nullptr);
-  REQUIRE(service_account->json_object() == service_account_credentials);
+  REQUIRE(service_account->json_object() == service_account_key);
 }
 
 TEST_CASE(
@@ -826,11 +826,11 @@ TEST_CASE(
   GCS gcs;
   // The content of the credentials does not matter; it does not get parsed
   // until it is used in an API request, which we are not doing.
-  std::string service_account_credentials = "{\"foo\": \"bar\"}";
+  std::string service_account_key = "{\"foo\": \"bar\"}";
   std::string impersonate_service_account = "account1,account2,account3";
 
-  require_tiledb_ok(cfg.set(
-      "vfs.gcs.service_account_credentials", service_account_credentials));
+  require_tiledb_ok(
+      cfg.set("vfs.gcs.service_account_key", service_account_key));
   require_tiledb_ok(cfg.set(
       "vfs.gcs.impersonate_service_account", impersonate_service_account));
 
@@ -853,7 +853,7 @@ TEST_CASE(
           impersonate_credentials->base_credentials().get());
 
   REQUIRE(inner_service_account != nullptr);
-  REQUIRE(inner_service_account->json_object() == service_account_credentials);
+  REQUIRE(inner_service_account->json_object() == service_account_key);
 }
 
 TEST_CASE(
@@ -864,10 +864,11 @@ TEST_CASE(
   GCS gcs;
   // The content of the credentials does not matter; it does not get parsed
   // until it is used in an API request, which we are not doing.
-  std::string external_account_credentials = "{\"foo\": \"bar\"}";
+  std::string workload_identity_configuration = "{\"foo\": \"bar\"}";
 
   require_tiledb_ok(cfg.set(
-      "vfs.gcs.external_account_credentials", external_account_credentials));
+      "vfs.gcs.workload_identity_configuration",
+      workload_identity_configuration));
 
   require_tiledb_ok(gcs.init(cfg, &thread_pool));
 
@@ -879,6 +880,6 @@ TEST_CASE(
           credentials.get());
 
   REQUIRE(external_account != nullptr);
-  REQUIRE(external_account->json_object() == external_account_credentials);
+  REQUIRE(external_account->json_object() == workload_identity_configuration);
 }
 #endif
diff --git a/tiledb/api/c_api/config/config_api_external.h b/tiledb/api/c_api/config/config_api_external.h
@@ -391,16 +391,16 @@ TILEDB_EXPORT void tiledb_config_free(tiledb_config_t** config) TILEDB_NOEXCEPT;
  * - `vfs.gcs.project_id` <br>
  *    Set the GCS project id. <br>
  *    **Default**: ""
- * - `vfs.gcs.service_account_credentials` <br>
- *    Set the JSON string with GCS service account credentials. Takes precedence
- *    over `vfs.gcs.external_account_credentials` if both are specified. If
+ * - `vfs.gcs.service_account_key` <br>
+ *    Set the JSON string with GCS service account key. Takes precedence
+ *    over `vfs.gcs.workload_identity_configuration` if both are specified. If
  *    neither is specified, Application Default Credentials will be used. <br>
  *    **Default**: ""
- * - `vfs.gcs.external_account_credentials` <br>
- *    Set the JSON string with GCS external account credentials, used for
- *    Workload Identity Federation. `vfs.gcs.service_account_credentials` takes
- *    precedence over this if both are specified. If neither is specified,
- *    Application Default Credentials will be used. <br>
+ * - `vfs.gcs.workload_identity_configuration` <br>
+ *    Set the JSON string with Workload Identity Federation credentials.
+ *    `vfs.gcs.service_account_key` takes precedence over this if both are
+ *    specified. If neither is specified, Application Default Credentials will
+ *    be used. <br>
  *    **Default**: ""
  * - `vfs.gcs.impersonate_service_account` <br>
  *    Set the GCS service account to impersonate. A chain of impersonated

diff --git a/tiledb/sm/config/config.cc b/tiledb/sm/config/config.cc
@@ -185,8 +185,8 @@ const std::string Config::VFS_AZURE_RETRY_DELAY_MS = "800";
 const std::string Config::VFS_AZURE_MAX_RETRY_DELAY_MS = "60000";
 const std::string Config::VFS_GCS_ENDPOINT = "";
 const std::string Config::VFS_GCS_PROJECT_ID = "";
-const std::string Config::VFS_GCS_SERVICE_ACCOUNT_CREDENTIALS = "";
-const std::string Config::VFS_GCS_EXTERNAL_ACCOUNT_CREDENTIALS = "";
+const std::string Config::VFS_GCS_SERVICE_ACCOUNT_KEY = "";
+const std::string Config::VFS_GCS_WORKLOAD_IDENTITY_CONFIGURATION = "";
 const std::string Config::VFS_GCS_IMPERSONATE_SERVICE_ACCOUNT = "";
 const std::string Config::VFS_GCS_MAX_PARALLEL_OPS =
     Config::SM_IO_CONCURRENCY_LEVEL;
@@ -424,11 +424,10 @@ const std::map<std::string, std::string> default_config_values = {
     std::make_pair("vfs.gcs.endpoint", Config::VFS_GCS_ENDPOINT),
     std::make_pair("vfs.gcs.project_id", Config::VFS_GCS_PROJECT_ID),
     std::make_pair(
-        "vfs.gcs.service_account_credentials",
-        Config::VFS_GCS_SERVICE_ACCOUNT_CREDENTIALS),
+        "vfs.gcs.service_account_key", Config::VFS_GCS_SERVICE_ACCOUNT_KEY),
     std::make_pair(
-        "vfs.gcs.external_account_credentials",
-        Config::VFS_GCS_EXTERNAL_ACCOUNT_CREDENTIALS),
+        "vfs.gcs.workload_identity_configuration",
+        Config::VFS_GCS_WORKLOAD_IDENTITY_CONFIGURATION),
     std::make_pair(
         "vfs.gcs.impersonate_service_account",
         Config::VFS_GCS_IMPERSONATE_SERVICE_ACCOUNT),
@@ -521,8 +520,8 @@ const std::set<std::string> Config::unserialized_params_ = {
     "vfs.s3.aws_external_id",
     "vfs.s3.aws_load_frequency",
     "vfs.s3.aws_session_name",
-    "vfs.gcs.service_account_credentials",
-    "vfs.gcs.external_account_credentials",
+    "vfs.gcs.service_account_key",
+    "vfs.gcs.workload_identity_configuration",
     "vfs.gcs.impersonate_service_account",
     "rest.username",
     "rest.password",

diff --git a/tiledb/sm/config/config.h b/tiledb/sm/config/config.h
@@ -460,11 +460,11 @@ class Config {
   /** GCS service account(s) to impersonate. */
   static const std::string VFS_GCS_IMPERSONATE_SERVICE_ACCOUNT;
 
-  /** GCS service account credentials JSON string. */
-  static const std::string VFS_GCS_SERVICE_ACCOUNT_CREDENTIALS;
+  /** GCS service account key JSON string. */
+  static const std::string VFS_GCS_SERVICE_ACCOUNT_KEY;
 
   /** GCS external account credentials JSON string. */
-  static const std::string VFS_GCS_EXTERNAL_ACCOUNT_CREDENTIALS;
+  static const std::string VFS_GCS_WORKLOAD_IDENTITY_CONFIGURATION;
 
   /** GCS max parallel ops. */
   static const std::string VFS_GCS_MAX_PARALLEL_OPS;

diff --git a/tiledb/sm/cpp_api/config.h b/tiledb/sm/cpp_api/config.h
@@ -569,18 +569,17 @@ class Config {
    * - `vfs.gcs.project_id` <br>
    *    Set the GCS project id. <br>
    *    **Default**: ""
-   * - `vfs.gcs.service_account_credentials` <br>
-   *    Set the JSON string with GCS service account credentials. Takes
-   *    precedence over `vfs.gcs.external_account_credentials` if both are
+   * - `vfs.gcs.service_account_key` <br>
+   *    Set the JSON string with GCS service account key. Takes precedence
+   *    over `vfs.gcs.workload_identity_configuration` if both are specified. If
+   *    neither is specified, Application Default Credentials will be used. <br>
+   *    **Default**: ""
+   * - `vfs.gcs.workload_identity_configuration` <br>
+   *    Set the JSON string with Workload Identity Federation credentials.
+   *    `vfs.gcs.service_account_key` takes precedence over this if both are
    *    specified. If neither is specified, Application Default Credentials will
    *    be used. <br>
    *    **Default**: ""
-   * - `vfs.gcs.external_account_credentials` <br>
-   *    Set the JSON string with GCS external account credentials, used for
-   *    Workload Identity Federation. `vfs.gcs.service_account_credentials`
-   *    takes precedence over this if both are specified. If neither is
-   *    specified, Application Default Credentials will be used. <br>
-   *    **Default**: ""
    * - `vfs.gcs.impersonate_service_account` <br>
    *    Set the GCS service account to impersonate. A chain of impersonated
    *    accounts can be formed by specifying many service accounts, separated by

diff --git a/tiledb/sm/filesystem/gcs.cc b/tiledb/sm/filesystem/gcs.cc
@@ -102,11 +102,10 @@ Status GCS::init(const Config& config, ThreadPool* const thread_pool) {
   }
   project_id_ = config.get("vfs.gcs.project_id", &found);
   assert(found);
-  service_account_credentials_ =
-      config.get("vfs.gcs.service_account_credentials", &found);
+  service_account_key_ = config.get("vfs.gcs.service_account_key", &found);
   assert(found);
-  external_account_credentials_ =
-      config.get("vfs.gcs.external_account_credentials", &found);
+  workload_identity_configuration_ =
+      config.get("vfs.gcs.workload_identity_configuration", &found);
   assert(found);
   impersonate_service_account_ =
       config.get("vfs.gcs.impersonate_service_account", &found);
@@ -193,17 +192,17 @@ static shared_ptr<google::cloud::Credentials> apply_impersonation(
 std::shared_ptr<google::cloud::Credentials> GCS::make_credentials(
     const google::cloud::Options& options) const {
   shared_ptr<google::cloud::Credentials> creds = nullptr;
-  if (!service_account_credentials_.empty()) {
-    if (!external_account_credentials_.empty()) {
+  if (!service_account_key_.empty()) {
+    if (!workload_identity_configuration_.empty()) {
       LOG_WARN(
           "Both GCS service account credentials and external account "
           "credentials were specified; picking the former");
     }
     creds = google::cloud::MakeServiceAccountCredentials(
-        service_account_credentials_, options);
-  } else if (!external_account_credentials_.empty()) {
+        service_account_key_, options);
+  } else if (!workload_identity_configuration_.empty()) {
     creds = google::cloud::MakeExternalAccountCredentials(
-        external_account_credentials_, options);
+        workload_identity_configuration_, options);
   } else if (!endpoint_.empty() || getenv("CLOUD_STORAGE_EMULATOR_ENDPOINT")) {
     creds = google::cloud::MakeInsecureCredentials();
   } else {

diff --git a/tiledb/sm/filesystem/gcs.h b/tiledb/sm/filesystem/gcs.h
@@ -444,10 +444,10 @@ class GCS {
   std::string project_id_;
 
   // The GCS service account credentials JSON string.
-  std::string service_account_credentials_;
+  std::string service_account_key_;
 
   // The GCS external account credentials JSON string.
-  std::string external_account_credentials_;
+  std::string workload_identity_configuration_;
 
   // A comma-separated list with the GCS service accounts to impersonate.
   std::string impersonate_service_account_;