Re: [PR] [Enhancement](iceberg) Support AWS default credentials chain for S3 Tables and REST catalogs [doris]

Mon, 19 Jan 2026 20:33:57 -0800 


CalvinKirs commented on code in PR #59893:
URL: https://github.com/apache/doris/pull/59893#discussion_r2706720599


##########
fe/fe-core/src/main/java/org/apache/doris/datasource/property/metastore/IcebergRestProperties.java:
##########
@@ -164,6 +166,27 @@ public class IcebergRestProperties extends 
AbstractIcebergProperties {
             description = "Socket timeout in milliseconds for the REST catalog 
HTTP client. Default: 60000 (60s).")
     private String icebergRestSocketTimeoutMs = "60000";
 
+    @ConnectorProperty(names = {"iceberg.rest.credentials-provider-type"},
+            required = false,
+            description = "The AWS credentials provider type for REST catalog 
authentication. "
+                    + "Options: DEFAULT, ENV, SYSTEM_PROPERTIES, WEB_IDENTITY, 
CONTAINER, INSTANCE_PROFILE. "
+                    + "When explicit credentials 
(access-key-id/secret-access-key) are provided, they take precedence. "
+                    + "When no explicit credentials are provided, this 
determines how credentials are resolved.")
+    private String icebergRestCredentialsProviderType = "";
+
+    @ConnectorProperty(names = {"iceberg.rest.assume-role.arn", "s3.role_arn"},
+            required = false,
+            description = "The IAM role ARN to assume for cross-account 
access. "
+                    + "When set, uses STS AssumeRole to get temporary 
credentials.")
+    private String icebergRestAssumeRoleArn = "";
+
+    @ConnectorProperty(names = {"iceberg.rest.assume-role.external-id", 
"s3.external_id"},
+            required = false,
+            description = "The external ID for STS AssumeRole, used for 
cross-account access security.")
+    private String icebergRestAssumeRoleExternalId = "";
+
+    private AwsCredentialsProviderMode awsCredentialsProviderMode;
+

Review Comment:
   We can use a storage properties object (i.e., S3Properties) to receive these 
attributes, which allows us to unify property handling. For your reference, 
this is similar to how 
`org.apache.doris.datasource.property.metastore.IcebergRestProperties#toS3FileIOProperties`
 works. The same approach applies to S3Tables as well.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to