Fokko commented on issue #8190:
URL: https://github.com/apache/iceberg/issues/8190#issuecomment-1702781528
For me the following is working:
```java
String warehousePath = "s3a://fokko-test/wh/";
Map<String,String> properties = new HashMap<String, String>();
properties.put(CatalogProperties.URI, "thrift://127.0.0.1:9083");
properties.put(CatalogProperties.CACHE_ENABLED, "false");
properties.put(CatalogProperties.WAREHOUSE_LOCATION, warehousePath);
properties.put(CatalogProperties.CLIENT_POOL_SIZE, "2");
properties.put("io-impl", "org.apache.iceberg.aws.s3.S3FileIO");
properties.put(S3FileIOProperties.ACCESS_KEY_ID, accessKeyId);
properties.put(S3FileIOProperties.SECRET_ACCESS_KEY, secretAccessKey);
properties.put(S3FileIOProperties.SESSION_TOKEN, sessionToken);
properties.put("client.region", "us-east-2");
HiveCatalog hc = new HiveCatalog();
hc.initialize("iceberg", properties);
Schema schema = new Schema(
Types.NestedField.required(1, "level", Types.StringType.get()),
Types.NestedField.required(2, "event_time",
Types.TimestampType.withZone()),
Types.NestedField.required(3, "message", Types.StringType.get()),
Types.NestedField.optional(4, "call_stack",
Types.ListType.ofRequired(5, Types.StringType.get()))
);
try {
hc.createNamespace(Namespace.of("default"));
System.out.println("Namespace has been created");
} catch (AlreadyExistsException e) {
// do nothing
}
TableIdentifier ti = TableIdentifier.of("default", "t1");
Map<String,String> tableProperties = new HashMap<String, String>();
tableProperties.put(S3FileIOProperties.USE_ARN_REGION_ENABLED, "true");
tableProperties.put("write.metadata.path",
"s3a://fokko-test/wh/default/t1/metadata");
try {
hc.createTable(ti, schema, PartitionSpec.unpartitioned(),
tableProperties);
System.out.println("Table has been created");
} catch (AlreadyExistsException e) {
// do nothing
}
Table table = hc.loadTable(ti);
System.out.println(table.toString());
hc.dropTable(ti, true);
```
The session token is created using:
```sh
aws sts --role-arn assume-role arn:aws:iam::123:role/fokko
--role-session-name example
```
I would explicitly pass in the access key and access secret. It looks like
they are also picked up from the environment variables. If they are not set,
then the session token [will also be
ignored](https://github.com/apache/iceberg/blob/73b03777b86a84b20e85189e652bb134145856e1/aws/src/main/java/org/apache/iceberg/aws/AwsClientProperties.java#L121-L139),
and then the authentication will always fail.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
