Re: [PR] OpenAPI: Standardize credentials in loadTable/loadView responses [iceberg]

Wed, 11 Sep 2024 07:15:00 -0700 


nastra commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1754694285


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -2747,6 +2747,81 @@ components:
         uuid:
           type: string
 
+    ADLSCredentials:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credentials'
+      required:
+        - type
+      properties:
+        type:
+          type: string
+          enum: [ "adls" ]
+        account-name:
+          type: string
+        account-key:
+          type: string
+        sas-token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+
+    GCSCredentials:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credentials'
+      required:
+        - type
+        - token
+        - expires-at-ms
+      properties:
+        type:
+          type: string
+          enum: [ "gcs" ]
+        token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+
+    S3Credentials:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credentials'
+      required:
+        - type
+        - access-key-id
+        - secret-access-key
+        - session-token
+        - expires-at-ms
+      properties:
+        type:
+          type: string
+          enum: [ "s3" ]
+        access-key-id:
+          type: string
+        secret-access-key:
+          type: string
+        session-token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+
+    Credentials:
+      type: object
+      discriminator:
+        propertyName: type
+        mapping:
+          adls: '#/components/schemas/ADLSCredentials'
+          gcs: '#/components/schemas/GCSCredentials'
+          s3: '#/components/schemas/S3Credentials'
+      oneOf:

Review Comment:
   I don't think it makes sense to add remote signing here. The scope of the PR 
is focusing on defining a clear structure for credentials. This will be later 
then used for having a standardized way of refreshing vended credentials (which 
will be follow-up work)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to