dimas-b commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1755855988
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3129,6 +3204,11 @@ components:
- `s3.secret-access-key`: secret for credentials that provide access
to data in S3
- `s3.session-token`: if present, this value should be used for as
the session token
- `s3.remote-signing-enabled`: if `true` remote signing should be
performed as described in the `s3-signer-open-api.yaml` specification
+
+ ## Credentials
+
+ Credentials for ADLS / GCS / S3 are provided through the `credentials`
field. Clients should first check whether the
+ respective credentials exist in the `credentials` field before
checking the `config` for credentials.
Review Comment:
Not too tricky, I hope :) WDYT about mapping base table URIs to credentials?
The server could return this mapping in response to the client's request for
credentials, then the client would choose the appropriate credential for each
file it needs to access.
If the client provided some more information about the time of operation it
needs to perform (e.g. read the latest snapshot or append new files to the
latest snapshot) the server should be able to return a fairly narrow set (1 in
most cases) of credentials.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
