nastra commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1756199614
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3129,6 +3204,11 @@ components:
- `s3.secret-access-key`: secret for credentials that provide access
to data in S3
- `s3.session-token`: if present, this value should be used for as
the session token
- `s3.remote-signing-enabled`: if `true` remote signing should be
performed as described in the `s3-signer-open-api.yaml` specification
+
+ ## Credentials
+
+ Credentials for ADLS / GCS / S3 are provided through the `credentials`
field. Clients should first check whether the
Review Comment:
> Would it make sense to take it one step further and have clients request
credentials for narrower use cases?.. For example separating read and write
access.
>
> To be clear, I mean adding a separate REST endpoint for obtaining storage
credentials.
@dimas-b yes I'll be working on a separate endpoint for credentials in a
follow-up proposal that would allow refreshing vended credentials. The goal of
this PR is to standardize the credentials themselves
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
