danielcweeks commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1757295238
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3103,6 +3103,79 @@ components:
uuid:
type: string
+ ADLSCredentials:
+ type: object
+ allOf:
+ - $ref: '#/components/schemas/Credentials'
+ required:
+ - type
+ - sas-token
Review Comment:
I would agree with this and also state that we should never pass
non-expiring credentials through this interface as it would be very dangerous
from a security posture to expose unbounded credentials. This means we should
also require session token for AWS.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
