danielcweeks commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1757382280
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3129,6 +3204,11 @@ components:
- `s3.secret-access-key`: secret for credentials that provide access
to data in S3
- `s3.session-token`: if present, this value should be used for as
the session token
- `s3.remote-signing-enabled`: if `true` remote signing should be
performed as described in the `s3-signer-open-api.yaml` specification
+
+ ## Credentials
+
+ Credentials for ADLS / GCS / S3 are provided through the `credentials`
field. Clients should first check whether the
+ respective credentials exist in the `credentials` field before
checking the `config` for credentials.
Review Comment:
That does currently and I don't think multiple would be supported by the
implementation as of today. We could possibly allow multiple credentials (one
per provider?), but I think we should require that the provided credential be
scoped for all table locations within a provider and not push that mapping onto
the client since all of the policies I'm aware of allow for that.
@nastra I think multiple provider is an interesting question, but also
complicates this.
We can currently support different tables across providers in the same
catalog, but not tables that span multiple providers (not sure if that's scope
we want to take on right now).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
