Re: [PR] OpenAPI: Standardize credentials in loadTable/loadView responses [iceberg]

Wed, 25 Sep 2024 05:11:25 -0700 


nastra commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1775110341


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3103,6 +3103,81 @@ components:
         uuid:
           type: string
 
+    ADLSCredentials:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credentials'
+      required:
+        - type
+      properties:
+        type:
+          type: string
+          enum: [ "adls" ]
+        account-name:
+          type: string
+        account-key:
+          type: string
+        sas-token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+
+    GCSCredentials:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credentials'
+      required:
+        - type
+        - token
+        - expires-at-ms
+      properties:
+        type:
+          type: string
+          enum: [ "gcs" ]
+        token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+
+    S3Credentials:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credentials'
+      required:

Review Comment:
   @jackye1995 it's not published yet because I wanted to get this proposal in 
first and otherwise it would deviate the discussion. 
   Here's a quick summary of how refreshing vended credentials would look like:
   
   Refreshing vended credentials would entail adding a new 
`/v1/{prefix}/namespaces/{namespace}/tables/{table}/credentials` endpoint that 
returns a `LoadCredentialsResponse`, which carries
   ```
   storage-credentials:
     type: array
     items:
       $ref: '#/components/schemas/Credential'
   ```
   This new endpoint would be called by the mechanism that is offered by the 
respective storage provider. For example, GCS offers a 
`OAuth2CredentialsWithRefresh` which then effectively would call this new 
endpoint to refresh a vended credential.
   Achieving the same thing for S3 would look different but effectively comes 
down to calling this credential endpoint too.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to