jackye1995 commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1775504602
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3103,6 +3103,95 @@ components:
uuid:
type: string
+ ADLSCredential:
+ type: object
+ allOf:
+ - $ref: '#/components/schemas/Credential'
+ required:
+ - type
+ - sas-token
+ - expires-at-ms
+ properties:
+ type:
+ type: string
+ enum: [ "adls" ]
+ prefix:
+ type: string
+ description: Indicates a storage location prefix where the
credential is relevant. Clients should choose the most
+ specific prefix if several credentials of the same type are
available.
+ sas-token:
+ type: string
+ expires-at-ms:
+ type: integer
+ format: int64
+ description: The epoch millis since 1970-01-01T00:00:00Z at which
the given token expires
+
+
+ GCSCredential:
+ type: object
+ allOf:
+ - $ref: '#/components/schemas/Credential'
+ required:
+ - type
+ - token
+ - expires-at-ms
+ properties:
+ type:
+ type: string
+ enum: [ "gcs" ]
+ prefix:
+ type: string
+ description: Indicates a storage location prefix where the
credential is relevant. Clients should choose the most
+ specific prefix if several credentials of the same type are
available.
+ token:
+ type: string
+ expires-at-ms:
+ type: integer
+ format: int64
+ description: The epoch millis since 1970-01-01T00:00:00Z at which
the given token expires
+
+ S3Credential:
+ type: object
+ allOf:
+ - $ref: '#/components/schemas/Credential'
+ required:
+ - type
+ - access-key-id
+ - secret-access-key
+ - session-token
Review Comment:
do we need to require `session-token` and `expires-at-ms`? This forces the
credentials to be temporary, which is probably the case most of the time, but I
don't think we need to exclude the case where people want to do differently. I
think some systems using S3 as a proxy might be able to appreciate this.
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3103,6 +3103,95 @@ components:
uuid:
type: string
+ ADLSCredential:
+ type: object
+ allOf:
+ - $ref: '#/components/schemas/Credential'
+ required:
+ - type
+ - sas-token
+ - expires-at-ms
+ properties:
+ type:
+ type: string
+ enum: [ "adls" ]
+ prefix:
+ type: string
+ description: Indicates a storage location prefix where the
credential is relevant. Clients should choose the most
+ specific prefix if several credentials of the same type are
available.
+ sas-token:
+ type: string
+ expires-at-ms:
+ type: integer
+ format: int64
+ description: The epoch millis since 1970-01-01T00:00:00Z at which
the given token expires
+
+
+ GCSCredential:
+ type: object
+ allOf:
+ - $ref: '#/components/schemas/Credential'
+ required:
+ - type
+ - token
+ - expires-at-ms
+ properties:
+ type:
+ type: string
+ enum: [ "gcs" ]
+ prefix:
+ type: string
+ description: Indicates a storage location prefix where the
credential is relevant. Clients should choose the most
+ specific prefix if several credentials of the same type are
available.
+ token:
+ type: string
+ expires-at-ms:
+ type: integer
+ format: int64
+ description: The epoch millis since 1970-01-01T00:00:00Z at which
the given token expires
+
+ S3Credential:
+ type: object
+ allOf:
+ - $ref: '#/components/schemas/Credential'
+ required:
+ - type
+ - access-key-id
+ - secret-access-key
+ - session-token
Review Comment:
do we need to require `session-token` and `expires-at-ms`? This forces the
credentials to be temporary, which is probably the case most of the time, but I
don't think we need to exclude the case where people want to do differently. I
think some storage systems using S3 as a proxy might be able to appreciate this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
