Re: [PR] OpenAPI: Standardize credentials in loadTable/loadView responses [iceberg]

Wed, 25 Sep 2024 10:36:43 -0700 


jackye1995 commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1775675415


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3103,6 +3103,95 @@ components:
         uuid:
           type: string
 
+    ADLSCredential:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credential'
+      required:
+        - type
+        - sas-token
+        - expires-at-ms
+      properties:
+        type:
+          type: string
+          enum: [ "adls" ]
+        prefix:
+          type: string
+          description: Indicates a storage location prefix where the 
credential is relevant. Clients should choose the most
+            specific prefix if several credentials of the same type are 
available.
+        sas-token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+          description: The epoch millis since 1970-01-01T00:00:00Z at which 
the given token expires
+
+
+    GCSCredential:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credential'
+      required:
+        - type
+        - token
+        - expires-at-ms
+      properties:
+        type:
+          type: string
+          enum: [ "gcs" ]
+        prefix:
+          type: string
+          description: Indicates a storage location prefix where the 
credential is relevant. Clients should choose the most
+            specific prefix if several credentials of the same type are 
available.
+        token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+          description: The epoch millis since 1970-01-01T00:00:00Z at which 
the given token expires
+
+    S3Credential:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credential'
+      required:
+        - type
+        - access-key-id
+        - secret-access-key
+        - session-token

Review Comment:
   That makes sense. In that case I think we can keep `expires-at-ms` required. 
But what about `session-token`? I think not all storage systems that implements 
the S3 API supports that.
   
   I know we want to explore defining "credentials" as a map, but assuming we 
go with this current approach, I feel it is better to at least make that 
optional.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to