Re: [PR] OpenAPI: Standardize credentials in loadTable/loadView responses [iceberg]

Fri, 11 Oct 2024 00:31:56 -0700 


Xuanwo commented on code in PR #10722:
URL: https://github.com/apache/iceberg/pull/10722#discussion_r1796543659


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3103,6 +3103,95 @@ components:
         uuid:
           type: string
 
+    ADLSCredential:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credential'
+      required:
+        - type
+        - sas-token
+        - expires-at-ms
+      properties:
+        type:
+          type: string
+          enum: [ "adls" ]
+        prefix:
+          type: string
+          description: Indicates a storage location prefix where the 
credential is relevant. Clients should choose the most
+            specific prefix if several credentials of the same type are 
available.
+        sas-token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+          description: The epoch millis since 1970-01-01T00:00:00Z at which 
the given token expires
+
+
+    GCSCredential:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credential'
+      required:
+        - type
+        - token
+        - expires-at-ms
+      properties:
+        type:
+          type: string
+          enum: [ "gcs" ]
+        prefix:
+          type: string
+          description: Indicates a storage location prefix where the 
credential is relevant. Clients should choose the most
+            specific prefix if several credentials of the same type are 
available.
+        token:
+          type: string
+        expires-at-ms:
+          type: integer
+          format: int64
+          description: The epoch millis since 1970-01-01T00:00:00Z at which 
the given token expires
+
+    S3Credential:
+      type: object
+      allOf:
+        - $ref: '#/components/schemas/Credential'
+      required:
+        - type
+        - access-key-id
+        - secret-access-key
+        - session-token

Review Comment:
   I agree with @jackye1995 that `session-token` is not part of the S3 API, and 
users might not have IAM or similar setups in their environment. I understand 
the motivation for requiring `session-token` to exist, but I'm concerned it 
could be too restrictive and prevent users from implementing the rest spec.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to