danielcweeks commented on code in PR #12582:
URL: https://github.com/apache/iceberg/pull/12582#discussion_r2012382856
##########
aws/src/main/java/org/apache/iceberg/aws/RESTSigV4AuthManager.java:
##########
@@ -61,20 +61,29 @@ public RESTSigV4AuthSession catalogSession(
}
@Override
- public AuthSession contextualSession(SessionCatalog.SessionContext context,
AuthSession parent) {
+ public RESTSigV4AuthSession contextualSession(
+ SessionCatalog.SessionContext context, AuthSession parent) {
AwsProperties contextProperties =
- new AwsProperties(RESTUtil.merge(catalogProperties,
context.properties()));
+ new AwsProperties(
+ RESTUtil.merge(
+ catalogProperties,
Review Comment:
I don't think we've had a scenario where SigV4 has used different
credentials for different endpoints. So far, we've seen a few implementations
if API Gateways that just authenticate requests signed by clients. That
doesn't mean the case won't come up int the future, but I wouldn't want to try
to solve for it proactively.
That said, I was hoping there would be enough context in the parent session
that we wouldn't need to go back to catalog properties, but not everything is
carried through the auth session. The only problem would be if there is every
cross-catalog auth sharing, which I think is unlikely.
I'm ok with this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
