xxchan commented on code in PR #1241:
URL: https://github.com/apache/iceberg-rust/pull/1241#discussion_r2063859896


##########
crates/catalog/rest/src/client.rs:
##########
@@ -220,6 +225,39 @@ impl HttpClient {
     /// Executes the given `Request` and returns a `Response`.
     pub async fn execute(&self, mut request: Request) -> Result<Response> {
         request.headers_mut().extend(self.extra_headers.clone());
+
+        if let Some((loader, signer)) = &self.signer {
+            match loader.load().await {
+                Ok(Some(credential)) => {
+                    const EMPTY_STRING_SHA256: &str =
+                        
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
+                    request.headers_mut().insert(
+                        "x-amz-content-sha256",
+                        HeaderValue::from_str(EMPTY_STRING_SHA256).unwrap(),
+                    );

Review Comment:
   By default, `reqsign` will fill `x-amz-content-sha256=UNSIGNED-PAYLOAD`. If 
signing request body is needed, caller should fill a `x-amz-content-sha256` 
themselves.
   
   `UNSIGNED-PAYLOAD` works for s3, but it seems not working  for `s3tables`. 
Therefore, I tried to include `SHA256("")= 
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`, and it 
works..
   
   I also not sure if this is the most correct way, whether we should support 
this natively in `reqsign`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to