nastra commented on code in PR #14065:
URL: https://github.com/apache/iceberg/pull/14065#discussion_r2374583555
##########
docs/docs/configuration.md:
##########
@@ -143,6 +143,43 @@ The properties can be manually constructed or passed in
from a compute engine li
Spark uses its session properties as catalog properties, see more details in
the [Spark configuration](spark-configuration.md#catalog-configuration) section.
Flink passes in catalog properties through `CREATE CATALOG` statement, see
more details in the [Flink](flink.md#adding-catalogs) section.
+### Catalog REST auth properties
+
+The following catalog properties configure authentication for the REST catalog.
+They support Basic, OAuth2, SigV4, and Google authentication, in addition to
the default none.
+
+### REST auth properties
+
+| Property | Default | Description
|
+|--------------------------------------|------------------|-------------------------------------------------------------------------------------------------------------------|
+| `rest.auth.type` | none | Authentication
mechanism for REST catalog access. Supported values: `none`, `basic`, `oauth2`,
`sigv4`, `google`. |
+| `rest.auth.basic.username` | null | Username for Basic
authentication. Required if `rest.auth.type` = `basic`.
|
+| `rest.auth.basic.password` | null | Password for Basic
authentication. Required if `rest.auth.type` = `basic`.
|
+| `rest.auth.sigv4.delegate-auth-type` | `oauth2` | Auth type to
delegate to after SigV4 signing. Defaults to `oauth2`.
|
+
+### OAuth2 auth properties
+Required and Optional properties to include while using OAuth2 authentication
+
+| Property | Default | Description
|
+|-------------------------|-------------------|-----------------------------------------------------------------------------------------------------------------------------|
+| `token` | null | A Bearer token to interact
with the server. Required.
|
+| `credential` | null | Credential string
(client_id:client_secret) to exchange a token in the OAuth2 client credentials
flow. Required. |
+| `oauth2-server-uri` | `v1/oauth/tokens` | OAuth2 token endpoint URI.
Required if the REST catalog is not the OAuth2 authentication server. Required.
|
+| `token-expires-in-ms` | 3600000 (1 hour) | Time in milliseconds after
which a bearer token is considered expired. Used to decide when to refresh or
re-exchange a token. |
+| `token-refresh-enabled` | true | Determines whether tokens are
automatically refreshed when expiration details are available.
|
+| `token-exchange-enabled`| true | Determines whether to exchange
tokens to acquire new tokens.
|
+| `scope` | `catalog` | Additional scope for
`oauth2`.
|
+| `audience` | null | Optional param to specify
token `audience`
|
+| `resource` | null | Optional param to specify
`resource`
|
+
+### Google auth properties
+Required and Optional properties to include while using Google authentication
+
+| Property | Default | Description
|
+|----------------------------|------------------|---------------------------------------------------------------------------------------------------------------|
+| `gcp.auth.credentials-path`| null | Path to a service account
JSON key file. If not set, Application Default Credentials will be used.
|
+| `gcp.auth.scopes` | null | Comma-separated list of
OAuth scopes to request. Defaults to
`https://www.googleapis.com/auth/cloud-platform`. |
Review Comment:
the default should rather be in the `Default` column instead of in the text
here
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
