zhaoyunjiong commented on PR #14443: URL: https://github.com/apache/iceberg/pull/14443#issuecomment-3608233374
> Hi @zhaoyunjiong , Basically I understand your idea, we want to use the customized credentials provider to automatically get the temporary credentials, rather than configuring the static credentials inside the iceberg table properties (which is not safe). Then is it possible to follow the `iceberg-aws` module that we've already did, which means introducing a separate table properties to specify the credentials provider that you want to configure. We have multiple different components that will need to use iceberg-aliyun. It's possible to pass a custom Credentials Provider, but it will be very difficult and time-consuming to change multiple different projects to support that. > And another key question from my side is: How do we gurantee the credential expiration won't interrupt the long-running job ? The OSS client constructor only stores the CredentialsProvider reference. Before sending a request to the OSS service, inside doOperation(), it will call createDefaultContext(), which will call credsProvider.getCredentials(). This will automatically refresh the credentials if they expired or are within a 3-minute window. You can find the code here: https://github.com/aliyun/aliyun-oss-java-sdk/blob/a69a093ad639acb4de8fca5b35c80d55685713c1/src/main/java/com/aliyun/oss/internal/OSSOperation.java#L185 https://github.com/aliyun/aliyun-oss-java-sdk/blob/a69a093ad639acb4de8fca5b35c80d55685713c1/src/main/java/com/aliyun/oss/internal/OSSOperation.java#L257-L259 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
