[I] Expose server-assigned resource identifiers (tableId) in LoadTableResponse REST API [iceberg]

Mon, 18 May 2026 12:57:47 -0700 


aritragster opened a new issue, #16399:
URL: https://github.com/apache/iceberg/issues/16399

   ### Proposed Change
   
   ## Proposed Change
   
   ### Summary
   
   Expose server-assigned resource identifiers (e.g., `tableId`) in the 
loadTable REST response so that clients can use them for resource-level access 
control without HTTP-layer interception.
   
   ### Motivation
   
   When a REST catalog backend assigns server-side identifiers to tables (e.g., 
S3 Tables assigns a `tableId` used in ARN construction), downstream systems 
that federate through the Iceberg REST protocol need this identifier for 
credential vending. Specifically, they need it to construct resource-level IAM 
policies with table-scoped ARNs.
   
   Today, the `tableId` is present in the raw HTTP response body but is not 
surfaced through the RESTCatalog client API. The only way to access it is to 
wrap the HTTP client and intercept responses before deserialization. This is 
brittle and breaks across Iceberg library version bumps.
   
   ### Proposed Change
   
   Include server-provided resource identifiers (such as `tableId`) in the 
`config` map of the `LoadTableResponse`, or introduce a dedicated field in the 
response schema for backend-assigned metadata. This would allow REST catalog 
clients to access the value through the standard API contract without 
HTTP-layer interception.
   
   ### Use Case
   
   Apache Polaris (apache/polaris#4052) federates to S3 Tables REST endpoints 
and needs the `tableId` to construct `arn:aws:s3tables:::table/{tableId}` ARNs 
for scoped IAM session policies during credential vending. Currently worked 
around via a `ConfigCapturingHTTPClient` wrapper that intercepts the raw 
response.
   
   ### Proposal document
   
   _No response_
   
   ### Specifications
   
   - [ ] Table
   - [ ] View
   - [x] REST
   - [ ] Puffin
   - [ ] Encryption
   - [ ] Other


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to