plusplusjiajia commented on code in PR #2651:
URL: https://github.com/apache/iceberg-rust/pull/2651#discussion_r3426922351
##########
crates/catalog/rest/src/catalog.rs:
##########
@@ -483,9 +484,19 @@ impl RestCatalog {
)
})?;
- let file_io = FileIOBuilder::new(factory).with_props(props).build();
+ let mut builder =
FileIOBuilder::new(factory).with_props(props.clone());
- Ok(file_io)
+ // Vended credentials are scoped per location prefix: give each its own
+ // storage so reads/writes use the matching credentials.
+ if let Some(creds) = storage_credentials {
+ for cred in creds {
+ let mut prefixed = props.clone();
+ prefixed.extend(cred.config.clone());
+ builder = builder.with_prefixed_props(cred.prefix.clone(),
prefixed);
Review Comment:
@huan233usc Good question!— not in this PR. FileIO is built once from the
LoadTable creds, so no refresh yet. Good follow-up: the opendal S3 backend
already has a ProvideCredential hook (reqsign re-invokes on expires_in), so a
provider re-fetching from loadCredentials before s3.session-token-expires-at-ms
— like Java's VendedCredentialsProvider — fits there. Will track as a separate
PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
