szlta commented on code in PR #17155:
URL: https://github.com/apache/iceberg/pull/17155#discussion_r3578191666
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -2147,9 +2147,16 @@ components:
to supply access via any or none of the requested mechanisms.
- Specific properties and handling for `vended-credentials` and
`remote-signing`
+ Specific properties and handling for `vended-credentials`,
`remote-signing`, and `kms-vended-credentials`
are documented in the `LoadTableResult` schema section of this spec
document.
+ For encrypted table operations, delegated credential sourcing should
be consistent. If a catalog
+ honors REST access delegation for an encrypted table operation, it
should provide all delegated
+ credentials required for that operation, including storage credentials
and KMS credentials. Clients
+ must not be required to combine catalog-vended storage credentials
with client-local or static KMS
Review Comment:
Agreed, I rewrote this section to be more clear.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]