[GitHub] [iceberg] nastra opened a new pull request, #6169: AWS,Core: Add S3 REST Signer client + REST Spec

Wed, 25 Jan 2023 00:29:55 -0800 


nastra opened a new pull request, #6169:
URL: https://github.com/apache/iceberg/pull/6169

   This introduces an S3 REST signer client and defines a REST spec 
(`s3-signer-open-api.yml`) for a server implementation. Below is a high-level 
overview of the introduced changes:
   
   * the main logic and functionality resides in the `S3V4RestSignerClient` 
class
     * it uses the same **credential/token** exchange flow as we have in 
`RESTSessionCatalog` and also uses the same token refresh mechanism. In order 
to achieve that, a few refactorings have been done in `RESTSessionCatalog` / 
`OAuth2Util`.
     * the default endpoint the signer connects to is `v1/aws/s3/sign` but can 
be customized.
     * The server decides which headers to sign and can indicate to the 
`S3V4RestSignerClient` whether a response with signed headers can be cached by 
sending a `Cache-Control: private` header
   * `AwsProperties` introduce `s3.signer.class` that allows to dynamically 
load an S3 Signer implementation and apply it when creating an S3 client. This 
can be any Signer class that implements 
`software.amazon.awssdk.core.signer.Signer`.
   * `S3SignRequest` and `S3SignResponse` classes define how the request and 
response looks like
   * an `S3ObjectMapper` class has been introduced that is similar to 
`RESTObjectMapper` but only contains what's necessary for the S3 REST signer, 
which are the request/response classes with OAuth-related classes and error 
handling.
   * Testing is done by using `MinioContainer` (`TestContainers` + `MinIO`) in 
`TestS3RestSigner`
     * The `S3SignerServlet` defines the minimum amount of work that a 
server-side implementation might have. It is by no means complete and only 
serves the purpose of testing


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to