Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth Manager API part 6: API enablement #12197

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Auth Manager API part 6: API enablement #12197

wants to merge 4 commits into from

Conversation

adutra
Copy link
Contributor

@adutra adutra commented Feb 7, 2025

6th and last PR for the Auth Manager API. Previous ones:

Once this PR is merged, the AuthManager API becomes effective.

Summary of changes:

  • Minor changes to OAuth2Manager, mostly to properly handle empty auth sessions, as decided in Auth Manager API part 4: RESTClient, HTTPClient #11992;
  • Enablement of SigV4 AuthManager and removal of HttpInterceptor code in HTTPClient and related tests;
  • Enablement of AuthManager API in RESTSessionCatalog;
  • Enablement of AuthManager API in credential refreshing code: VendedCredentialsProvider and OAuth2RefreshCredentialsHandler
    • OAuth2RefreshCredentialsHandler now caches its HTTPClient and AuthSession, instead of creating a new client and session for every refresh – pretty much like VendedCredentialsProvider already does.

@adutra adutra changed the title Auth manager 6 final2 Auth Manager API part 6: API enablement Feb 7, 2025
jbonofre
jbonofre approved these changes Feb 9, 2025
View reviewed changes
Copy link
Member

@jbonofre jbonofre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I just wonder if S3FileIO is not impacted (around the credentials).

ajantha-bhat
ajantha-bhat reviewed Feb 12, 2025
View reviewed changes
aws/src/main/java/org/apache/iceberg/aws/RESTSigV4Signer.java
* href="https://docs.aws.amazon.com/general/latest/gr/signing-aws-api-requests.html">Signing AWS
* API requests</a> for details about the protocol.
*/
public class RESTSigV4Signer implements HttpRequestInterceptor {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should follow a minor version deprecation?
https://iceberg.apache.org/contribute/?h=contri#minor-version-deprecations-discretionary

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @ajantha-bhat I think the deprecation cycle does not apply here because this component is not meant to be instantiated by users directly. It was only instantiated by reflection when SigV4 was enabled:

iceberg/core/src/main/java/org/apache/iceberg/rest/HTTPClient.java

Lines 558 to 560 in 0bc6dfa

if (PropertyUtil.propertyAsBoolean(properties, SIGV4_ENABLED, false)) {
interceptor = loadInterceptorDynamically(SIGV4_REQUEST_INTERCEPTOR_IMPL, properties);
}

But I'm happy to keep this class around if others think that's better.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajantha-bhat ajantha-bhat ajantha-bhat left review comments

@jbonofre jbonofre jbonofre approved these changes

@snazy snazy snazy approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
AWS core GCP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@adutra @jbonofre @snazy @ajantha-bhat