laserninja opened a new issue, #11580:
URL: https://github.com/apache/gravitino/issues/11580
### What would you like to be improved?
The `planTableScan` endpoint (`POST
/v1/{prefix}/namespaces/{namespace}/tables/{table}/plan`) does not honor the
`X-Iceberg-Access-Delegation` header. Unlike `loadTable` and `registerTable`,
which accept the header and construct an `IcebergRequestContext` with
`isCredentialVending=true`, `planTableScan` builds the context without it. As a
result, scan-planning responses cannot carry vended storage credentials,
forcing clients to make a separate `loadTable` call to obtain them.
### How should we improve?
Add a `@HeaderParam(X_ICEBERG_ACCESS_DELEGATION) String accessDelegation`
parameter to `planTableScan`, derive `isCredentialVending` via the existing
`IcebergTableOperations.isCredentialVending(...)` helper, and pass it into the
`IcebergRequestContext` constructor, mirroring `loadTable` and `registerTable`.
Add tests covering both vended and non-vended paths.
Related: scan-planning epic #7668 / #7261; spec-compliance epic #10547.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
