This is an automated email from the ASF dual-hosted git repository.
gangwu pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iceberg-cpp.git
The following commit(s) were added to refs/heads/main by this push:
new 437f252f feat: add restcatalog authentication api (#479)
437f252f is described below
commit 437f252f88ce9acbd7e83ab3168ddb113c4f7856
Author: lishuxu <[email protected]>
AuthorDate: Sat Jan 17 20:04:23 2026 +0800
feat: add restcatalog authentication api (#479)
---
src/iceberg/catalog/rest/CMakeLists.txt | 5 ++
src/iceberg/catalog/rest/auth/CMakeLists.txt | 18 +++++
src/iceberg/catalog/rest/auth/auth_manager.cc | 48 +++++++++++
src/iceberg/catalog/rest/auth/auth_manager.h | 102 ++++++++++++++++++++++++
src/iceberg/catalog/rest/auth/auth_managers.cc | 81 +++++++++++++++++++
src/iceberg/catalog/rest/auth/auth_managers.h | 68 ++++++++++++++++
src/iceberg/catalog/rest/auth/auth_properties.h | 73 +++++++++++++++++
src/iceberg/catalog/rest/auth/auth_session.cc | 52 ++++++++++++
src/iceberg/catalog/rest/auth/auth_session.h | 75 +++++++++++++++++
src/iceberg/catalog/rest/meson.build | 13 +++
src/iceberg/catalog/rest/type_fwd.h | 7 ++
src/iceberg/result.h | 4 +
12 files changed, 546 insertions(+)
diff --git a/src/iceberg/catalog/rest/CMakeLists.txt
b/src/iceberg/catalog/rest/CMakeLists.txt
index 12d77e59..b73d7fcf 100644
--- a/src/iceberg/catalog/rest/CMakeLists.txt
+++ b/src/iceberg/catalog/rest/CMakeLists.txt
@@ -15,7 +15,12 @@
# specific language governing permissions and limitations
# under the License.
+add_subdirectory(auth)
+
set(ICEBERG_REST_SOURCES
+ auth/auth_manager.cc
+ auth/auth_managers.cc
+ auth/auth_session.cc
catalog_properties.cc
endpoint.cc
error_handlers.cc
diff --git a/src/iceberg/catalog/rest/auth/CMakeLists.txt
b/src/iceberg/catalog/rest/auth/CMakeLists.txt
new file mode 100644
index 00000000..d44743ef
--- /dev/null
+++ b/src/iceberg/catalog/rest/auth/CMakeLists.txt
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+iceberg_install_all_headers(iceberg/catalog/rest/auth)
diff --git a/src/iceberg/catalog/rest/auth/auth_manager.cc
b/src/iceberg/catalog/rest/auth/auth_manager.cc
new file mode 100644
index 00000000..af02f747
--- /dev/null
+++ b/src/iceberg/catalog/rest/auth/auth_manager.cc
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "iceberg/catalog/rest/auth/auth_manager.h"
+
+#include "iceberg/catalog/rest/auth/auth_session.h"
+
+namespace iceberg::rest::auth {
+
+Result<std::shared_ptr<AuthSession>> AuthManager::InitSession(
+ HttpClient& init_client,
+ const std::unordered_map<std::string, std::string>& properties) {
+ // By default, use the catalog session for initialization
+ return CatalogSession(init_client, properties);
+}
+
+Result<std::shared_ptr<AuthSession>> AuthManager::ContextualSession(
+ [[maybe_unused]] const std::unordered_map<std::string, std::string>&
context,
+ std::shared_ptr<AuthSession> parent) {
+ // By default, return the parent session as-is
+ return parent;
+}
+
+Result<std::shared_ptr<AuthSession>> AuthManager::TableSession(
+ [[maybe_unused]] const TableIdentifier& table,
+ [[maybe_unused]] const std::unordered_map<std::string, std::string>&
properties,
+ std::shared_ptr<AuthSession> parent) {
+ // By default, return the parent session as-is
+ return parent;
+}
+
+} // namespace iceberg::rest::auth
diff --git a/src/iceberg/catalog/rest/auth/auth_manager.h
b/src/iceberg/catalog/rest/auth/auth_manager.h
new file mode 100644
index 00000000..c192ecf2
--- /dev/null
+++ b/src/iceberg/catalog/rest/auth/auth_manager.h
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#pragma once
+
+#include <memory>
+#include <string>
+#include <unordered_map>
+
+#include "iceberg/catalog/rest/iceberg_rest_export.h"
+#include "iceberg/catalog/rest/type_fwd.h"
+#include "iceberg/result.h"
+#include "iceberg/type_fwd.h"
+
+/// \file iceberg/catalog/rest/auth/auth_manager.h
+/// \brief Authentication manager interface for REST catalog.
+
+namespace iceberg::rest::auth {
+
+/// \brief Produces authentication sessions for catalog and table requests.
+class ICEBERG_REST_EXPORT AuthManager {
+ public:
+ virtual ~AuthManager() = default;
+
+ /// \brief Create a short-lived session used to contact the configuration
endpoint.
+ ///
+ /// This session is used only during catalog initialization to fetch server
+ /// configuration and perform initial authentication. It is typically
discarded after
+ /// initialization.
+ ///
+ /// \param init_client HTTP client used for initialization requests.
+ /// \param properties Client configuration supplied by the catalog.
+ /// \return Session for initialization or an error if credentials cannot be
acquired.
+ virtual Result<std::shared_ptr<AuthSession>> InitSession(
+ HttpClient& init_client,
+ const std::unordered_map<std::string, std::string>& properties);
+
+ /// \brief Create the long-lived catalog session that acts as the parent
session.
+ ///
+ /// This session is used for all catalog-level operations (list namespaces,
list tables,
+ /// etc.) and serves as the parent session for contextual and table-specific
sessions.
+ /// It is owned by the catalog and reused throughout the catalog's lifetime.
+ ///
+ /// \param shared_client HTTP client owned by the catalog and reused for
auth calls.
+ /// \param properties Catalog properties (client config + server defaults).
+ /// \return Session for catalog operations or an error if authentication
cannot be set
+ /// up.
+ virtual Result<std::shared_ptr<AuthSession>> CatalogSession(
+ HttpClient& shared_client,
+ const std::unordered_map<std::string, std::string>& properties) = 0;
+
+ /// \brief Create or reuse a session for a specific context.
+ ///
+ /// This method is used by SessionCatalog to create sessions for different
contexts
+ /// (e.g., different users or tenants).
+ ///
+ /// \param context Context properties (e.g., user credentials, tenant info).
+ /// \param parent Catalog session to inherit from or return as-is.
+ /// \return A context-specific session, or the parent session if no
context-specific
+ /// session is needed, or an error if session creation fails.
+ virtual Result<std::shared_ptr<AuthSession>> ContextualSession(
+ const std::unordered_map<std::string, std::string>& context,
+ std::shared_ptr<AuthSession> parent);
+
+ /// \brief Create or reuse a session scoped to a single table/view.
+ ///
+ /// This method is called when loading a table that may have table-specific
auth
+ /// properties returned by the server.
+ ///
+ /// \param table Target table identifier.
+ /// \param properties Table-specific auth properties returned by the server.
+ /// \param parent Catalog or contextual session to inherit from or return
as-is.
+ /// \return A table-specific session, or the parent session if no
table-specific
+ /// session is needed, or an error if session creation fails.
+ virtual Result<std::shared_ptr<AuthSession>> TableSession(
+ const TableIdentifier& table,
+ const std::unordered_map<std::string, std::string>& properties,
+ std::shared_ptr<AuthSession> parent);
+
+ /// \brief Release resources held by the manager.
+ ///
+ /// \return Status of the close operation.
+ virtual Status Close() { return {}; }
+};
+
+} // namespace iceberg::rest::auth
diff --git a/src/iceberg/catalog/rest/auth/auth_managers.cc
b/src/iceberg/catalog/rest/auth/auth_managers.cc
new file mode 100644
index 00000000..ab076e97
--- /dev/null
+++ b/src/iceberg/catalog/rest/auth/auth_managers.cc
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "iceberg/catalog/rest/auth/auth_managers.h"
+
+#include <algorithm>
+#include <cctype>
+
+#include "iceberg/catalog/rest/auth/auth_properties.h"
+#include "iceberg/util/string_util.h"
+
+namespace iceberg::rest::auth {
+
+namespace {
+
+/// \brief Registry type for AuthManager factories with heterogeneous lookup
support.
+using AuthManagerRegistry =
+ std::unordered_map<std::string, AuthManagerFactory, StringHash,
StringEqual>;
+
+// Infer the authentication type from properties.
+std::string InferAuthType(
+ const std::unordered_map<std::string, std::string>& properties) {
+ auto it = properties.find(AuthProperties::kAuthType);
+ if (it != properties.end() && !it->second.empty()) {
+ return StringUtils::ToLower(it->second);
+ }
+
+ // Infer from OAuth2 properties (credential or token)
+ bool has_credential = properties.contains(AuthProperties::kOAuth2Credential);
+ bool has_token = properties.contains(AuthProperties::kOAuth2Token);
+ if (has_credential || has_token) {
+ return AuthProperties::kAuthTypeOAuth2;
+ }
+
+ return AuthProperties::kAuthTypeNone;
+}
+
+// Get the global registry of auth manager factories.
+AuthManagerRegistry& GetRegistry() {
+ static AuthManagerRegistry registry;
+ return registry;
+}
+
+} // namespace
+
+void AuthManagers::Register(std::string_view auth_type, AuthManagerFactory
factory) {
+ GetRegistry()[StringUtils::ToLower(auth_type)] = std::move(factory);
+}
+
+Result<std::unique_ptr<AuthManager>> AuthManagers::Load(
+ std::string_view name,
+ const std::unordered_map<std::string, std::string>& properties) {
+ std::string auth_type = InferAuthType(properties);
+
+ auto& registry = GetRegistry();
+ auto it = registry.find(auth_type);
+ if (it == registry.end()) {
+ // TODO(Li Shuxu): Fallback to default auth manager implementations
+ return NotImplemented("Authentication type '{}' is not supported",
auth_type);
+ }
+
+ return it->second(name, properties);
+}
+
+} // namespace iceberg::rest::auth
diff --git a/src/iceberg/catalog/rest/auth/auth_managers.h
b/src/iceberg/catalog/rest/auth/auth_managers.h
new file mode 100644
index 00000000..6f771ffc
--- /dev/null
+++ b/src/iceberg/catalog/rest/auth/auth_managers.h
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#pragma once
+
+#include <functional>
+#include <memory>
+#include <string>
+#include <string_view>
+#include <unordered_map>
+
+#include "iceberg/catalog/rest/auth/auth_manager.h"
+#include "iceberg/catalog/rest/iceberg_rest_export.h"
+#include "iceberg/result.h"
+
+/// \file iceberg/catalog/rest/auth/auth_managers.h
+/// \brief Factory for creating authentication managers.
+
+namespace iceberg::rest::auth {
+
+/// \brief Function that creates an AuthManager from its name.
+///
+/// \param name Name of the auth manager.
+/// \param properties Properties required by the auth manager.
+/// \return Newly created manager instance or an error if creation fails.
+using AuthManagerFactory = std::function<Result<std::unique_ptr<AuthManager>>(
+ std::string_view name,
+ const std::unordered_map<std::string, std::string>& properties)>;
+
+/// \brief Registry-backed factory for AuthManager implementations.
+class ICEBERG_REST_EXPORT AuthManagers {
+ public:
+ /// \brief Load a manager by consulting the "rest.auth.type" configuration.
+ ///
+ /// \param name Name of the auth manager.
+ /// \param properties Catalog properties used to determine auth type.
+ /// \return Manager instance or an error if no factory matches.
+ static Result<std::unique_ptr<AuthManager>> Load(
+ std::string_view name,
+ const std::unordered_map<std::string, std::string>& properties);
+
+ /// \brief Register or override the factory for a given auth type.
+ ///
+ /// This method is not thread-safe. All registrations should be done during
+ /// application startup before any concurrent access to Load().
+ ///
+ /// \param auth_type Case-insensitive type identifier (e.g., "basic").
+ /// \param factory Factory function that produces the manager.
+ static void Register(std::string_view auth_type, AuthManagerFactory factory);
+};
+
+} // namespace iceberg::rest::auth
diff --git a/src/iceberg/catalog/rest/auth/auth_properties.h
b/src/iceberg/catalog/rest/auth/auth_properties.h
new file mode 100644
index 00000000..e14b7fcf
--- /dev/null
+++ b/src/iceberg/catalog/rest/auth/auth_properties.h
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <string_view>
+
+/// \file iceberg/catalog/rest/auth/auth_properties.h
+/// \brief Property keys and constants for REST catalog authentication.
+
+namespace iceberg::rest::auth {
+
+/// \brief Property keys and constants for authentication configuration.
+///
+/// This struct defines all the property keys used to configure authentication
+/// for the REST catalog. It follows the same naming conventions as Java
Iceberg.
+struct AuthProperties {
+ /// \brief Property key for specifying the authentication type.
+ inline static const std::string kAuthType = "rest.auth.type";
+ /// \brief Authentication type: no authentication.
+ inline static const std::string kAuthTypeNone = "none";
+ /// \brief Authentication type: HTTP Basic authentication.
+ inline static const std::string kAuthTypeBasic = "basic";
+ /// \brief Authentication type: OAuth2 authentication.
+ inline static const std::string kAuthTypeOAuth2 = "oauth2";
+ /// \brief Authentication type: AWS SigV4 authentication.
+ inline static const std::string kAuthTypeSigV4 = "sigv4";
+
+ /// \brief Property key for Basic auth username.
+ inline static const std::string kBasicUsername = "rest.auth.basic.username";
+ /// \brief Property key for Basic auth password.
+ inline static const std::string kBasicPassword = "rest.auth.basic.password";
+
+ /// \brief Property key for OAuth2 token (bearer token).
+ inline static const std::string kOAuth2Token = "token";
+ /// \brief Property key for OAuth2 credential (client_id:client_secret).
+ inline static const std::string kOAuth2Credential = "credential";
+ /// \brief Property key for OAuth2 scope.
+ inline static const std::string kOAuth2Scope = "scope";
+ /// \brief Property key for OAuth2 server URI.
+ inline static const std::string kOAuth2ServerUri = "oauth2-server-uri";
+ /// \brief Property key for enabling token refresh.
+ inline static const std::string kOAuth2TokenRefreshEnabled =
"token-refresh-enabled";
+ /// \brief Default OAuth2 scope for catalog operations.
+ inline static const std::string kOAuth2DefaultScope = "catalog";
+
+ /// \brief Property key for SigV4 region.
+ inline static const std::string kSigV4Region = "rest.auth.sigv4.region";
+ /// \brief Property key for SigV4 service name.
+ inline static const std::string kSigV4Service = "rest.auth.sigv4.service";
+ /// \brief Property key for SigV4 delegate auth type.
+ inline static const std::string kSigV4DelegateAuthType =
+ "rest.auth.sigv4.delegate-auth-type";
+};
+
+} // namespace iceberg::rest::auth
diff --git a/src/iceberg/catalog/rest/auth/auth_session.cc
b/src/iceberg/catalog/rest/auth/auth_session.cc
new file mode 100644
index 00000000..00ed946a
--- /dev/null
+++ b/src/iceberg/catalog/rest/auth/auth_session.cc
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "iceberg/catalog/rest/auth/auth_session.h"
+
+#include <utility>
+
+namespace iceberg::rest::auth {
+
+namespace {
+
+/// \brief Default implementation that adds static headers to requests.
+class DefaultAuthSession : public AuthSession {
+ public:
+ explicit DefaultAuthSession(std::unordered_map<std::string, std::string>
headers)
+ : headers_(std::move(headers)) {}
+
+ Status Authenticate(std::unordered_map<std::string, std::string>& headers)
override {
+ for (const auto& [key, value] : headers_) {
+ headers.try_emplace(key, value);
+ }
+ return {};
+ }
+
+ private:
+ std::unordered_map<std::string, std::string> headers_;
+};
+
+} // namespace
+
+std::shared_ptr<AuthSession> AuthSession::MakeDefault(
+ std::unordered_map<std::string, std::string> headers) {
+ return std::make_shared<DefaultAuthSession>(std::move(headers));
+}
+
+} // namespace iceberg::rest::auth
diff --git a/src/iceberg/catalog/rest/auth/auth_session.h
b/src/iceberg/catalog/rest/auth/auth_session.h
new file mode 100644
index 00000000..d81b3d93
--- /dev/null
+++ b/src/iceberg/catalog/rest/auth/auth_session.h
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#pragma once
+
+#include <memory>
+#include <string>
+#include <unordered_map>
+
+#include "iceberg/catalog/rest/iceberg_rest_export.h"
+#include "iceberg/result.h"
+
+/// \file iceberg/catalog/rest/auth/auth_session.h
+/// \brief Authentication session interface for REST catalog.
+
+namespace iceberg::rest::auth {
+
+/// \brief An authentication session that can authenticate outgoing HTTP
requests.
+class ICEBERG_REST_EXPORT AuthSession {
+ public:
+ virtual ~AuthSession() = default;
+
+ /// \brief Authenticate the given request headers.
+ ///
+ /// This method adds authentication information (e.g., Authorization header)
+ /// to the provided headers map. The implementation should be idempotent.
+ ///
+ /// \param[in,out] headers The headers map to add authentication information
to.
+ /// \return Status indicating success or one of the following errors:
+ /// - AuthenticationFailed: General authentication failure (invalid
credentials,
+ /// etc.)
+ /// - TokenExpired: Authentication token has expired and needs
refresh
+ /// - NotAuthorized: Not authenticated (401)
+ /// - IOError: Network or connection errors when reaching auth server
+ /// - RestError: HTTP errors from authentication service
+ virtual Status Authenticate(std::unordered_map<std::string, std::string>&
headers) = 0;
+
+ /// \brief Close the session and release any resources.
+ ///
+ /// This method is called when the session is no longer needed. For stateful
+ /// sessions (e.g., OAuth2 with token refresh), this should stop any
background
+ /// threads and release resources.
+ ///
+ /// \return Status indicating success or failure of closing the session.
+ virtual Status Close() { return {}; }
+
+ /// \brief Create a default session with static headers.
+ ///
+ /// This factory method creates a session that adds a fixed set of headers
to each
+ /// request. It is suitable for authentication methods that use static
credentials,
+ /// such as Basic auth or static bearer tokens.
+ ///
+ /// \param headers The headers to add to each request for authentication.
+ /// \return A new session that adds the given headers to requests.
+ static std::shared_ptr<AuthSession> MakeDefault(
+ std::unordered_map<std::string, std::string> headers);
+};
+
+} // namespace iceberg::rest::auth
diff --git a/src/iceberg/catalog/rest/meson.build
b/src/iceberg/catalog/rest/meson.build
index a914c7e2..aaff255e 100644
--- a/src/iceberg/catalog/rest/meson.build
+++ b/src/iceberg/catalog/rest/meson.build
@@ -16,6 +16,9 @@
# under the License.
iceberg_rest_sources = files(
+ 'auth/auth_manager.cc',
+ 'auth/auth_managers.cc',
+ 'auth/auth_session.cc',
'catalog_properties.cc',
'endpoint.cc',
'error_handlers.cc',
@@ -72,3 +75,13 @@ install_headers(
],
subdir: 'iceberg/catalog/rest',
)
+
+install_headers(
+ [
+ 'auth/auth_manager.h',
+ 'auth/auth_managers.h',
+ 'auth/auth_properties.h',
+ 'auth/auth_session.h',
+ ],
+ subdir: 'iceberg/catalog/rest/auth',
+)
diff --git a/src/iceberg/catalog/rest/type_fwd.h
b/src/iceberg/catalog/rest/type_fwd.h
index 9a57c11b..e7286105 100644
--- a/src/iceberg/catalog/rest/type_fwd.h
+++ b/src/iceberg/catalog/rest/type_fwd.h
@@ -35,3 +35,10 @@ class RestCatalog;
class RestCatalogProperties;
} // namespace iceberg::rest
+
+namespace iceberg::rest::auth {
+
+class AuthManager;
+class AuthSession;
+
+} // namespace iceberg::rest::auth
diff --git a/src/iceberg/result.h b/src/iceberg/result.h
index ddc428a2..223352f6 100644
--- a/src/iceberg/result.h
+++ b/src/iceberg/result.h
@@ -30,6 +30,7 @@ namespace iceberg {
/// \brief Error types for iceberg.
enum class ErrorKind {
kAlreadyExists,
+ kAuthenticationFailed,
kBadRequest,
kCommitFailed,
kCommitStateUnknown,
@@ -56,6 +57,7 @@ enum class ErrorKind {
kNotSupported,
kRestError,
kServiceUnavailable,
+ kTokenExpired,
kUnknownError,
kValidationFailed,
};
@@ -91,6 +93,7 @@ using Status = Result<void>;
}
DEFINE_ERROR_FUNCTION(AlreadyExists)
+DEFINE_ERROR_FUNCTION(AuthenticationFailed)
DEFINE_ERROR_FUNCTION(BadRequest)
DEFINE_ERROR_FUNCTION(CommitFailed)
DEFINE_ERROR_FUNCTION(CommitStateUnknown)
@@ -117,6 +120,7 @@ DEFINE_ERROR_FUNCTION(NotImplemented)
DEFINE_ERROR_FUNCTION(NotSupported)
DEFINE_ERROR_FUNCTION(RestError)
DEFINE_ERROR_FUNCTION(ServiceUnavailable)
+DEFINE_ERROR_FUNCTION(TokenExpired)
DEFINE_ERROR_FUNCTION(UnknownError)
DEFINE_ERROR_FUNCTION(ValidationFailed)