okumin commented on code in PR #5870:
URL: https://github.com/apache/hive/pull/5870#discussion_r2155928298
##########
standalone-metastore/metastore-common/src/main/java/org/apache/hadoop/hive/metastore/conf/MetastoreConf.java:
##########
@@ -1867,7 +1867,7 @@ public enum ConfVars {
" positive value will be used as-is."
),
ICEBERG_CATALOG_SERVLET_AUTH("metastore.iceberg.catalog.servlet.auth",
- "hive.metastore.iceberg.catalog.servlet.auth", "jwt", new
StringSetValidator("simple", "jwt"),
+ "hive.metastore.iceberg.catalog.servlet.auth", "jwt", new
StringSetValidator("none", "simple", "jwt"),
Review Comment:
I'd like to follow your take if you have such a context. I'd be more than
happy if you had the summary of the vision :) > it's intended for use by the
HMS RestCatalog (aka UnityCatalog) serving federated metadata (including Hive
external and ACID tables)
Anyway, I would like the conclusion here. This is the summary I have.
| Service | AuthN supported by clients | users |
|-|-|-|
| HMS(HTTP) | NONE(probably, like a SIMPLE), JWT | Hive, etc. |
| Properties API | SIMPLE, JWT | (Who uses it?) |
| Iceberg REST | NONE, OAuth 2.0 | Icebrerg clients |
| UnityCatalog | OAuth 2.0? | Databricks, etc. |
What should we support in `metastore.rest-catalog.authentication`? Having
the union is likely a conclusion. I'm concerned that some clients can't support
an arbitrary protocol because some of them are out of our control.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
