[
https://issues.apache.org/jira/browse/HIVE-29038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17985207#comment-17985207
]
Butao Zhang commented on HIVE-29038:
------------------------------------
Basically, I tend to prefer using a generic configuration, such as
`metastore.catalog.servlet.auth`.
There are two main reasons for this:
First, the Rest catalog server is just a part of the capabilities of HMS. HMS
can also serve as an entry point for other external catalogs in the future. Of
course, although we can create a separate configuration for the Iceberg Rest
catalog, it is well known that there are too many configurations in HMS, which
can cause confusion for users. Therefore, if we can solve multiple similar
problems with fewer configurations, I think it is better.
The second: If we use the generic authentication configuration, this
configuration may support JWT, OAUTH, and Simple. However, for the Iceberg REST
catalog, we can only implement the OAUTH authentication method. We can clearly
state in the configuration that the Iceberg REST catalog server endpoint only
supports Simple.
BTW, the attempts related to the hms rest catalog have only just begun, and as
the code is being developed, there will be significant new developments and
ideas regarding this discussion in the future. So, if the current configuration
of your task is reasonable, then let's just do it. :)
> Conclude if we should consolidate authentication methods of REST
> ----------------------------------------------------------------
>
> Key: HIVE-29038
> URL: https://issues.apache.org/jira/browse/HIVE-29038
> Project: Hive
> Issue Type: Improvement
> Components: Standalone Metastore
> Reporter: Shohei Okumiya
> Priority: Major
> Labels: hive-4.1.0-must
>
> We're developing the minimal viable product of Iceberg REST API on Hive
> Metastore. As part of this effort, we discussed the possibility of having a
> unified authentication property for all REST use cases.
> [https://github.com/apache/hive/pull/5870]
>
> In short, we are providing `metastore.iceberg.catalog.servlet.auth` to allow
> users to configure their preferred authentication method for Iceberg REST
> Catalog. There is an opinion that this property should be more generic, e.g.,
> `metastore.catalog.servlet.auth`, so that they can configure the
> authentication methods of all REST endpoints with a single property. The "all
> REST endpoints" mostly means the future proposal to provide a new unified
> metastore APIs such as Unity Catalog.
>
> Definition of Done. We want to conclude how to expose the authentication
> method for Iceberg REST API by the 4.1.0 release. If the conclusion is the
> consolidation, we will rename `metastore.iceberg.catalog.servlet.auth` into
> the new name. If the conclusion is separation, we will close this ticket
> without any changes. If we can not conclude, we will probably offer the
> Iceberg REST API as experimental in 4.1.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
