mkuznets opened a new pull request, #744: URL: https://github.com/apache/iceberg-go/pull/744
## Summary * Remove `s3.signer.uri` from the list of unsupported properties. * Instead, only error when `s3.remote-signing-enabled` is explicitly set to `true` (which requires a remote signing implementation that doesn't exist yet). * When `s3.remote-signing-enabled` is absent or `false`, `s3.signer.uri` is silently ignored - matching the behavior of the [Java implementation](https://github.com/apache/iceberg/blob/de3125afe64fc2b171a52b6e884c72f901e3cba1/aws/src/main/java/org/apache/iceberg/aws/s3/S3FileIOProperties.java#L294-L296). ## Motivation The [REST Catalog spec](https://github.com/apache/iceberg/blob/de3125afe64fc2b171a52b6e884c72f901e3cba1/open-api/rest-catalog-open-api.yaml#L3472-L3480) defines `s3.remote-signing-enabled` as the flag that controls whether remote signing is active (`LoadTableResult` schema). The `s3.signer.uri` property is a configuration detail for the signer endpoint, not a trigger for signing itself. Specifically, the [R2 Data Catalog](https://developers.cloudflare.com/r2/data-catalog/) includes `s3.signer.uri` in the /v1/config response but returns `s3.remote-signing-enabled: false` when loading a table and works fine with vended credentials. Since iceberg-go treats `s3.signer.uri` as unsupported and fails immediately, connecting to an R2 Data Catalog using just the Catalog URI and token is not possible. A workaround exists that involves passing the S3 endpoint and keys directly, but it's not ideal since it requires managing additional credentials. <details> <summary>Workaround with explicit S3 credentials</summary> ```go cat, err := rest.NewCatalog( ctx, "r2-catalog", catalogURI, rest.WithWarehouseLocation(warehouse), rest.WithOAuthToken(token), rest.WithAdditionalProps(iceberg.Properties{ "s3.endpoint": s3Endpoint, "s3.access-key-id": accessKeyID, "s3.secret-access-key": secretAccessKey, "s3.region": "auto", }), ) ``` </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
