nastra opened a new pull request, #6169:
URL: https://github.com/apache/iceberg/pull/6169
This introduces an S3 REST signer client and defines a REST spec
(`s3-signer-open-api.yml`) for a server implementation. Below is a high-level
overview of the introduced changes:
* the main logic and functionality resides in the `S3V4RestSignerClient`
class
* it uses the same **credential/token** exchange flow as we have in
`RESTSessionCatalog` and also uses the same token refresh mechanism. In order
to achieve that, a few refactorings have been done in `RESTSessionCatalog` /
`OAuth2Util`.
* the default endpoint the signer connects to is `v1/aws/s3/sign` but can
be customized.
* The server decides which headers to sign and can indicate to the
`S3V4RestSignerClient` whether a response with signed headers can be cached by
sending a `Cache-Control: private` header
* `AwsProperties` introduce `s3.signer.class` that allows to dynamically
load an S3 Signer implementation and apply it when creating an S3 client. This
can be any Signer class that implements
`software.amazon.awssdk.core.signer.Signer`.
* `S3SignRequest` and `S3SignResponse` classes define how the request and
response looks like
* an `S3ObjectMapper` class has been introduced that is similar to
`RESTObjectMapper` but only contains what's necessary for the S3 REST signer,
which are the request/response classes with OAuth-related classes and error
handling.
* Testing is done by using `MinioContainer` (`TestContainers` + `MinIO`) in
`TestS3RestSigner`
* The `S3SignerServlet` defines the minimum amount of work that a
server-side implementation might have. It is by no means complete and only
serves the purpose of testing
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
