JingsongLi commented on code in PR #7100:
URL: https://github.com/apache/paimon/pull/7100#discussion_r2739646095
##########
docs/content/concepts/rest/dlf.md:
##########
@@ -115,3 +115,59 @@ WITH (
-- 'dlf.token-ecs-role-name' = 'my_ecs_role_name'
);
```
+
+## Signing Algorithm Configuration
+
+Paimon supports multiple signing algorithms for DLF authentication. You can
configure the signing algorithm explicitly,
+or let Paimon automatically select it based on the endpoint host.
+
+### Automatic Selection (Recommended)
+
+By default, Paimon automatically selects the appropriate signing algorithm
based on the endpoint URI:
+
+- **DLF endpoints** (e.g., `cn-hangzhou-vpc.dlf.aliyuncs.com`): Automatically
uses `dlf-default`
+ (backward compatible). Recommended for VPC environments with better
performance.
+- **OpenAPI endpoints** (e.g., `dlfnext.cn-hangzhou.aliyuncs.com`):
Automatically uses
+ `dlf-openapi` for DlfNext/2026-01-18 OpenAPI. Supports public network access
through Alibaba Cloud API infrastructure
+ for special scenarios.
+
+```sql
+CREATE CATALOG `paimon-rest-catalog`
+WITH (
+ 'type' = 'paimon',
+ 'uri' = 'https://dlfnext.cn-hangzhou.aliyuncs.com', -- Auto-detected as
dlf-openapi
+ 'metastore' = 'rest',
+ 'warehouse' = 'my_instance_name',
+ 'token.provider' = 'dlf',
+ 'dlf.access-key-id'='<access-key-id>',
+ 'dlf.access-key-secret'='<access-key-secret>'
+ -- 'dlf.signing-algorithm' is not set, will be auto-detected
+);
+```
+
+### Explicit Configuration
+
Review Comment:
Explain why this is needed? Public network support? Cross-VPC support?
##########
docs/content/concepts/rest/dlf.md:
##########
@@ -115,3 +115,59 @@ WITH (
-- 'dlf.token-ecs-role-name' = 'my_ecs_role_name'
);
```
+
+## Signing Algorithm Configuration
+
+Paimon supports multiple signing algorithms for DLF authentication. You can
configure the signing algorithm explicitly,
+or let Paimon automatically select it based on the endpoint host.
+
+### Automatic Selection (Recommended)
+
+By default, Paimon automatically selects the appropriate signing algorithm
based on the endpoint URI:
+
+- **DLF endpoints** (e.g., `cn-hangzhou-vpc.dlf.aliyuncs.com`): Automatically
uses `dlf-default`
+ (backward compatible). Recommended for VPC environments with better
performance.
+- **OpenAPI endpoints** (e.g., `dlfnext.cn-hangzhou.aliyuncs.com`):
Automatically uses
+ `dlf-openapi` for DlfNext/2026-01-18 OpenAPI. Supports public network access
through Alibaba Cloud API infrastructure
+ for special scenarios.
+
+```sql
+CREATE CATALOG `paimon-rest-catalog`
+WITH (
+ 'type' = 'paimon',
+ 'uri' = 'https://dlfnext.cn-hangzhou.aliyuncs.com', -- Auto-detected as
dlf-openapi
+ 'metastore' = 'rest',
+ 'warehouse' = 'my_instance_name',
+ 'token.provider' = 'dlf',
+ 'dlf.access-key-id'='<access-key-id>',
+ 'dlf.access-key-secret'='<access-key-secret>'
+ -- 'dlf.signing-algorithm' is not set, will be auto-detected
+);
+```
+
+### Explicit Configuration
Review Comment:
DLF OpenAPI Signing
##########
docs/content/concepts/rest/dlf.md:
##########
@@ -115,3 +115,59 @@ WITH (
-- 'dlf.token-ecs-role-name' = 'my_ecs_role_name'
);
```
+
+## Signing Algorithm Configuration
+
+Paimon supports multiple signing algorithms for DLF authentication. You can
configure the signing algorithm explicitly,
+or let Paimon automatically select it based on the endpoint host.
+
+### Automatic Selection (Recommended)
+
Review Comment:
Can you elaborate on the benefits of DLF-Default, such as high performance
and low latency?
Also the downside, only work for VPC?
##########
docs/content/concepts/rest/dlf.md:
##########
@@ -115,3 +115,59 @@ WITH (
-- 'dlf.token-ecs-role-name' = 'my_ecs_role_name'
);
```
+
+## Signing Algorithm Configuration
+
+Paimon supports multiple signing algorithms for DLF authentication. You can
configure the signing algorithm explicitly,
+or let Paimon automatically select it based on the endpoint host.
+
+### Automatic Selection (Recommended)
Review Comment:
DLF Default Signing (Recommended)
##########
docs/content/concepts/rest/dlf.md:
##########
@@ -115,3 +115,59 @@ WITH (
-- 'dlf.token-ecs-role-name' = 'my_ecs_role_name'
);
```
+
+## Signing Algorithm Configuration
+
+Paimon supports multiple signing algorithms for DLF authentication. You can
configure the signing algorithm explicitly,
+or let Paimon automatically select it based on the endpoint host.
+
+### Automatic Selection (Recommended)
+
+By default, Paimon automatically selects the appropriate signing algorithm
based on the endpoint URI:
+
+- **DLF endpoints** (e.g., `cn-hangzhou-vpc.dlf.aliyuncs.com`): Automatically
uses `dlf-default`
+ (backward compatible). Recommended for VPC environments with better
performance.
+- **OpenAPI endpoints** (e.g., `dlfnext.cn-hangzhou.aliyuncs.com`):
Automatically uses
+ `dlf-openapi` for DlfNext/2026-01-18 OpenAPI. Supports public network access
through Alibaba Cloud API infrastructure
+ for special scenarios.
+
+```sql
+CREATE CATALOG `paimon-rest-catalog`
+WITH (
+ 'type' = 'paimon',
+ 'uri' = 'https://dlfnext.cn-hangzhou.aliyuncs.com', -- Auto-detected as
dlf-openapi
+ 'metastore' = 'rest',
+ 'warehouse' = 'my_instance_name',
+ 'token.provider' = 'dlf',
+ 'dlf.access-key-id'='<access-key-id>',
+ 'dlf.access-key-secret'='<access-key-secret>'
+ -- 'dlf.signing-algorithm' is not set, will be auto-detected
Review Comment:
remove this, by default is `'dlf-default'`.
##########
paimon-api/src/main/java/org/apache/paimon/rest/RESTCatalogOptions.java:
##########
@@ -104,6 +104,15 @@ public class RESTCatalogOptions {
.noDefaultValue()
.withDescription("REST Catalog DLF OSS endpoint.");
+ public static final ConfigOption<String> DLF_SIGNING_ALGORITHM =
+ ConfigOptions.key("dlf.signing-algorithm")
+ .stringType()
+ .defaultValue("dlf-default")
Review Comment:
Just `default` and `openapi`?
##########
docs/content/concepts/rest/dlf.md:
##########
@@ -115,3 +115,59 @@ WITH (
-- 'dlf.token-ecs-role-name' = 'my_ecs_role_name'
);
```
+
+## Signing Algorithm Configuration
+
+Paimon supports multiple signing algorithms for DLF authentication. You can
configure the signing algorithm explicitly,
+or let Paimon automatically select it based on the endpoint host.
+
+### Automatic Selection (Recommended)
+
+By default, Paimon automatically selects the appropriate signing algorithm
based on the endpoint URI:
+
+- **DLF endpoints** (e.g., `cn-hangzhou-vpc.dlf.aliyuncs.com`): Automatically
uses `dlf-default`
+ (backward compatible). Recommended for VPC environments with better
performance.
+- **OpenAPI endpoints** (e.g., `dlfnext.cn-hangzhou.aliyuncs.com`):
Automatically uses
+ `dlf-openapi` for DlfNext/2026-01-18 OpenAPI. Supports public network access
through Alibaba Cloud API infrastructure
+ for special scenarios.
+
+```sql
+CREATE CATALOG `paimon-rest-catalog`
+WITH (
+ 'type' = 'paimon',
+ 'uri' = 'https://dlfnext.cn-hangzhou.aliyuncs.com', -- Auto-detected as
dlf-openapi
+ 'metastore' = 'rest',
+ 'warehouse' = 'my_instance_name',
+ 'token.provider' = 'dlf',
+ 'dlf.access-key-id'='<access-key-id>',
+ 'dlf.access-key-secret'='<access-key-secret>'
+ -- 'dlf.signing-algorithm' is not set, will be auto-detected
+);
+```
+
+### Explicit Configuration
+
+You can explicitly specify the signing algorithm:
+
+```sql
+CREATE CATALOG `paimon-rest-catalog`
+WITH (
+ 'type' = 'paimon',
+ 'uri' = '<catalog server url>',
+ 'metastore' = 'rest',
+ 'warehouse' = 'my_instance_name',
+ 'token.provider' = 'dlf',
+ 'dlf.access-key-id'='<access-key-id>',
+ 'dlf.access-key-secret'='<access-key-secret>',
+ 'dlf.signing-algorithm' = 'dlf-default' -- or 'dlf-openapi'
Review Comment:
'dlf.signing-algorithm' = 'openapi'
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
