The GitHub Actions job "Spark CI" on iceberg.git/pr/15417-S3SignerServlet has succeeded. Run started by GitHub user steveloughran (triggered by steveloughran).
Head commit for run: 9ae137da71c7d1be0f2adbaaa1cd414c6b55e274 / Steve Loughran <[email protected]> Merge in *part* of #15171 commit c43cb8c08f ---- AWS: Fix S3V4RestSignerClient cache key to include all request components The cache key for signed responses only included method, region, and URI, but not headers like `x-amz-content-sha256` that are part of the signature. This caused 403 errors when different content was uploaded to the same URI within the cache TTL. This fix uses the full `S3SignRequest` as the cache key. This is the only 100% safe option because we cannot know which headers the server will sign and which ones it will ignore; any header included in the signature *must* be part of the cache key. **This change reduces cache efficiency**; but that's the price to pay for correctness. ---- However, this version retains the SignedComponent design. What is different is: headers we consider acceptable to not-sign are not attached to the signing request, hence not to the cached entry. This means that * no need to worry about if the signer will/will-not sign those values * provides the correctness adutra needed: if a signed header changes, the cache will not retrieve a signature which will be rejected by the S3 endpoint Report URL: https://github.com/apache/iceberg/actions/runs/22682454146 With regards, GitHub Actions via GitBox
