Sbaia commented on code in PR #59893:
URL: https://github.com/apache/doris/pull/59893#discussion_r2707258485
##########
fe/fe-core/src/main/java/org/apache/doris/datasource/property/metastore/IcebergRestProperties.java:
##########
@@ -164,6 +166,27 @@ public class IcebergRestProperties extends
AbstractIcebergProperties {
description = "Socket timeout in milliseconds for the REST catalog
HTTP client. Default: 60000 (60s).")
private String icebergRestSocketTimeoutMs = "60000";
+ @ConnectorProperty(names = {"iceberg.rest.credentials-provider-type"},
+ required = false,
+ description = "The AWS credentials provider type for REST catalog
authentication. "
+ + "Options: DEFAULT, ENV, SYSTEM_PROPERTIES, WEB_IDENTITY,
CONTAINER, INSTANCE_PROFILE. "
+ + "When explicit credentials
(access-key-id/secret-access-key) are provided, they take precedence. "
+ + "When no explicit credentials are provided, this
determines how credentials are resolved.")
+ private String icebergRestCredentialsProviderType = "";
+
+ @ConnectorProperty(names = {"iceberg.rest.assume-role.arn", "s3.role_arn"},
+ required = false,
+ description = "The IAM role ARN to assume for cross-account
access. "
+ + "When set, uses STS AssumeRole to get temporary
credentials.")
+ private String icebergRestAssumeRoleArn = "";
+
+ @ConnectorProperty(names = {"iceberg.rest.assume-role.external-id",
"s3.external_id"},
+ required = false,
+ description = "The external ID for STS AssumeRole, used for
cross-account access security.")
+ private String icebergRestAssumeRoleExternalId = "";
+
+ private AwsCredentialsProviderMode awsCredentialsProviderMode;
+
Review Comment:
Thanks for the suggestion! I've refactored `IcebergRestProperties` to use
`S3Properties` for unified credential handling, following the same pattern as
`IcebergS3TablesMetaStoreProperties`.
**Changes made:**
- Added `S3Properties s3Properties` field, initialized via
`S3Properties.of(origProps)` in `initNormalizeAndCheckProps()`
- Removed the dedicated `icebergRestAccessKeyId` and
`icebergRestSecretAccessKey` `@ConnectorProperty` fields
- Updated `addGlueRestCatalogProperties()` to get credentials from
`s3Properties.getAccessKey()` and `s3Properties.getSecretKey()`
**Benefits:**
- Unified property handling across REST catalog and S3Tables catalog
- Users can now use either `iceberg.rest.access-key-id` or `s3.access_key`
(and other S3Properties aliases) for credentials
- Explicit credentials are optional - the code gracefully falls back to
assume role or credentials provider
Updated tests to verify the new unified handling behavior.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
