sachinnn99 opened a new pull request, #10693: URL: https://github.com/apache/gravitino/pull/10693
### What changes were proposed in this pull request? Add `X-Iceberg-Access-Delegation` header support to the `registerTable` endpoint, enabling credential vending in the response. This follows the existing pattern from `createTable` and `loadTable`. Changes: - Add `@HeaderParam(X_ICEBERG_ACCESS_DELEGATION)` to `registerTable` in `IcebergNamespaceOperations` - Pass `isCredentialVending` to `IcebergRequestContext` so credential injection is triggered - Add 3-arg `registerTable` overload in `CatalogWrapperForREST` with credential injection - Update `IcebergNamespaceOperationExecutor` to pass the credential vending flag - Widen `isCredentialVending` visibility in `IcebergTableOperations` for cross-class reuse ### Why are the changes needed? The Iceberg REST spec defines the `X-Iceberg-Access-Delegation` header as a valid parameter on the `registerTable` endpoint, but the current implementation does not support it. Clients that register a table and immediately attempt to read its data cannot use vended credentials from the registration response — they must make a separate `loadTable` call. Fix: #10684 ### Does this PR introduce _any_ user-facing change? Yes. The `registerTable` REST endpoint now accepts the `X-Iceberg-Access-Delegation` header and returns vended credentials in the response config when requested. This is backward compatible — clients that do not send the header get existing behavior. ### How was this patch tested? Added unit tests in `TestIcebergNamespaceOperations`: - `testRegisterTableWithCredentialVending` — verifies credential vending with local (no vend) and S3 (vend) locations - `testRegisterTableRemoteSigningNotSupported` — verifies 406 response for `remote-signing` - `testRegisterTableInvalidAccessDelegation` — verifies 400 response for invalid header values All existing tests pass with no regressions (`TestIcebergNamespaceOperations`, `TestIcebergTableOperations`). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
