(iceberg-python) branch main updated: REST: Set access delegation (#1033)

[fokko]

This is an automated email from the ASF dual-hosted git repository.

fokko pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iceberg-python.git


The following commit(s) were added to refs/heads/main by this push:
     new ef5c6ef6 REST: Set access delegation (#1033)
ef5c6ef6 is described below

commit ef5c6ef6dcb251b348df5f825d562144b0056f5d
Author: Guilherme Torres Castro <1149991+guitcas...@users.noreply.github.com>
AuthorDate: Wed Nov 6 05:37:25 2024 -0300

    REST: Set access delegation (#1033)
    
    * s3_signer_endpoint
    
    * prune any trailing whitespaces
    
    Co-authored-by: Fokko Driesprong <fo...@apache.org>
    
    * fallback to default value instead of "endpoint" property
    
    Co-authored-by: Fokko Driesprong <fo...@apache.org>
    
    * fix test_s3v4_rest_signer_endpoint
    
    * Fix missing backtick
    
    Co-authored-by: Fokko Driesprong <fo...@apache.org>
    
    * create access_delegation property
    
    * rename S3_SIGNER_ENDPOINT_DEFAULT_VALUE to S3_SIGNER_ENDPOINT_DEFAULT
    
    * fix s3.signer.endpoint docs
    
    * fk typo in signer
    
    * fix fmt
    
    * rename ACCESS_DELEGATION_DEFAULT_VALUE to ACCESS_DELEGATION_DEFAULT
    
    * rename access_delegation to access-delegation
    
    * fix grammar
    
    Co-authored-by: Sung Yun <107272191+sun...@users.noreply.github.com>
    
    * Suggestions for #1033
    
    ---------
    
    Co-authored-by: guilhermecastro <guilherme.cas...@protonmail.com>
    Co-authored-by: Fokko Driesprong <fo...@apache.org>
    Co-authored-by: Sung Yun <107272191+sun...@users.noreply.github.com>
    Co-authored-by: Edgar Ramírez-Mondragón <edgarrm...@gmail.com>
---
 pyiceberg/catalog/rest.py  |  3 ++-
 tests/catalog/test_rest.py | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/pyiceberg/catalog/rest.py b/pyiceberg/catalog/rest.py
index 7c5d774c..bcfa46b7 100644
--- a/pyiceberg/catalog/rest.py
+++ b/pyiceberg/catalog/rest.py
@@ -112,6 +112,7 @@ class IdentifierKind(Enum):
     VIEW = "view"
 
 
+ACCESS_DELEGATION_DEFAULT = "vended-credentials"
 AUTHORIZATION_HEADER = "Authorization"
 BEARER_PREFIX = "Bearer"
 CATALOG_SCOPE = "catalog"
@@ -556,7 +557,7 @@ class RestCatalog(Catalog):
         session.headers["Content-type"] = "application/json"
         session.headers["X-Client-Version"] = ICEBERG_REST_SPEC_VERSION
         session.headers["User-Agent"] = f"PyIceberg/{__version__}"
-        session.headers["X-Iceberg-Access-Delegation"] = "vended-credentials"
+        session.headers.setdefault("X-Iceberg-Access-Delegation", 
ACCESS_DELEGATION_DEFAULT)
 
     def _extract_headers_from_properties(self) -> Dict[str, str]:
         return {key[len(HEADER_PREFIX) :]: value for key, value in 
self.properties.items() if key.startswith(HEADER_PREFIX)}
diff --git a/tests/catalog/test_rest.py b/tests/catalog/test_rest.py
index f05e15df..9d75154a 100644
--- a/tests/catalog/test_rest.py
+++ b/tests/catalog/test_rest.py
@@ -60,6 +60,7 @@ TEST_HEADERS = {
     "X-Client-Version": "0.14.1",
     "User-Agent": f"PyIceberg/{pyiceberg.__version__}",
     "Authorization": f"Bearer {TEST_TOKEN}",
+    "X-Iceberg-Access-Delegation": "vended-credentials",
 }
 OAUTH_TEST_HEADERS = {
     "Content-type": "application/x-www-form-urlencoded",
@@ -708,6 +709,38 @@ def test_load_table_200(rest_mock: Mocker, 
example_table_metadata_with_snapshot_
     assert actual == expected
 
 
+def test_load_table_honor_access_delegation(
+    rest_mock: Mocker, example_table_metadata_with_snapshot_v1_rest_json: 
Dict[str, Any]
+) -> None:
+    test_headers_with_remote_signing = {**TEST_HEADERS, 
"X-Iceberg-Access-Delegation": "remote-signing"}
+    rest_mock.get(
+        f"{TEST_URI}v1/namespaces/fokko/tables/table",
+        json=example_table_metadata_with_snapshot_v1_rest_json,
+        status_code=200,
+        request_headers=test_headers_with_remote_signing,
+    )
+    # catalog = RestCatalog("rest", **{"uri": TEST_URI, "token": TEST_TOKEN, 
"access-delegation": "remote-signing"})
+    catalog = RestCatalog(
+        "rest",
+        **{
+            "uri": TEST_URI,
+            "token": TEST_TOKEN,
+            "header.X-Iceberg-Access-Delegation": "remote-signing",
+        },
+    )
+    actual = catalog.load_table(("fokko", "table"))
+    expected = Table(
+        identifier=("fokko", "table"),
+        
metadata_location=example_table_metadata_with_snapshot_v1_rest_json["metadata-location"],
+        
metadata=TableMetadataV1(**example_table_metadata_with_snapshot_v1_rest_json["metadata"]),
+        io=load_file_io(),
+        catalog=catalog,
+    )
+    # First compare the dicts
+    assert actual.metadata.model_dump() == expected.metadata.model_dump()
+    assert actual == expected
+
+
 def test_load_table_from_self_identifier_200(
     rest_mock: Mocker, example_table_metadata_with_snapshot_v1_rest_json: 
Dict[str, Any]
 ) -> None: