Re: [I] [Feature][Glue Catalog] Add wrapper for providing Simple Glue Credentials when different from S3. [seatunnel]

Sat, 24 Jan 2026 18:38:13 -0800 


krutoileshii commented on issue #10392:
URL: https://github.com/apache/seatunnel/issues/10392#issuecomment-3795856433

   > Thanks for proposing this. A built-in static credentials provider for Glue 
Catalog (or compatible implementations like starburst-catalog) is reasonable.
   > 
   > The current Iceberg connector simply passes `iceberg.catalog.config` 
through to Iceberg via `CatalogUtil.buildIcebergCatalog` (see 
`IcebergCatalogLoader.java`). The docs only show `client.region` and do not 
cover static AK/SK or `client.credentials-provider`. There is no existing 
wrapper that constructs a static `AwsCredentialsProvider` from configuration 
properties (contrast with S3File connector, which exposes 
`access_key`/`secret_key` as first-class options).
   > 
   > A PR adding a provider like `StaticAwsCredentialsProvider` (implementing 
`AwsCredentialsProvider` with a `static create(Map<String,String>)` factory) 
under `connector-iceberg` would be a good addition, along with a docs example:
   > 
   > iceberg.catalog.config = {
   >   warehouse     = "s3://your-bucket/warehouse/"
   >   catalog-impl  = "org.apache.iceberg.aws.glue.GlueCatalog"
   >   io-impl       = "org.apache.iceberg.aws.s3.S3FileIO"
   >   client.region = "your-region"
   >   client.credentials-provider = 
"org.apache.seatunnel.connectors.seatunnel.iceberg.aws.StaticAwsCredentialsProvider"
   >   client.credentials-provider.access-key-id = "YOUR_ACCESS_KEY"
   >   client.credentials-provider.secret-access-key = "YOUR_SECRET_ACCESS_KEY"
   > }
   > A few clarifications for the PR scope:
   > 
   > 1. Do you need session token support, or is AK/SK sufficient?
   > 2. Should this be documented for both Sink and Source, or is Sink-only 
okay?
   > 3. For non-AWS Glue-compatible endpoints, are there other required props 
(e.g., `glue.id`) worth including in the docs example?
   
   These are also needed but only in the docs as they seem to be exposed 
already.
   
   glue.endpoint = 'YOUR_GLUE_ENDPOINT', 
   glue.id = "GLUE_CATALOG_ID" (starburst-glue)
   warehouse
   
   technically since these are catalog properties, they should apply to both 
sink and source. 
   
   
   I have no need for session token no do I have a way to test it.
   
   Also for class name, it is rather generic provider really for static aws 
creds. Might be good idea to drop glue prefix. 
    this could technically be reused in other places. 
   
   What are should I place this in the project?
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to