corleyma commented on code in PR #2055:
URL: https://github.com/apache/iceberg-python/pull/2055#discussion_r2214822904
##########
tests/catalog/test_rest.py:
##########
@@ -1519,6 +1519,131 @@ def test_request_session_with_ssl_client_cert() -> None:
assert "Could not find the TLS certificate file, invalid path:
path_to_client_cert" in str(e.value)
+def test_rest_catalog_with_basic_auth_type() -> None:
+ # Given
+ catalog_properties = {
+ "uri": TEST_URI,
+ "auth": {
+ "type": "basic",
+ "basic": {
+ "username": "one",
+ },
+ },
+ }
+ with pytest.raises(TypeError) as e:
+ # Missing namespace
+ RestCatalog("rest", **catalog_properties) # type: ignore
+ assert "__init__() missing 1 required positional argument: 'password'" in
str(e.value)
+
+
+def test_rest_catalog_with_custom_auth_type() -> None:
Review Comment:
could imagine doing a version of this test that specifies the basic auth as
the implementation and just verifies that the custom implementation is actually
used/that properties specified for custom are actually passed to the
implementation.
##########
mkdocs/docs/configuration.md:
##########
@@ -374,6 +374,94 @@ Specific headers defined by the RESTCatalog spec include:
| ------------------------------------ | -------------------------------------
| -------------------- |
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
| `header.X-Iceberg-Access-Delegation` | `{vended-credentials,remote-signing}`
| `vended-credentials` | Signal to the server that the client supports
delegated access via a comma-separated list of access mechanisms. The server
may choose to supply access via any or none of the requested mechanisms |
+#### Authentication in RESTCatalog
+
+The RESTCatalog supports pluggable authentication via the `auth` configuration
block. This allows you to specify which how the access token will be fetched
and managed for use with the HTTP requests to the RESTCatalog server. The
authentication method is selected by setting the `auth.type` property, and
additional configuration can be provided as needed for each method.
+
+##### Supported Authentication Types
+
+- `noop`: No authentication (no Authorization header sent).
+- `basic`: HTTP Basic authentication.
+- `oauth2`: OAuth2 client credentials flow.
+- `legacyoauth2`: Legacy OAuth2 client credentials flow (Deprecated and will
be removed in PyIceberg 1.0.0)
+- `custom`: Custom authentication manager (requires `auth.impl`).
+
+##### Configuration Properties
+
+The `auth` block is structured as follows:
+
+```yaml
+catalog:
+ default:
+ type: rest
+ uri: http://rest-catalog/ws/
+ auth:
+ type: <auth_type>
+ <auth_type>:
+ # Type-specific configuration
+ impl: <custom_class_path> # Only for custom auth
+```
+
+**Property Reference:**
+
+| Property | Required | Description
|
+|------------------|----------|-------------------------------------------------------------------------------------------------|
+| `auth.type` | Yes | The authentication type to use (`noop`,
`basic`, `oauth2`, or `custom`). |
Review Comment:
on review I was debating the necessity of a separate type config given an
impl option, but I can see the appeal (we are free to change the implementation
referred to by a given type).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
