piyushdubey commented on code in PR #14065:
URL: https://github.com/apache/iceberg/pull/14065#discussion_r2373269906
##########
docs/docs/configuration.md:
##########
@@ -143,6 +143,30 @@ The properties can be manually constructed or passed in
from a compute engine li
Spark uses its session properties as catalog properties, see more details in
the [Spark configuration](spark-configuration.md#catalog-configuration) section.
Flink passes in catalog properties through `CREATE CATALOG` statement, see
more details in the [Flink](flink.md#adding-catalogs) section.
+### Catalog REST auth properties
+
+The following catalog properties configure authentication for the REST catalog.
+They support Basic, OAuth2, SigV4, and Google authentication, in addition to
the default none.
+
+### REST auth properties (from `AuthProperties`)
+
+| Property | Default | Description
|
+|--------------------------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
+| `rest.auth.type` | none | Authentication
mechanism for REST catalog access. Supported values: `none`, `basic`, `oauth2`,
`sigv4`, `google`. |
+| `rest.auth.basic.username` | null | Username for Basic
authentication. Required if `rest.auth.type` = `basic`.
|
+| `rest.auth.basic.password` | null | Password for Basic
authentication. Required if `rest.auth.type` is `basic`.
|
+| `rest.auth.credential` | null | Credential string
(client_id:client_secret) exchanged for a token in the OAuth2
client-credentials flow. Required if `rest.auth.type` = `oauth2`. |
+| `rest.auth.sigv4.delegate-auth-type` | `oauth2` | Auth type to
delegate to after SigV4 signing. Defaults to `oauth2`.
|
+| `oauth2-server-uri` | null | OAuth2 token
endpoint URI. Required if the REST catalog is not the OAuth2 authentication
server. Required if `rest.auth.type` = `oauth2`. |
+| `token-expires-in-ms` | 3600000 (1 hour) | Time in
milliseconds after which a bearer token is considered expired. Used to decide
when to refresh or re-exchange a token. |
+| `token-refresh-enabled` | true | Determines whether
tokens are automatically refreshed when expiration details are available.
|
+| `token-exchange-enabled` | true | Determines whether
to exchange tokens to acquire new tokens.
|
+| `scope` | null | Additional scope
for `oauth2`.
|
+| `audience` | null | Optional param
`audience` for `oauth2`.
|
+| `resource` | null | Optional param
`resource` for `oauth2`.
|
+| `catalog` | null | Scope string(s)
used when requesting `oauth2` tokens for the Iceberg REST catalog.
|
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
