joyhaldar commented on code in PR #14447:
URL: https://github.com/apache/iceberg/pull/14447#discussion_r2486991969
##########
gcp/src/main/java/org/apache/iceberg/gcp/gcs/PrefixedStorage.java:
##########
@@ -67,15 +74,41 @@ class PrefixedStorage implements AutoCloseable {
// Google Cloud APIs default to automatically detect the
credentials to use, which is
// in most cases the convenient way, especially in GCP.
// See javadoc of
com.google.auth.oauth2.GoogleCredentials.getApplicationDefault()
+
+ // Configure authentication based on available properties
if (gcpProperties.noAuth()) {
// Explicitly allow "no credentials" for testing purposes
builder.setCredentials(NoCredentials.getInstance());
- }
-
- if (gcpProperties.oauth2Token().isPresent()) {
+ } else if (gcpProperties.oauth2Token().isPresent()) {
this.closeableGroup = new CloseableGroup();
builder.setCredentials(
GCPAuthUtils.oauth2CredentialsFromGcpProperties(gcpProperties, closeableGroup));
+ } else if (gcpProperties.impersonateServiceAccount().isPresent()) {
Review Comment:
Thanks for pointing this out! Added tests for the impersonation path:
- impersonationPropertiesAreRead() - Verifies all impersonation properties
- impersonationPropertiesWithDefaults() - Verifies defaults work
Also tested end to end with actual GCP projects to confirm credential
creation works.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
