joyhaldar commented on PR #14447: URL: https://github.com/apache/iceberg/pull/14447#issuecomment-3505783062
> Is the service account impersonation support for the catalog, fileio, or both? > > I see there's already a [GoogleAuthManager class](https://github.com/apache/iceberg/blob/main/gcp/src/main/java/org/apache/iceberg/gcp/auth/GoogleAuthManager.java) for handling auth and google credential. It uses [GoogleCredentials.fromStream](https://github.com/apache/iceberg/blob/8da07dcae8ccf5ce1a0c61a7456413c1ce3b65fd/gcp/src/main/java/org/apache/iceberg/gcp/auth/GoogleAuthManager.java#L87) which already [supports ImpersonatedCredentials](https://github.com/googleapis/google-auth-library-java/blob/a65c22da2c93bdf33dcd98ece47ee6668d1ed32c/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java#L324-L326) > > Could we reuse the GoogleAuthManager to abstract away the auth details? Thank you for the comment, Kevin. The impersonation supports both BigQuery and GCS FileIO. Regarding GoogleAuthManager, I was under the impression that it's designed for REST Catalog authentication, while BigQueryMetastoreCatalog uses GoogleCredentials directly with GCP client libraries. That said, the credential loading logic could be shared. Would you prefer I extract that into a utility now, or handle it in a follow-up to keep this PR focused? Please let me know if I'm misunderstanding your suggestion. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
