rambleraptor commented on code in PR #14447:
URL: https://github.com/apache/iceberg/pull/14447#discussion_r2519831780
##########
bigquery/src/main/java/org/apache/iceberg/gcp/bigquery/BigQueryMetastoreCatalog.java:
##########
@@ -81,6 +85,7 @@ public BigQueryMetastoreCatalog() {}
@Override
public void initialize(String name, Map<String, String> properties) {
+
Review Comment:
nit: stray line
##########
bigquery/src/main/java/org/apache/iceberg/gcp/bigquery/DefaultBigQueryClientFactory.java:
##########
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.iceberg.gcp.bigquery;
+
+import com.google.cloud.ServiceOptions;
+import com.google.cloud.bigquery.BigQueryOptions;
+import java.util.Map;
+import org.apache.iceberg.relocated.com.google.common.base.Preconditions;
+
+/**
+ * Default BigQuery client factory that uses application default credentials.
+ *
+ * <p>This implementation uses Google's Application Default Credentials (ADC),
which automatically
+ * discovers credentials from the environment without requiring explicit
configuration.
+ *
+ * @see <a
+ *
href="https://cloud.google.com/docs/authentication/application-default-credentials";>Application
+ * Default Credentials</a>
+ */
+public class DefaultBigQueryClientFactory implements BigQueryClientFactory {
+ private String projectId;
+ private String location;
+
+ private static final String DEFAULT_LOCATION = "us";
Review Comment:
I'm personally not a huge fan of having a default location, but I'm happy to
be overridden.
##########
bigquery/src/main/java/org/apache/iceberg/gcp/bigquery/BigQueryMetastoreClientImpl.java:
##########
@@ -127,9 +128,21 @@ public BigQueryMetastoreClientImpl(BigQueryOptions options)
throws IOException, GeneralSecurityException {
// Initialize client that will be used to send requests. This client only
needs to be created
// once, and can be reused for multiple requests
- HttpCredentialsAdapter httpCredentialsAdapter =
- new HttpCredentialsAdapter(
-
GoogleCredentials.getApplicationDefault().createScoped(BigqueryScopes.all()));
+
+ // Get credentials from options, or use application default
+ GoogleCredentials credentials =
+ (options.getCredentials() instanceof GoogleCredentials)
+ ? (GoogleCredentials) options.getCredentials()
+ : GoogleCredentials.getApplicationDefault();
+
+ // Scope credentials unless already scoped (e.g., ImpersonatedCredentials)
+ GoogleCredentials scopedCredentials =
+ (credentials instanceof ImpersonatedCredentials)
+ ? credentials
+ : credentials.createScoped(BigqueryScopes.all());
Review Comment:
@talatuyarer Love your opinion on this:
I'm a little worried about defaulting this to use scopes.all() (even though
that's the current functionality). Scoping is a great way to force read-only
behavior at a lower-level.
##########
bigquery/src/main/java/org/apache/iceberg/gcp/bigquery/BigQueryMetastoreCatalog.java:
##########
@@ -63,6 +62,11 @@ public class BigQueryMetastoreCatalog extends
BaseMetastoreCatalog
public static final String GCP_LOCATION = "gcp.bigquery.location";
public static final String LIST_ALL_TABLES = "gcp.bigquery.list-all-tables";
+ public static final String CLIENT_FACTORY = "gcp.bigquery.client.factory";
+ private static final String GCS_IMPERSONATE_SERVICE_ACCOUNT =
"gcs.impersonate.service-account";
+ private static final String GCS_PROJECT_ID = "gcs.project-id";
Review Comment:
These 4 should have the gcp prefix instead of gcs. That matches your PR
example + keeps everything under the same namespace.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
