ChangxingJiang commented on issue #2544: URL: https://github.com/apache/iceberg-python/issues/2544#issuecomment-3540095635
> hey folks, thanks for reporting this. > > I'm trying to understand why "token" is needed for the file io call. My understanding here is that "token" is used to auth against the catalog server, the REST catalog. > > Is this because the token is needed to auth against the remote signing endpoint? > > [iceberg-python/pyiceberg/io/fsspec.py](https://github.com/apache/iceberg-python/blob/a793fe59223c3d193d561ce036d8631694619f74/pyiceberg/io/fsspec.py#L124-L130) > > Lines 124 to 130 in [a793fe5](/apache/iceberg-python/commit/a793fe59223c3d193d561ce036d8631694619f74) > > signer_url = self.properties.get(S3_SIGNER_URI, self.properties[URI]).rstrip("/") # type: ignore > signer_endpoint = self.properties.get(S3_SIGNER_ENDPOINT, S3_SIGNER_ENDPOINT_DEFAULT) > > signer_headers = {} > if token := self.properties.get(TOKEN): > signer_headers = {"Authorization": f"Bearer {token}"} > signer_headers.update(get_header_properties(self.properties)) Yes, in LakeKeeper, this token is used not only for authenticating with the REST Catalog but also for authentication with the remote-signing endpoint. I can temporarily work around it using the following method. ```python catalog = load_catalog(...) from pyiceberg.catalog.rest import TOKEN catalog.properties[TOKEN] = access_token ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
