talatuyarer commented on issue #15414:
URL: https://github.com/apache/iceberg/issues/15414#issuecomment-3947100239
@astronautas
GoogleAuthManager is used to authenticate the catalog session itself (e.g.,
via ADC or a specific service account). While it helps the catalog client
authenticate with the REST Catalog, it does not automatically provide refresh
capability for the data storage tokens (GCS tokens) vended by the catalog.
GCSFileIO also does support refreshing vended credentials, but it must be
explicitly configured to use the
OAuth2RefreshCredentialsHandler. This handler knows how to call back to the
catalog to fetch new credentials.
The catalog return something like below on LoadTableResponse. Which Catalog
are you using ? BigLake ?
```json
{
"metadata": {
…
},
"metadata-location":
"gs://<BUCKET_NAME>/test/test_tbl/metadata/010001-69708c21-0000-2f5a-a177-883d24f815b8.metadata.json",
"storage-credentials": [
{
"config": {
"expiration-time": "1771168951297",
"gcs.oauth2.refresh-credentials-enabled": "true",
"gcs.oauth2.refresh-credentials-endpoint":
"v1/projects/<project-id>/catalogs/<Catalog-name>/namespaces/test/tables/test_tbl/credentials",
"gcs.oauth2.token": "<GCS OUTH2 TOKEN>",
"gcs.oauth2.token-expires-at": "1771168951297"
},
"prefix": "gs://<BUCKET_NAME>/test/test_tbl/"
}
]
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
