Re: [PR] OpenAPI: Clarify signer property passthrough from server to client [iceberg]

Thu, 02 Apr 2026 01:37:51 -0700 


adutra commented on code in PR #15850:
URL: https://github.com/apache/iceberg/pull/15850#discussion_r3026690275


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -3522,6 +3522,11 @@ components:
         If remote signing for a specific storage provider is enabled, clients 
must respect the following configurations when creating a remote signer client:
          - `signer.endpoint`: the remote signer endpoint. Required. Can either 
be a relative path (to be resolved against `signer.uri`) or an absolute URI.
          - `signer.uri`: the base URI to resolve `signer.endpoint` against. 
Optional. Only meaningful if `signer.endpoint` is a relative path. Defaults to 
the catalog's base URI if not set.
+         - `signer.properties.*`: additional properties to be passed through 
to the signer endpoint in remote sign
+           requests. Optional. If such properties are present, signer clients 
MUST pass them through to the signer

Review Comment:
   I think we have 2 parallel discussion topics here:
   
   1. Is a newer client allowed to omit the properties communicated by the 
server? Imho it's not. You mentioned "its not easy to passback", but in fact, 
it's a trivial thing. As for the "freshness of the GRANTs duration", that's not 
a client concern and the client most likely won't be able to know if the data 
is stale or not. It's up to the server to decide if the data is fresh or stale.
   2. What servers should do with older clients? Again I think this topic does 
not belong in here, but I see 2 options: degrade or reject. I think that 
servers should decide and pick the best option for them, knowing that the 
"degrade" option may incur in significant performance hits. (A 3rd option would 
be to detect the client is old and include the data in the URL for those old 
clients.)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to