plusplusjiajia commented on code in PR #719:
URL: https://github.com/apache/iceberg-cpp/pull/719#discussion_r3458154302


##########
src/iceberg/catalog/rest/rest_file_io.cc:
##########
@@ -92,4 +95,30 @@ Result<std::unique_ptr<FileIO>> MakeCatalogFileIO(const 
RestCatalogProperties& c
   return FileIORegistry::Load(io_impl, config.configs());
 }
 
+const StorageCredential* SelectS3StorageCredential(
+    const std::vector<StorageCredential>& credentials) {
+  const StorageCredential* best = nullptr;
+  for (const auto& cred : credentials) {
+    if (cred.prefix.starts_with("s3") &&
+        (best == nullptr || cred.prefix.size() > best->prefix.size())) {
+      best = &cred;
+    }
+  }
+  return best;
+}
+
+Result<std::unique_ptr<FileIO>> MakeS3FileIOFromCredential(
+    const std::unordered_map<std::string, std::string>& catalog_config,
+    const std::unordered_map<std::string, std::string>& table_config,
+    const StorageCredential& s3_cred) {
+  auto properties = catalog_config;
+  for (const auto& [key, value] : table_config) {
+    properties[key] = value;
+  }
+  for (const auto& [key, value] : s3_cred.config) {

Review Comment:
   @wgtmac You're right that the vended STS values are static and will expire 
on long scans / reused tables. Implementing refresh properly needs a 
credential-aware FileIO with a background refresher that re-fetches via 
credentials.uri (mirroring Java's VendedCredentialsProvider + 
S3FileIO#scheduleCredentialRefresh) — a larger  change than this PR. I've left 
an explicit TODO and would prefer to handle it as a follow-up. Shall I open an 
issue to track it? Happy to scope it there.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to