Skip to content

add refresh credentials property to loadTableResult #2341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

add refresh credentials property to loadTableResult #2341

wants to merge 2 commits into from
+107 −1

Conversation

jasonf20
Copy link

@jasonf20 jasonf20 commented Aug 13, 2025
edited
Loading

Rebased version of #1164

@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board Aug 13, 2025
@jasonf20 jasonf20 mentioned this pull request Aug 13, 2025
Closed
@jasonf20 jasonf20 force-pushed the loadTableResponse-refresh-credential-properties branch from bb55a80 to eb3e360 Compare August 13, 2025 08:54
singhpk234
singhpk234 reviewed Aug 14, 2025
View reviewed changes
.../service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java
LoadTableResponse.builder().withTableMetadata(originalResponse.tableMetadata());
loadResponseBuilder.addAllConfig(originalResponse.config());
loadResponseBuilder.addAllCredentials(originalResponse.credentials());
loadResponseBuilder.addConfig(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about azure ? do we want to do it in follow-up ? also should we only inject this when creds are for aws ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, I think enabling the Azure refresh properties currently causes Azure credential vending to immediately fail due to apache/iceberg#13733, so could maybe wait for that fix to release?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also should we only inject this when creds are for aws?

Could maybe lift the AWS refresh check below to loadTable itself, to avoid e.g. reconstructing the LoadTableResponse if not needed?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's better to provide the URL even if it's not AWS that way the user can override AwsClientProperties.REFRESH_CREDENTIALS_ENABLED if he is working with a system that he knows supports it despite the server not being updated to reflect this yet. For example, an updated Azure iceberg SDK like mentioned above.

.../service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java
private LoadTableResponse injectRefreshVendedCredentialProperties(
LoadTableResponse originalResponse, String credentialsEndpoint) {
LoadTableResponse.Builder loadResponseBuilder =
LoadTableResponse.builder().withTableMetadata(originalResponse.tableMetadata());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need to update metadata-location too ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update it to what value?

Do you mean is it redundant with the copyConfigs below? Seems like the metadata location is stored in a dedicated field and is not part of the config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@singhpk234 singhpk234 singhpk234 left review comments

+1 more reviewer

@smaheshwar-pltr smaheshwar-pltr smaheshwar-pltr left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jasonf20 @singhpk234 @smaheshwar-pltr