Core: Pass REST auth manager to S3 signer#2846
Conversation
kevinjqliu
left a comment
kevinjqliu
left a comment
There was a problem hiding this comment.
LGTM! Thanks for the fix. I commented on the original issue (#2544) to see if anyone can verify the solution.
I'll also try to reproduce the issue and try out this fix locally
| if token := self.properties.get(TOKEN): | ||
| signer_headers = {"Authorization": f"Bearer {token}"} | ||
| auth_header = f"Bearer {token}" |
There was a problem hiding this comment.
nit: maybe we can get rid of accessing TOKEN through properties here and just standardize on using the auth manager.
There was a problem hiding this comment.
This may be out of scope for this bug-fix PR, but it looks like we’re tightly coupling AuthManager and authentication tokens which are RestCatalog concepts into FileIO, which should be Catalog type agnostic.
It might be worth revisiting this design in more detail in the future to ensure we don’t introduce fallback logic that’s driven by configuration properties rather than clearer separation of concerns
There was a problem hiding this comment.
yea great point. i think it would be better to split out the "rest signer" from fileio. there's a good example already in the REST catalog,
iceberg-python/pyiceberg/catalog/rest/__init__.py
Lines 409 to 459 in a99dcad
it might also be easier to just pass in the request Session from the REST catalog to the Signer. So we dont need to recreate the auth header directly
but again, we can refactor this after the bug fix :)
There was a problem hiding this comment.
agreed - just leaving a comment so we don't forget 🙂
There was a problem hiding this comment.
that sounds good, lets address the cleaner design in #2862
|
i was able to verify this locally by using the amazing repro script from @martyngigg |
|
I ran into the issue linked and can confirm using this PR with pyiceberg[s3fs,rest-sigv4] @ git+https://github.com/apache/iceberg-python@refs/pull/2846/head works. would be great to get this merged |
|
I can also confirm that the solution works for me too. Thanks for the fix! |
Fokko
left a comment
Fokko
left a comment
There was a problem hiding this comment.
This looks good to me as well.
@010Soham are you able to do a pass on the pending comments? It would be good to get this in and start another release.
Thanks everyone here for testing locally to see if this fixes the issue, much appreciated 🙌
|
Thanks everyone for your suggestions and testing things out
All CI checks are green now |
kevinjqliu
left a comment
kevinjqliu
left a comment
There was a problem hiding this comment.
LGTM! Thank you!
I reran this integration once again locally ✅ ✅ ✅
#2544 (comment)
| self._auth_manager = self._create_legacy_oauth2_auth_manager(session) | ||
| session.auth = AuthManagerAdapter(self._auth_manager) |
There was a problem hiding this comment.
nit: take session.auth = AuthManagerAdapter(self._auth_manager) part out of the if/else branch since its the same logic
|
leaving this open for a few more reviews, i plan to merge this first thing tmr 😄 |
|
Glad it was helpful @kevinjqliu 😄, eagerly waiting for the 0.11.0 release and build on from the learnings 0.10.0 |
7 participants
What does this change do?
Why is this needed?
How was this tested?
Closes #2544