+1 for adding this in the REST spec. Glue has a similar API GetTemporaryGlueTableCredentials [1], which was introduced because of performance and also security reasons. For example, we don't want to propagate credentials across the compute nodes in the cluster, and each compute node needs to fetch only the credentials independently. Such an API becomes handy to do improvements like caching.
Best, Jack Ye [1] https://docs.aws.amazon.com/cli/latest/reference/lakeformation/get-temporary-glue-table-credentials.html On Thu, Oct 10, 2024 at 3:47 AM Eduard Tudenhöfner <etudenhoef...@apache.org> wrote: > Hey everyone, > > I'd like to propose a mechanism and changes in order to be able to refresh > vended credentials for tables. > > Please find the proposal doc here > <https://docs.google.com/document/d/1acCkaPCO7WsLtvYugrayurbef4zCnD2rb3ZPBKeaYoo/edit?usp=sharing> > . > The proposal requires a spec change, which can be seen in #11281 > <https://github.com/apache/iceberg/pull/11281>. > > As discussed in the last sync, this should hopefully help in better > understanding the proposal around standardizing credentials in the OpenAPI > spec, which is being discussed in > https://lists.apache.org/thread/jmklpnywnghg7qwmwr14zj2k6tnxmdo4. > > Thanks, > Eduard >
