+1 (binding) On Tue, Oct 22, 2024 at 5:20 PM rdb...@gmail.com <rdb...@gmail.com> wrote:
> +1 (binding) > > Thanks for your work on this! > > On Tue, Oct 22, 2024 at 2:47 PM Prashant Singh <prashant010...@gmail.com> > wrote: > >> +1 (non-binding) >> >> Regards, >> Prashant >> >> On Tue, Oct 22, 2024 at 10:50 AM John Zhuge <jzh...@apache.org> wrote: >> >>> +1 (non-binding) >>> >>> John Zhuge >>> >>> >>> On Tue, Oct 22, 2024 at 9:45 AM Jack Ye <yezhao...@gmail.com> wrote: >>> >>>> +1 (binding) >>>> >>>> Best, >>>> Jack Ye >>>> >>>> On Tue, Oct 22, 2024 at 9:32 AM Dmitri Bourlatchkov >>>> <dmitri.bourlatch...@dremio.com.invalid> wrote: >>>> >>>>> Thanks for the reply Eduard! >>>>> >>>>> I think it is fine to defer fine-tuning credential refreshes to a >>>>> later PR. >>>>> >>>>> I'm upgrading my vote to +1 (non-binding). >>>>> >>>>> Cheers, >>>>> Dmitri. >>>>> >>>>> On Tue, Oct 22, 2024 at 11:11 AM Eduard Tudenhöfner < >>>>> etudenhoef...@apache.org> wrote: >>>>> >>>>>> Hey Dmitri, >>>>>> >>>>>> the idea behind the endpoint itself is really just to provide *valid* >>>>>> credentials for a given table when a client asks for them. >>>>>> If the server returned you two S3 credentials, the client will use >>>>>> the one with the longest prefix and if that credential expires, it will >>>>>> ask >>>>>> the server again for *valid* credentials. >>>>>> That means the server can again return you two S3 credentials, even >>>>>> if that second unused credential from the previous endpoint call didn't >>>>>> expire yet. >>>>>> I don't think we'd want to complicate the endpoint *at this point* >>>>>> to have a differentiation between what specific credentials a client >>>>>> wants >>>>>> to receive from the server. >>>>>> >>>>>> Thanks, >>>>>> Eduard >>>>>> >>>>>> On Mon, Oct 21, 2024 at 6:36 PM Dmitri Bourlatchkov >>>>>> <dmitri.bourlatch...@dremio.com.invalid> wrote: >>>>>> >>>>>>> -0 (non-binding) >>>>>>> >>>>>>> If multiple credentials are vended for a table (which is allowed) >>>>>>> the current API requires all credentials to be refreshed, when any of >>>>>>> the >>>>>>> previous credentials expires. I think this is suboptimal (but can >>>>>>> probably >>>>>>> be made to work in most practical cases). >>>>>>> >>>>>>> Cheers, >>>>>>> Dmitri. >>>>>>> >>>>>>> On Mon, Oct 21, 2024 at 6:07 AM Eduard Tudenhöfner < >>>>>>> etudenhoef...@apache.org> wrote: >>>>>>> >>>>>>>> Hey everyone, >>>>>>>> >>>>>>>> I'd like to vote on #11281 >>>>>>>> <https://github.com/apache/iceberg/pull/11281>, which introduces a >>>>>>>> new endpoint and allows retrieving/refreshing vended credentials for a >>>>>>>> given table. >>>>>>>> >>>>>>>> Please vote +1 if you generally agree with the path forward. >>>>>>>> >>>>>>>> Please vote in the next 72 hours >>>>>>>> >>>>>>>> [ ] +1, commit the proposed spec changes >>>>>>>> [ ] -0 >>>>>>>> [ ] -1, do not make these changes because . . . >>>>>>>> >>>>>>>> >>>>>>>> Thanks everyone, >>>>>>>> >>>>>>>> Eduard >>>>>>>> >>>>>>>
