[feat](iceberg) Support Google Authentication for Iceberg REST catalog#62988
Open
tuantran0910 wants to merge 1 commit intoapache:masterfrom
Open
[feat](iceberg) Support Google Authentication for Iceberg REST catalog#62988tuantran0910 wants to merge 1 commit intoapache:masterfrom
tuantran0910 wants to merge 1 commit intoapache:masterfrom
Conversation
…alog Add support for Google Cloud Lakehouse Iceberg REST catalog by introducing a new `google` security type that leverages Iceberg's built-in GoogleAuthManager for authentication via Application Default Credentials. New properties: - iceberg.rest.security.type = google - iceberg.rest.io-impl for FileIO implementation - iceberg.rest.google.user-project for billing project - iceberg.gcs.oauth2.token for GCS storage access Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Contributor
|
Thank you for your contribution to Apache Doris. Please clearly describe your PR:
|
Author
|
run buildall |
Author
|
/review |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What problem does this PR solve?
Issue Number: close #62987
Currently, Doris's Iceberg REST catalog only supports
noneandoauth2security types. Users running Google Cloud Lakehouse with Iceberg REST catalogs need a way to authenticate using Google's nativeGoogleAuthManagervia Application Default Credentials (ADC).Solution
This PR adds a new
googlesecurity type toIcebergRestPropertiesthat configures the Iceberg REST client to useorg.apache.iceberg.gcp.auth.GoogleAuthManagerfor authentication, following the official Google Cloud Lakehouse documentation.Main changes:
GOOGLEto theSecurityenum inIcebergRestPropertiesaddGoogleProperties()method that setsrest.auth.typeto the fully qualifiedGoogleAuthManagerclass nameiceberg.rest.io-impl,iceberg.rest.google.user-project,iceberg.gcs.oauth2.tokeniceberg-gcpandgoogle-cloud-storagedependencies tofe-core/pom.xmlHow to use
CREATE CATALOG lakehouse PROPERTIES ( "type" = "iceberg", "iceberg.catalog.type" = "rest", "iceberg.rest.uri" = "https://biglake.googleapis.com/iceberg/v1/restcatalog", "iceberg.rest.security.type" = "google", "iceberg.rest.io-impl" = "org.apache.iceberg.gcp.gcs.GCSFileIO", "iceberg.rest.google.user-project" = "my-billing-project", "warehouse" = "gs://my-bucket/warehouse/" );Release note
Features