Skip to content

feat: Implement NoopAuthManager and integrate AuthManager into RestCa…#544

Open
lishuxu wants to merge 5 commits intoapache:mainfrom
lishuxu:feature/auth2
Open

feat: Implement NoopAuthManager and integrate AuthManager into RestCa…#544
lishuxu wants to merge 5 commits intoapache:mainfrom
lishuxu:feature/auth2

Conversation

@lishuxu
Copy link
Contributor

@lishuxu lishuxu commented Jan 29, 2026

  • Add NoopAuthManager for "none" authentication type
  • Register "none" auth type in static registry with case-insensitive matching
  • Add KnownAuthTypes() to distinguish known-but-unimplemented types (NotImplemented) from unknown types (InvalidArgument)
  • Integrate AuthManager into RestCatalog

wgtmac
wgtmac reviewed Jan 31, 2026
View reviewed changes
src/iceberg/catalog/rest/rest_catalog.cc Outdated
/// \brief Fetch server configuration from the REST catalog server.
Result<CatalogConfig> FetchServerConfig(
const ResourcePaths& paths, const RestCatalogProperties& current_config,
const std::shared_ptr<auth::AuthSession>& session) {
Copy link
Member

@wgtmac wgtmac Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const std::shared_ptr<auth::AuthSession>& session) {
const auth::AuthSession& session) {

If the session cannot be null and it is read-only, let's use its reference directly.

Copy link
Contributor Author

@lishuxu lishuxu Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed the session argument type to auth::AuthSession&. Authenticate() is non-const to support OAuth2 token refresh.

src/iceberg/catalog/rest/rest_catalog.cc

std::string_view RestCatalog::name() const { return name_; }

Result<std::unordered_map<std::string, std::string>> RestCatalog::AuthHeaders() const {
Copy link
Member

@wgtmac wgtmac Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it better to add AuthSession* session as an optional input parameter to HttpClient::Get (and its friends)? Auth headers should be handled internally in the client instead of scattering them around here.

Copy link
Contributor Author

@lishuxu lishuxu Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current design keeps HttpClient focused on HTTP transport concerns, while RestCatalog handles authentication as a business-layer responsibility. So I think current design may be better.

src/iceberg/catalog/rest/auth/auth_managers.cc
[[maybe_unused]] HttpClient& shared_client,
[[maybe_unused]] const std::unordered_map<std::string, std::string>& properties)
override {
return AuthSession::MakeDefault({});
Copy link
Member

@wgtmac wgtmac Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we check auth type from properties and return error for unimplemented auth types instead of blindly returning the noop impl?

Copy link
Contributor Author

@lishuxu lishuxu Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Type checking is done in AuthManagers::Load() before manager creation. NoopAuthManager is only created for auth type "none".

@zhjwpku zhjwpku mentioned this pull request Feb 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wgtmac wgtmac wgtmac left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lishuxu @wgtmac