feat(catalog): Send X-Iceberg-Access-Delegation header to signal supp…

…ort for vended credentials Clients can optionally send this header to signal which delegated access pattern it can support. At this point the iceberg-go client can only support `vended-credentials` out-of-the-box, thus we can always send this header. Addtional details about this header can be found in the REST OpenAPI spec: https://github.com/apache/iceberg/blob/main/open-api/rest-catalog-open-api.yaml#L1459-L1483
apache · Feb 16, 2024 · b85b941 · b85b941
1 parent d209a3f
commit b85b941
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/catalog/rest.go b/catalog/rest.go
@@ -471,6 +471,7 @@ func (r *RestCatalog) createSession(opts *options) (*http.Client, error) {
 	session.defaultHeaders.Set("X-Client-Version", icebergRestSpecVersion)
 	session.defaultHeaders.Set("Content-Type", "application/json")
 	session.defaultHeaders.Set("User-Agent", "GoIceberg/"+iceberg.Version())
+	session.defaultHeaders.Set("X-Iceberg-Access-Delegation", "vended-credentials")
 
 	if opts.enableSigv4 {
 		cfg, err := config.LoadDefaultConfig(context.Background())

diff --git a/catalog/rest_internal_test.go b/catalog/rest_internal_test.go
@@ -66,10 +66,11 @@ func TestAuthHeader(t *testing.T) {
 
 	require.IsType(t, (*sessionTransport)(nil), cat.cl.Transport)
 	assert.Equal(t, http.Header{
-		"Authorization":    {"Bearer some_jwt_token"},
-		"Content-Type":     {"application/json"},
-		"User-Agent":       {"GoIceberg/(unknown version)"},
-		"X-Client-Version": {icebergRestSpecVersion},
+		"Authorization":               {"Bearer some_jwt_token"},
+		"Content-Type":                {"application/json"},
+		"User-Agent":                  {"GoIceberg/(unknown version)"},
+		"X-Client-Version":            {icebergRestSpecVersion},
+		"X-Iceberg-Access-Delegation": {"vended-credentials"},
 	}, cat.cl.Transport.(*sessionTransport).defaultHeaders)
 }
 
@@ -113,9 +114,10 @@ func TestAuthUriHeader(t *testing.T) {
 
 	require.IsType(t, (*sessionTransport)(nil), cat.cl.Transport)
 	assert.Equal(t, http.Header{
-		"Authorization":    {"Bearer some_jwt_token"},
-		"Content-Type":     {"application/json"},
-		"User-Agent":       {"GoIceberg/(unknown version)"},
-		"X-Client-Version": {icebergRestSpecVersion},
+		"Authorization":               {"Bearer some_jwt_token"},
+		"Content-Type":                {"application/json"},
+		"User-Agent":                  {"GoIceberg/(unknown version)"},
+		"X-Client-Version":            {icebergRestSpecVersion},
+		"X-Iceberg-Access-Delegation": {"vended-credentials"},
 	}, cat.cl.Transport.(*sessionTransport).defaultHeaders)
 }