From b85b94173be06324bf05eac59563900f1c721673 Mon Sep 17 00:00:00 2001
From: Eduard Tudenhoefner <etudenhoefner@gmail.com>
Date: Fri, 16 Feb 2024 10:56:32 +0100
Subject: [PATCH] feat(catalog): Send X-Iceberg-Access-Delegation header to
 signal support for vended credentials

Clients can optionally send this header to signal which delegated access
pattern it can support. At this point the iceberg-go client can only
support `vended-credentials` out-of-the-box, thus we can always send
this header.
Addtional details about this header can be found in the REST OpenAPI
spec: https://github.com/apache/iceberg/blob/main/open-api/rest-catalog-open-api.yaml#L1459-L1483
---
 catalog/rest.go               |  1 +
 catalog/rest_internal_test.go | 18 ++++++++++--------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/catalog/rest.go b/catalog/rest.go
index 93030bd1..ef9c332f 100644
--- a/catalog/rest.go
+++ b/catalog/rest.go
@@ -471,6 +471,7 @@ func (r *RestCatalog) createSession(opts *options) (*http.Client, error) {
 	session.defaultHeaders.Set("X-Client-Version", icebergRestSpecVersion)
 	session.defaultHeaders.Set("Content-Type", "application/json")
 	session.defaultHeaders.Set("User-Agent", "GoIceberg/"+iceberg.Version())
+	session.defaultHeaders.Set("X-Iceberg-Access-Delegation", "vended-credentials")
 
 	if opts.enableSigv4 {
 		cfg, err := config.LoadDefaultConfig(context.Background())
diff --git a/catalog/rest_internal_test.go b/catalog/rest_internal_test.go
index 8a2966d2..a03e2a50 100644
--- a/catalog/rest_internal_test.go
+++ b/catalog/rest_internal_test.go
@@ -66,10 +66,11 @@ func TestAuthHeader(t *testing.T) {
 
 	require.IsType(t, (*sessionTransport)(nil), cat.cl.Transport)
 	assert.Equal(t, http.Header{
-		"Authorization":    {"Bearer some_jwt_token"},
-		"Content-Type":     {"application/json"},
-		"User-Agent":       {"GoIceberg/(unknown version)"},
-		"X-Client-Version": {icebergRestSpecVersion},
+		"Authorization":               {"Bearer some_jwt_token"},
+		"Content-Type":                {"application/json"},
+		"User-Agent":                  {"GoIceberg/(unknown version)"},
+		"X-Client-Version":            {icebergRestSpecVersion},
+		"X-Iceberg-Access-Delegation": {"vended-credentials"},
 	}, cat.cl.Transport.(*sessionTransport).defaultHeaders)
 }
 
@@ -113,9 +114,10 @@ func TestAuthUriHeader(t *testing.T) {
 
 	require.IsType(t, (*sessionTransport)(nil), cat.cl.Transport)
 	assert.Equal(t, http.Header{
-		"Authorization":    {"Bearer some_jwt_token"},
-		"Content-Type":     {"application/json"},
-		"User-Agent":       {"GoIceberg/(unknown version)"},
-		"X-Client-Version": {icebergRestSpecVersion},
+		"Authorization":               {"Bearer some_jwt_token"},
+		"Content-Type":                {"application/json"},
+		"User-Agent":                  {"GoIceberg/(unknown version)"},
+		"X-Client-Version":            {icebergRestSpecVersion},
+		"X-Iceberg-Access-Delegation": {"vended-credentials"},
 	}, cat.cl.Transport.(*sessionTransport).defaultHeaders)
 }