|
19 | 19 |
|
20 | 20 | #include "iceberg/catalog/rest/auth/auth_manager_internal.h" |
21 | 21 | #include "iceberg/catalog/rest/auth/sigv4_auth_manager_internal.h" |
| 22 | +#include "iceberg/catalog/session_context.h" |
22 | 23 | #include "iceberg/result.h" |
23 | 24 |
|
24 | 25 | #if ICEBERG_SIGV4_ENABLED |
@@ -146,6 +147,19 @@ std::unordered_map<std::string, std::string> MergeProperties( |
146 | 147 | return merged; |
147 | 148 | } |
148 | 149 |
|
| 150 | +Result<std::unordered_map<std::string, std::string>> ContextProperties( |
| 151 | + const SessionContext& context) { |
| 152 | + auto merged = context.properties; |
| 153 | + for (const auto& [key, value] : context.credentials) { |
| 154 | + auto [it, inserted] = merged.emplace(key, value); |
| 155 | + if (!inserted && it->second != value) { |
| 156 | + return InvalidArgument("Session context has conflicting values for property '{}'", |
| 157 | + key); |
| 158 | + } |
| 159 | + } |
| 160 | + return merged; |
| 161 | +} |
| 162 | + |
149 | 163 | /// Matches Java RESTSigV4AuthSession: canonical headers carry |
150 | 164 | /// Base64(SHA256(body)), canonical request trailer uses hex. |
151 | 165 | class RestSigV4Signer : public Aws::Client::AWSAuthV4Signer { |
@@ -386,19 +400,19 @@ Result<std::shared_ptr<AuthSession>> SigV4AuthManager::CatalogSession( |
386 | 400 | } |
387 | 401 |
|
388 | 402 | Result<std::shared_ptr<AuthSession>> SigV4AuthManager::ContextualSession( |
389 | | - const std::unordered_map<std::string, std::string>& context, |
390 | | - std::shared_ptr<AuthSession> parent) { |
| 403 | + const SessionContext& context, std::shared_ptr<AuthSession> parent) { |
391 | 404 | auto sigv4_parent = std::dynamic_pointer_cast<SigV4AuthSession>(std::move(parent)); |
392 | 405 | ICEBERG_PRECHECK(sigv4_parent != nullptr, |
393 | 406 | "SigV4AuthManager parent must be a SigV4AuthSession"); |
394 | 407 |
|
395 | 408 | ICEBERG_ASSIGN_OR_RAISE(auto delegate_session, delegate_->ContextualSession( |
396 | 409 | context, sigv4_parent->delegate())); |
397 | 410 |
|
398 | | - auto merged = MergeProperties(catalog_properties_, context); |
| 411 | + ICEBERG_ASSIGN_OR_RAISE(auto context_properties, ContextProperties(context)); |
| 412 | + auto merged = MergeProperties(catalog_properties_, context_properties); |
399 | 413 | ICEBERG_ASSIGN_OR_RAISE( |
400 | | - auto credentials, |
401 | | - ResolveCredentialsProvider(context, sigv4_parent->credentials_provider())); |
| 414 | + auto credentials, ResolveCredentialsProvider(context_properties, |
| 415 | + sigv4_parent->credentials_provider())); |
402 | 416 | return WrapSession(std::move(delegate_session), merged, std::move(credentials)); |
403 | 417 | } |
404 | 418 |
|
|
0 commit comments