feat(cmd/config): add aws-profile support for Glue catalog#1320
feat(cmd/config): add aws-profile support for Glue catalog#1320rasta-rocket wants to merge 1 commit into
Conversation
Add an `aws-profile` field to CatalogConfig so users can specify a named AWS profile in ~/.iceberg-go.yaml instead of relying solely on the environment default. The profile is forwarded to `awsconfig.LoadDefaultConfig` via `WithSharedConfigProfile` when the Glue catalog is initialised. It can also be supplied on the command line with `--aws-profile`, which takes precedence over the config file value.
zeroshade
left a comment
zeroshade
left a comment
There was a problem hiding this comment.
LGTM. The profile plumbs through correctly - WithSharedConfigProfile into LoadDefaultConfig, then on to the Glue client and S3 ops - and mergeConf follows the same explicit-flag-wins precedence as the other fields. A couple of nits inline. One follow-up thought: the programmatic Glue path (toAwsConfig via iceberg.Properties) has no glue.profile key, so this is CLI-only for now - might be worth a follow-up issue for parity.
| Output string `yaml:"output"` | ||
| Credential string `yaml:"credential"` | ||
| Warehouse string `yaml:"warehouse"` | ||
| AwsProfile string `yaml:"aws-profile,omitempty"` |
There was a problem hiding this comment.
nit: AwsProfile carries omitempty while the sibling string fields (Output, Credential, Warehouse) don't. Harmless on unmarshal, but worth making consistent one way or the other.
| args.Warehouse = fileConf.Warehouse | ||
| } | ||
|
|
||
| if !explicitFlags["aws-profile"] && len(fileConf.AwsProfile) > 0 { |
There was a problem hiding this comment.
nit: this mergeConf branch and the --aws-profile flag itself aren't covered by args_test.go. A case asserting (a) --aws-profile parses onto Args, and (b) the file-config value is applied only when the flag is absent, would lock in the precedence.
2 participants
Problem
When using the Glue catalog, the CLI always resolves AWS credentials through the SDK default chain.
Users working with multiple AWS accounts or roles had to fall back to environment variables (
AWS_PROFILE) or profile-switching wrappers instead of expressing the profile in their iceberg-go config (1 catalog = 1 account = 1 profile).Fix
Add an
aws-profilefield toCatalogConfiginconfig/config.go.When the Glue catalog is initialised in
initCatalog, the profile is passed toawsconfig.LoadDefaultConfigviaWithSharedConfigProfile.A matching
--aws-profileCLI flag is also wired up and takes precedence over the config file value (following the same merge pattern used by the other catalog flags).How to test
Add an entry to
~/.iceberg-go.yaml:Run any Glue command and confirm it authenticates with the named profile:
Alternatively, supply it on the command line:
Unit test: