prestodb · tdcmeehan · Oct 24, 2024 · Oct 24, 2024
@@ -219,6 +219,11 @@ Property Name                                        Description
 ``iceberg.rest.auth.oauth2.token``                   The Bearer token to use for OAUTH2 authentication.
                                                      Example: ``SXVLUXUhIExFQ0tFUiEK``
 
+``iceberg.rest.auth.oauth2.scope``                   The scope to use for OAUTH2 authentication.
+                                                     This property is only applicable when using
+                                                     ``iceberg.rest.auth.oauth2.credential``.
+                                                     Example: ``PRINCIPAL_ROLE:ALL``
+
 ``iceberg.rest.session.type``                        The session type to use when communicating with the REST catalog.
                                                      Available values are ``NONE`` or ``USER`` (default: ``NONE``).
 

@@ -50,6 +50,7 @@
 import static org.apache.iceberg.rest.auth.OAuth2Properties.CREDENTIAL;
 import static org.apache.iceberg.rest.auth.OAuth2Properties.JWT_TOKEN_TYPE;
 import static org.apache.iceberg.rest.auth.OAuth2Properties.OAUTH2_SERVER_URI;
+import static org.apache.iceberg.rest.auth.OAuth2Properties.SCOPE;
 import static org.apache.iceberg.rest.auth.OAuth2Properties.TOKEN;
 
 public class IcebergRestCatalogFactory
@@ -124,6 +125,7 @@ protected Map<String, String> getCatalogProperties(ConnectorSession session)
                 }
                 catalogConfig.getCredential().ifPresent(credential -> properties.put(CREDENTIAL, credential));
                 catalogConfig.getToken().ifPresent(token -> properties.put(TOKEN, token));
+                catalogConfig.getScope().ifPresent(scope -> properties.put(SCOPE, scope));
             }
         });
 

@@ -28,6 +28,7 @@ public class IcebergRestConfig
     private String authenticationServerUri;
     private String credential;
     private String token;
+    private String scope;
 
     @NotNull
     public Optional<String> getServerUri()
@@ -108,6 +109,19 @@ public IcebergRestConfig setToken(String token)
         return this;
     }
 
+    public Optional<String> getScope()
+    {
+        return Optional.ofNullable(scope);
+    }
+
+    @Config("iceberg.rest.auth.oauth2.scope")
+    @ConfigDescription("The scope to use for OAUTH2 authentication")
+    public IcebergRestConfig setScope(String scope)
+    {
+        this.scope = scope;
+        return this;
+    }
+
     public boolean credentialOrTokenExists()
     {
         return credential != null || token != null;

@@ -35,6 +35,7 @@ public void testDefaults()
                 .setAuthenticationServerUri(null)
                 .setCredential(null)
                 .setToken(null)
+                .setScope(null)
                 .setSessionType(null));
     }
 
@@ -47,6 +48,7 @@ public void testExplicitPropertyMappings()
                 .put("iceberg.rest.auth.oauth2.uri", "http://localhost:yyy")
                 .put("iceberg.rest.auth.oauth2.credential", "key:secret")
                 .put("iceberg.rest.auth.oauth2.token", "SXVLUXUhIExFQ0tFUiEK")
+                .put("iceberg.rest.auth.oauth2.scope", "PRINCIPAL_ROLE:ALL")
                 .put("iceberg.rest.session.type", "USER")
                 .build();
 
@@ -56,6 +58,7 @@ public void testExplicitPropertyMappings()
                 .setAuthenticationServerUri("http://localhost:yyy")
                 .setCredential("key:secret")
                 .setToken("SXVLUXUhIExFQ0tFUiEK")
+                .setScope("PRINCIPAL_ROLE:ALL")
                 .setSessionType(USER);
 
         assertFullMapping(properties, expected);