Modify S3 config naming convention (apache#1301)

kevinjqliu · web-flow · commit 2778ec2370c5 · 2024-11-06T16:03:33.000-05:00
* session-name -&gt; role-session-name

* aws. -&gt; client.
diff --git a/mkdocs/docs/configuration.md b/mkdocs/docs/configuration.md
@@ -107,7 +107,7 @@ For the FileIO there are several configuration options available:
 | s3.access-key-id     | admin                      | Configure the static access key id used to access the FileIO.                                                                                                                                                                                             |
 | s3.secret-access-key | password                   | Configure the static secret access key used to access the FileIO.                                                                                                                                                                                         |
 | s3.session-token     | AQoDYXdzEJr...             | Configure the static session token used to access the FileIO.                                                                                                                                                                                             |
-| s3.session-name      | session                    | An optional identifier for the assumed role session.                                                                                                                                                                                                      |
+| s3.role-session-name      | session                    | An optional identifier for the assumed role session.                                                                                                                                                                                                      |
 | s3.role-arn          | arn:aws:...                | AWS Role ARN. If provided instead of access_key and secret_key, temporary credentials will be fetched by assuming this role.                                                                                                                              |
 | s3.signer            | bearer                     | Configure the signature version of the FileIO.                                                                                                                                                                                                            |
 | s3.signer.uri        | <http://my.signer:8080/s3> | Configure the remote signing uri if it differs from the catalog uri. Remote signing is only implemented for `FsspecFileIO`. The final request is sent to `<s3.signer.uri>/<s3.signer.endpoint>`.                                                          |
@@ -440,6 +440,8 @@ configures the AWS credentials for both Glue Catalog and S3 FileIO.
 | client.access-key-id     | admin          | Configure the static access key id used to access both the Glue/DynamoDB Catalog and the S3 FileIO     |
 | client.secret-access-key | password       | Configure the static secret access key used to access both the Glue/DynamoDB Catalog and the S3 FileIO |
 | client.session-token     | AQoDYXdzEJr... | Configure the static session token used to access both the Glue/DynamoDB Catalog and the S3 FileIO     |
+| client.role-session-name      | session                    | An optional identifier for the assumed role session.                                                                                                                                                                                                      |
+| client.role-arn          | arn:aws:...                | AWS Role ARN. If provided instead of access_key and secret_key, temporary credentials will be fetched by assuming this role.                                                                                                                              |
 
 <!-- prettier-ignore-start -->
 
diff --git a/pyiceberg/io/__init__.py b/pyiceberg/io/__init__.py
@@ -60,8 +60,8 @@
 AWS_ACCESS_KEY_ID = "client.access-key-id"
 AWS_SECRET_ACCESS_KEY = "client.secret-access-key"
 AWS_SESSION_TOKEN = "client.session-token"
-AWS_ROLE_ARN = "aws.role-arn"
-AWS_SESSION_NAME = "aws.session-name"
+AWS_ROLE_ARN = "client.role-arn"
+AWS_ROLE_SESSION_NAME = "client.role-session-name"
 S3_ENDPOINT = "s3.endpoint"
 S3_ACCESS_KEY_ID = "s3.access-key-id"
 S3_SECRET_ACCESS_KEY = "s3.secret-access-key"
@@ -73,7 +73,7 @@
 S3_SIGNER_ENDPOINT = "s3.signer.endpoint"
 S3_SIGNER_ENDPOINT_DEFAULT = "v1/aws/s3/sign"
 S3_ROLE_ARN = "s3.role-arn"
-S3_SESSION_NAME = "s3.session-name"
+S3_ROLE_SESSION_NAME = "s3.role-session-name"
 HDFS_HOST = "hdfs.host"
 HDFS_PORT = "hdfs.port"
 HDFS_USER = "hdfs.user"
diff --git a/pyiceberg/io/pyarrow.py b/pyiceberg/io/pyarrow.py
@@ -86,8 +86,8 @@
     AWS_ACCESS_KEY_ID,
     AWS_REGION,
     AWS_ROLE_ARN,
+    AWS_ROLE_SESSION_NAME,
     AWS_SECRET_ACCESS_KEY,
-    AWS_SESSION_NAME,
     AWS_SESSION_TOKEN,
     GCS_DEFAULT_LOCATION,
     GCS_ENDPOINT,
@@ -105,8 +105,8 @@
     S3_PROXY_URI,
     S3_REGION,
     S3_ROLE_ARN,
+    S3_ROLE_SESSION_NAME,
     S3_SECRET_ACCESS_KEY,
-    S3_SESSION_NAME,
     S3_SESSION_TOKEN,
     FileIO,
     InputFile,
@@ -370,7 +370,7 @@ def _initialize_fs(self, scheme: str, netloc: Optional[str] = None) -> FileSyste
             if role_arn := get_first_property_value(self.properties, S3_ROLE_ARN, AWS_ROLE_ARN):
                 client_kwargs["role_arn"] = role_arn
 
-            if session_name := get_first_property_value(self.properties, S3_SESSION_NAME, AWS_SESSION_NAME):
+            if session_name := get_first_property_value(self.properties, S3_ROLE_SESSION_NAME, AWS_ROLE_SESSION_NAME):
                 client_kwargs["session_name"] = session_name
 
             return S3FileSystem(**client_kwargs)
