Implement basic support for rest.sigv4_enabled for the Iceberg REST catalog

[phillipleblanc]

Implements basic support for connecting to the AWS Glue Iceberg REST catalog by supporting the parameters rest.sigv4-enabled, rest.signing-name and rest.signing-region. See the corresponding parameters in the PyIceberg docs: https://py.iceberg.apache.org/configuration/#rest-catalog

I've added a new feature to the iceberg-catalog-rest called sigv4 which when enabled, will recognize the above configuration parameters. I've left this disabled by default.

I added the crate request_middleware to allow running middleware on requests, and if the rest.sigv4-enabled configuration is enabled, the middleware to sign the request and add the correct Authorization header is enabled.

I've tested this implementation in my project, and it works great for connecting to the AWS Glue REST catalog, i.e. https://glue.<region>.amazonaws.com/iceberg

I based this logic on the equivalent logic in PyIceberg: https://github.com/apache/iceberg-python/blob/6fffb644518bb64e8f33883d850edbe18c12bd07/pyiceberg/catalog/rest.py#L475

[simonvandel]

Hi @phillipleblanc

I found this PR while digging into how to query AWS' REST catalog implementation for S3 Tables.
What would it take to get this PR merged? How can I assist?

[phillipleblanc]

Hi @phillipleblanc

I found this PR while digging into how to query AWS' REST catalog implementation for S3 Tables. What would it take to get this PR merged? How can I assist?

I think we might need to rework this to not depend on the aws crates for the signing part - that seems to have some conflicts I wasn't able to resolve with the MSRV check. Looking at how the object_store crate does it would be a good start: https://github.com/apache/arrow-rs-object-store/blob/main/src/aws/credential.rs