polish

bundles/aws-bundle/src/main/java/org/apache/gravitino/s3/credential/S3TokenProvider.java

@@ -59,7 +59,7 @@ public void initialize(Map<String, String> properties) {
     S3CredentialConfig s3CredentialConfig = new S3CredentialConfig(properties);
     this.roleArn = s3CredentialConfig.s3RoleArn();
     this.externalID = s3CredentialConfig.externalID();
-    this.tokenExpireSecs = s3CredentialConfig.tokenExpireSecs();
+    this.tokenExpireSecs = s3CredentialConfig.tokenExpireInSecs();
     this.stsClient = createStsClient(s3CredentialConfig);
   }
 

catalogs/catalog-common/src/main/java/org/apache/gravitino/credential/CredentialConstants.java

@@ -22,7 +22,7 @@
 public class CredentialConstants {
   public static final String CREDENTIAL_PROVIDER_TYPE = "credential-provider-type";
   public static final String S3_TOKEN_CREDENTIAL_PROVIDER = "s3-token";
-  public static final String TOKEN_EXPIRE_TIME = "token-expire-time";
+  public static final String S3_TOKEN_EXPIRE_IN_SECS = "s3-token-expire-in-secs";
 
   public static final String GCS_TOKEN_CREDENTIAL_PROVIDER_TYPE = "gcs-token";
 

core/src/main/java/org/apache/gravitino/credential/config/S3CredentialConfig.java

@@ -69,9 +69,9 @@ public class S3CredentialConfig extends Config {
           .stringConf()
           .create();
 
-  public static final ConfigEntry<Integer> S3_TOKEN_EXPIRE_SECS =
-      new ConfigBuilder(CredentialConstants.TOKEN_EXPIRE_TIME)
-          .doc("S3 token expire seconds")
+  public static final ConfigEntry<Integer> S3_TOKEN_EXPIRE_IN_SECS =
+      new ConfigBuilder(CredentialConstants.S3_TOKEN_EXPIRE_IN_SECS)
+          .doc("S3 token expire in seconds")
           .version(ConfigConstants.VERSION_0_7_0)
           .intConf()
           .createWithDefault(3600);
@@ -104,7 +104,7 @@ public String externalID() {
     return this.get(S3_EXTERNAL_ID);
   }
 
-  public Integer tokenExpireSecs() {
-    return this.get(S3_TOKEN_EXPIRE_SECS);
+  public Integer tokenExpireInSecs() {
+    return this.get(S3_TOKEN_EXPIRE_IN_SECS);
   }
 }

docs/iceberg-rest-service.md

@@ -114,6 +114,7 @@ Gravitino Iceberg REST service supports using static S3 secret key or generating
 | `gravitino.iceberg-rest.s3-region`                | The region of the S3 service, like `us-west-2`.                                                                                                                                                                     | (none)        | No                                                 | 0.6.0-incubating |
 | `gravitino.iceberg-rest.s3-role-arn`              | The ARN of the role to access the S3 data.                                                                                                                                                                          | (none)        | Yes, when `credential-provider-type` is `s3-token` | 0.7.0-incubating |
 | `gravitino.iceberg-rest.s3-external-id`           | The S3 external id to generate token, only used when `credential-provider-type` is `s3-token`.                                                                                                                      | (none)        | No                                                 | 0.7.0-incubating |
+| `gravitino.iceberg-rest.s3-token-expire-in-secs`  | The S3 session token expire time in secs, it couldn't exceed the max session time of the assumed role, only used when `credential-provider-type` is `s3-token`.                                                     | 3600          | No                                                 | 0.7.0-incubating |
 
 For other Iceberg s3 properties not managed by Gravitino like `s3.sse.type`, you could config it directly by `gravitino.iceberg-rest.s3.sse.type`.