projectnessie
diff --git a/Diff for: ‎CHANGELOG.md
+17-6 b/Diff for: ‎CHANGELOG.md
+17-6
diff --git a/Diff for: ‎README.md
+1-1 b/Diff for: ‎README.md
+1-1
diff --git a/Diff for: ‎SECURITY.md
+2-2 b/Diff for: ‎SECURITY.md
+2-2
diff --git a/Diff for: ‎helm/nessie/Chart.yaml
+1-1 b/Diff for: ‎helm/nessie/Chart.yaml
+1-1
diff --git a/Diff for: ‎helm/nessie/README.md
+6-5 b/Diff for: ‎helm/nessie/README.md
+6-5
@@ -12,6 +12,20 @@ as necessary. Empty sections will not end in the release notes.
 
 ### Breaking changes
 
+### New Features
+
+### Changes
+
+### Deprecations
+
+### Fixes
+
+### Commits
+
+## [0.92.0] Release (2024-07-11)
+
+### Breaking changes
+
 - Catalog: The `nessie.catalog.s3.default-options.auth-mode` configuration property has been renamed
   to `nessie.catalog.s3.default-options.client-auth-mode` to better reflect its purpose. The old
   property name is not supported anymore and must be updated in customized Helm values and/or 
@@ -30,8 +44,6 @@ as necessary. Empty sections will not end in the release notes.
 
 - Helm chart improvements
 
-### Deprecations
-
 ### Fixes
 
 - Fix potential class-loader deadlock via `Namespace.EMPTY`
@@ -40,8 +52,6 @@ as necessary. Empty sections will not end in the release notes.
 - Fix behavior of metadata-update/set-statistics + set-partition-statistics
 - Fix duplicate OAuth interactive flows when the Nessie API compatibility filter is enabled
 
-### Commits
-
 ## [0.91.3] Release (2024-06-28)
 
 ### Breaking changes
@@ -588,7 +598,8 @@ as necessary. Empty sections will not end in the release notes.
 - Tests: Make `ITCassandraBackendFactory` less flaky (#7186)
 - IntelliJ: Exclude some more directories from indexing (#7181)
 
-[Unreleased]: https://github.com/projectnessie/nessie/compare/nessie-0.91.3...HEAD
+[Unreleased]: https://github.com/projectnessie/nessie/compare/nessie-0.92.0...HEAD
+[0.92.0]: https://github.com/projectnessie/nessie/compare/nessie-0.91.3...nessie-0.92.0
 [0.91.3]: https://github.com/projectnessie/nessie/compare/nessie-0.91.2...nessie-0.91.3
 [0.91.2]: https://github.com/projectnessie/nessie/compare/nessie-0.91.1...nessie-0.91.2
 [0.91.1]: https://github.com/projectnessie/nessie/compare/nessie-0.90.4...nessie-0.91.1
@@ -619,5 +630,5 @@ as necessary. Empty sections will not end in the release notes.
 [0.67.0]: https://github.com/projectnessie/nessie/compare/nessie-0.66.0...nessie-0.67.0
 [0.66.0]: https://github.com/projectnessie/nessie/compare/nessie-0.65.1...nessie-0.66.0
 [0.65.1]: https://github.com/projectnessie/nessie/compare/nessie-0.65.0...nessie-0.65.1
-[0.65.0]: https://github.com/projectnessie/nessie/compare/nessie-0.64.0...nessie-0.65.0
+[0.65.0]: https://github.com/projectnessie/nessie/commits/nessie-0.65.0
 [Nessie authentication settings]: https://projectnessie.org/tools/client_config/#authentication-settings
@@ -108,7 +108,7 @@ Nessie Iceberg's integration is compatible with Iceberg as in the following tabl
 
 | Nessie version | Iceberg version | Spark version (Scala 2.12+2.13) | Hive version | Flink version          | Presto version                      | Trino version |
 |----------------|-----------------|---------------------------------|--------------|------------------------|-------------------------------------|---------------|
-| 0.91.3         | 1.5.0           | 3.3.x, 3.4.x, 3.5.x             | n/a          | 1.16.x, 1.17.x, 1.18.x | 0.277, 0.278.x, 0.279, 0.280, 0.281 | 419           |
+| 0.92.0         | 1.5.0           | 3.3.x, 3.4.x, 3.5.x             | n/a          | 1.16.x, 1.17.x, 1.18.x | 0.277, 0.278.x, 0.279, 0.280, 0.281 | 419           |
 
 ### Distribution
 To run:
 
@@ -6,8 +6,8 @@ Currently supported versions are listed below.
 
 | Version  | Supported          |
 |----------|--------------------|
-| 0.91.3   | :white_check_mark: |
-| < 0.91.3 | :x:                |
+| 0.92.0   | :white_check_mark: |
+| < 0.92.0 | :x:                |
 
 All Nessie 0.x.x versions are considered beta or even alpha releases and not supported after
 release of Nessie 1.0.0.
 
@@ -2,7 +2,7 @@ apiVersion: v2
 name: nessie
 description: A Helm chart for Nessie
 type: application
-version: 0.91.3
+version: 0.92.0
 home: https://projectnessie.org/
 icon: https://raw.githubusercontent.com/projectnessie/nessie/main/site/docs/img/nessie.svg
 sources:
 
@@ -8,7 +8,7 @@ helm-docs --chart-search-root=helm
 
 # Nessie Helm chart
 
-![Version: 0.91.3](https://img.shields.io/badge/Version-0.91.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.92.0](https://img.shields.io/badge/Version-0.92.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart for Nessie.
 
@@ -79,7 +79,7 @@ $ helm uninstall --namespace nessie-ns nessie
 | cassandra.secret.name | string | `"cassandra-creds"` | The secret name to pull Cassandra credentials from. |
 | cassandra.secret.password | string | `"cassandra_password"` | The secret key storing the Cassandra password. |
 | cassandra.secret.username | string | `"cassandra_username"` | The secret key storing the Cassandra username. |
-| catalog | object | `{"enabled":false,"iceberg":{"configDefaults":{},"configOverrides":{},"defaultWarehouse":null,"objectStoresHealthCheckEnabled":true,"warehouses":[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]},"storage":{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"endpoint":null,"externalEndpoint":null,"sasTokenSecret":{"name":null,"sasToken":null}},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"maxRetries":null,"maxRetryDelay":null,"readBlockSize":null,"readTimeout":null,"retryDelay":null,"retryPolicy":null,"tryTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":false,"assumeRole":{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null},"clientAuthenticationMode":null,"endpoint":null,"externalEndpoint":null,"pathStyleAccess":false,"region":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null,"retryAfter":null}}}}` | The Nessie catalog server configuration. |
+| catalog | object | `{"enabled":false,"iceberg":{"configDefaults":{},"configOverrides":{},"defaultWarehouse":null,"objectStoresHealthCheckEnabled":true,"warehouses":[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]},"storage":{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"endpoint":null,"externalEndpoint":null,"sasTokenSecret":{"name":null,"sasToken":null}},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"maxRetries":null,"maxRetryDelay":null,"readBlockSize":null,"readTimeout":null,"retryDelay":null,"retryPolicy":null,"tryTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":false,"assumeRole":{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null},"clientAuthenticationMode":null,"endpoint":null,"externalEndpoint":null,"pathStyleAccess":false,"region":null,"serverAuthenticationMode":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null,"retryAfter":null}}}}` | The Nessie catalog server configuration. |
 | catalog.enabled | bool | `false` | Whether to enable the REST catalog service. |
 | catalog.iceberg | object | `{"configDefaults":{},"configOverrides":{},"defaultWarehouse":null,"objectStoresHealthCheckEnabled":true,"warehouses":[{"configDefaults":{},"configOverrides":{},"location":null,"name":null}]}` | Iceberg catalog settings. |
 | catalog.iceberg.configDefaults | object | `{}` | Iceberg config defaults applicable to all clients and warehouses. Any properties that are common to all iceberg clients should be included here. They will be passed to all clients on all warehouses as config defaults. These defaults can be overridden on a per-warehouse basis, see below. |
@@ -90,7 +90,7 @@ $ helm uninstall --namespace nessie-ns nessie
 | catalog.iceberg.warehouses[0].configDefaults | object | `{}` | Iceberg config defaults specific to this warehouse. They override any defaults specified above in catalog.iceberg.configDefaults. |
 | catalog.iceberg.warehouses[0].configOverrides | object | `{}` | Iceberg config overrides specific to this warehouse. They override any defaults specified above in catalog.iceberg.configOverrides. |
 | catalog.iceberg.warehouses[0].location | string | `nil` | Location of the warehouse. Required. Used to determine the base location of a table. Scheme must be either s3 (Amazon S3), gs (Google GCS) or abfs / abfss (Azure ADLS). Storage properties for each location can be defined below. |
-| catalog.storage | object | `{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"endpoint":null,"externalEndpoint":null,"sasTokenSecret":{"name":null,"sasToken":null}},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"maxRetries":null,"maxRetryDelay":null,"readBlockSize":null,"readTimeout":null,"retryDelay":null,"retryPolicy":null,"tryTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":false,"assumeRole":{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null},"clientAuthenticationMode":null,"endpoint":null,"externalEndpoint":null,"pathStyleAccess":false,"region":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null,"retryAfter":null}}}` | Catalog storage settings. |
+| catalog.storage | object | `{"adls":{"advancedConfig":{},"defaultOptions":{"accountSecret":{"accountKey":null,"accountName":null,"name":null},"endpoint":null,"externalEndpoint":null,"sasTokenSecret":{"name":null,"sasToken":null}},"filesystems":[],"transport":{"connectTimeout":null,"connectionIdleTimeout":null,"maxHttpConnections":null,"maxRetries":null,"maxRetryDelay":null,"readBlockSize":null,"readTimeout":null,"retryDelay":null,"retryPolicy":null,"tryTimeout":null,"writeBlockSize":null,"writeTimeout":null}},"gcs":{"buckets":[],"defaultOptions":{"authCredentialsJsonSecret":{"key":null,"name":null},"authType":null,"clientLibToken":null,"decryptionKey":null,"deleteBatchSize":null,"encryptionKey":null,"externalHost":null,"host":null,"oauth2TokenSecret":{"expiresAt":null,"name":null,"token":null},"projectId":null,"quotaProjectId":null,"readChunkSize":null,"userProject":null,"writeChunkSize":null},"transport":{"connectTimeout":null,"initialRetryDelay":null,"initialRpcTimeout":null,"logicalTimeout":null,"maxAttempts":null,"maxRetryDelay":null,"maxRpcTimeout":null,"readTimeout":null,"retryDelayMultiplier":null,"rpcTimeoutMultiplier":null,"totalTimeout":null}},"s3":{"buckets":[],"defaultOptions":{"accessKeySecret":{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null},"accessPoint":null,"allowCrossRegionAccessPoint":false,"assumeRole":{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null},"clientAuthenticationMode":null,"endpoint":null,"externalEndpoint":null,"pathStyleAccess":false,"region":null,"serverAuthenticationMode":null},"sessionCredentials":{"sessionCredentialCacheMaxEntries":null,"sessionCredentialRefreshGracePeriod":null,"stsClientsCacheMaxEntries":null},"transport":{"connectTimeout":null,"connectionAcquisitionTimeout":null,"connectionMaxIdleTime":null,"connectionTimeToLive":null,"expectContinueEnabled":null,"maxHttpConnections":null,"readTimeout":null,"retryAfter":null}}}` | Catalog storage settings. |
 | catalog.storage.adls.advancedConfig | object | `{}` | Custom ADLS configuration options, see javadocs of com.azure.core.util.Configuration. Not overridable on a per-filesystem basis. |
 | catalog.storage.adls.defaultOptions.accountSecret | object | `{"accountKey":null,"accountName":null,"name":null}` | A secret containing the account name and key to use. Either this option or sasTokenSecret must be set. If both are set, sasTokenSecret takes precedence. |
 | catalog.storage.adls.defaultOptions.accountSecret.accountKey | string | `nil` | Secret key containing the account key. |
@@ -145,10 +145,10 @@ $ helm uninstall --namespace nessie-ns nessie
 | catalog.storage.gcs.transport.rpcTimeoutMultiplier | string | `nil` | Override the default RPC timeout multiplier. Must be a valid ISO duration. |
 | catalog.storage.gcs.transport.totalTimeout | string | `nil` | Override the default total timeout. Must be a valid ISO duration. |
 | catalog.storage.s3.buckets | list | `[]` | Per-bucket S3 settings. Override the general settings above. |
-| catalog.storage.s3.defaultOptions.accessKeySecret | object | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null}` | AWS credentials. For STS, this defines the Access Key ID and Secret Key ID to be used as a basic credential for obtaining temporary session credentials. |
+| catalog.storage.s3.defaultOptions.accessKeySecret | object | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"name":null}` | AWS credentials. Required when serverAuthenticationMode is STATIC. |
 | catalog.storage.s3.defaultOptions.accessKeySecret.awsAccessKeyId | string | `nil` | The secret key storing the AWS secret key id. |
 | catalog.storage.s3.defaultOptions.accessKeySecret.awsSecretAccessKey | string | `nil` | The secret key storing the AWS secret access key. |
-| catalog.storage.s3.defaultOptions.accessKeySecret.name | string | `nil` | The secret name to pull AWS credentials from. Optional; if not present, the default AWS credentials provider chain is used. |
+| catalog.storage.s3.defaultOptions.accessKeySecret.name | string | `nil` | The secret name to pull AWS credentials from. |
 | catalog.storage.s3.defaultOptions.accessPoint | string | `nil` | AWS Access point for this bucket. Access points can be used to perform S3 operations by specifying a mapping of bucket to access points. This is useful for multi-region access, cross-region access, disaster recovery, etc. See https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-access-points.html. |
 | catalog.storage.s3.defaultOptions.allowCrossRegionAccessPoint | bool | `false` | Authorize cross-region calls when contacting an access point. The default is false. |
 | catalog.storage.s3.defaultOptions.assumeRole | object | `{"clientSessionDuration":null,"externalId":null,"roleArn":null,"roleSessionName":null,"sessionIamPolicy":null,"stsEndpoint":null}` | Settings only relevant when clientAuthenticationMode is ASSUME_ROLE. |
@@ -163,6 +163,7 @@ $ helm uninstall --namespace nessie-ns nessie
 | catalog.storage.s3.defaultOptions.externalEndpoint | string | `nil` | Endpoint URI, required for private clouds. Optional; if not provided, the default is used. If the endpoint URIs for the Nessie server and clients differ, this one defines the endpoint used for the Nessie server. |
 | catalog.storage.s3.defaultOptions.pathStyleAccess | bool | `false` | Whether to use path-style access. Optional; if not provided, the default is used. If true, path-style access will be used, as in: https://<domain>/<bucket>. If false, a virtual-hosted style will be used instead, as in: https://<bucket>.<domain>. |
 | catalog.storage.s3.defaultOptions.region | string | `nil` | DNS name of the region, required for AWS. |
+| catalog.storage.s3.defaultOptions.serverAuthenticationMode | string | `nil` | Controls the authentication mode for the Catalog server. Valid values are: - APPLICATION_GLOBAL: Use the default AWS credentials provider chain. - STATIC: Static credentials provided through the accessKeySecret option. The default is STATIC. |
 | catalog.storage.s3.sessionCredentials.sessionCredentialCacheMaxEntries | string | `nil` | Maximum number of entries to keep in the session credentials cache (assumed role credentials). Not overridable on a per-bucket basis. The default is 1000. |
 | catalog.storage.s3.sessionCredentials.sessionCredentialRefreshGracePeriod | string | `nil` | The time period to subtract from the S3 session credentials (assumed role credentials) expiry time to define the time when those credentials become eligible for refreshing. Not overridable on a per-bucket basis. The default is PT5M (5 minutes). |
 | catalog.storage.s3.sessionCredentials.stsClientsCacheMaxEntries | string | `nil` | Maximum number of entries to keep in the STS clients cache. Not overridable on a per-bucket basis. The default is 50. |