apache · Fokko · May 31, 2024 · May 23, 2024 · May 23, 2024 · May 31, 2024
diff --git a/mkdocs/docs/configuration.md b/mkdocs/docs/configuration.md
@@ -89,6 +89,7 @@ For the FileIO there are several configuration options available:
 | s3.access-key-id     | admin                    | Configure the static secret access key used to access the FileIO.                                                                                                                                                                                         |
 | s3.secret-access-key | password                 | Configure the static session token used to access the FileIO.                                                                                                                                                                                             |
 | s3.signer            | bearer                   | Configure the signature version of the FileIO.                                                                                                                                                                                                            |
+| s3.signer.uri        | http://my.signer:8080/s3 | Configure the remote signing uri if it differs from the catalog uri. Remote signing is only implemented for `FsspecFileIO`. The final request is sent to `<s3.singer.uri>/v1/aws/s3/sign`.                                                                |
 | s3.region            | us-west-2                | Sets the region of the bucket                                                                                                                                                                                                                             |
 | s3.proxy-uri         | http://my.proxy.com:8080 | Configure the proxy server to be used by the FileIO.                                                                                                                                                                                                      |
 | s3.connect-timeout   | 60.0                     | Configure socket connection timeout, in seconds.                                                                                                                                                                                                          |

diff --git a/pyiceberg/io/__init__.py b/pyiceberg/io/__init__.py
@@ -53,6 +53,7 @@
 S3_REGION = "s3.region"
 S3_PROXY_URI = "s3.proxy-uri"
 S3_CONNECT_TIMEOUT = "s3.connect-timeout"
+S3_SIGNER_URI = "s3.signer.uri"
 HDFS_HOST = "hdfs.host"
 HDFS_PORT = "hdfs.port"
 HDFS_USER = "hdfs.user"

diff --git a/pyiceberg/io/fsspec.py b/pyiceberg/io/fsspec.py
@@ -63,6 +63,7 @@
     S3_REGION,
     S3_SECRET_ACCESS_KEY,
     S3_SESSION_TOKEN,
+    S3_SIGNER_URI,
     ADLFS_ClIENT_SECRET,
     FileIO,
     InputFile,
@@ -79,7 +80,7 @@ def s3v4_rest_signer(properties: Properties, request: AWSRequest, **_: Any) -> A
     if TOKEN not in properties:
         raise SignError("Signer set, but token is not available")
 
-    signer_url = properties["uri"].rstrip("/")
+    signer_url = properties.get(S3_SIGNER_URI, properties["uri"]).rstrip("/")
     signer_headers = {"Authorization": f"Bearer {properties[TOKEN]}"}
     signer_body = {
         "method": request.method,