GitHub user jbonofre added a comment to the discussion: kms related error after
bump to 1.4.0
Hi,
It seems you are using a non-AWS STS endpoint, which rejects KMS actions as
invalid.
I think your storage config doesn't set the `kmsUnavailable=true` flag. Since
`region` and `accountId` are likely set (making AWS S3 enabled), a wildcard KMS
policy with `kms:DescribeKey` gets injected into the AssumeRole call, which
your Ceph STS endpoint rejects.
You should set the `AwsStorageConfigurationInfo` with `kmsUnvailable: true` for
this catalog. You can do that via the management API:
```
{
"storageType": "S3",
"allowedLocations": ["s3://..."],
"stsEndpoint": "http://<your-ceph-endpoint>",
"kmsUnavailable": true
}
```
That said, I think there's a improvement to do: the `isAwsS3` check in
`addKmsKeyPolaris` shouldn't be true when a custom STS endpoint is configured,
since a custom endpoint means you're not on native AWS.
GitHub link:
https://github.com/apache/polaris/discussions/4306#discussioncomment-16739628
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
