dimas-b commented on code in PR #2711:
URL: https://github.com/apache/polaris/pull/2711#discussion_r2395930146
##########
polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java:
##########
@@ -70,19 +71,25 @@ public AwsCredentialsStorageIntegration(
/** {@inheritDoc} */
@Override
- public AccessConfig getSubscopedCreds(
+ public AccessConfig getAccessConfig(
@Nonnull RealmConfig realmConfig,
boolean allowListOperation,
@Nonnull Set<String> allowedReadLocations,
@Nonnull Set<String> allowedWriteLocations,
- Optional<String> refreshCredentialsEndpoint) {
+ Optional<String> refreshCredentialsEndpoint,
+ boolean credentialsRequired) {
int storageCredentialDurationSeconds =
realmConfig.getConfig(STORAGE_CREDENTIAL_DURATION_SECONDS);
AwsStorageConfigurationInfo storageConfig = config();
String region = storageConfig.getRegion();
AccessConfig.Builder accessConfig = AccessConfig.builder();
- if (shouldUseSts(storageConfig)) {
+ boolean shouldUseSts = shouldUseSts(storageConfig);
+ Preconditions.checkArgument(
Review Comment:
On the java client side it shows up as
`org.apache.iceberg.exceptions.RESTException: Unable to process: Failed to get
subscoped credentials: Credential vending was requested, but STS is not
available`. Is that reasonable?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
