flyrain commented on code in PR #2711:
URL: https://github.com/apache/polaris/pull/2711#discussion_r2389579477
##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java:
##########
@@ -804,7 +804,14 @@ private LoadTableResponse.Builder
buildLoadTableResponseWithDelegationCredential
credentialDelegation.getAccessConfig(
tableIdentifier, tableMetadata, actions,
refreshCredentialsEndpoint);
Map<String, String> credentialConfig = accessConfig.credentials();
- if (!credentialConfig.isEmpty() &&
delegationModes.contains(VENDED_CREDENTIALS)) {
+ if (delegationModes.contains(VENDED_CREDENTIALS)) {
Review Comment:
Thanks @dimas-b for the change. But I think this is not the right place to
check. `SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION` is mainly for POC or test env,
where we allow Polaris to skip credential vending no matter what clients ask.
I believe the right place to check is in
`AwsCredentialsStorageIntegration::getSubscopedCreds()`. Clients ask for
credential vending, but this storage doesn't have the capability to do so.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
