fabio-rizzo-01 commented on code in PR #2802:
URL: https://github.com/apache/polaris/pull/2802#discussion_r2450658389
##########
polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java:
##########
@@ -75,11 +80,15 @@ public AccessConfig getSubscopedCreds(
boolean allowListOperation,
@Nonnull Set<String> allowedReadLocations,
@Nonnull Set<String> allowedWriteLocations,
- Optional<String> refreshCredentialsEndpoint) {
+ Optional<String> refreshCredentialsEndpoint,
+ Map props) {
+ LOGGER.info("Getting subscoped creds props: {}", props);
+ String kmsKey = props.get("s3.sse.key") != null ?
props.get("s3.sse.key").toString() : null;
Review Comment:
Yes that is to support the usage of the s3 properties defined in iceberg, we
don't really need to pass down props or have that code in there as long as we
can agree on the code
https://github.com/apache/polaris/pull/2802/files#diff-d305f7a426a7690c576722c114257792b3fcee726624655d15893b71499827f8R274.
If no kms key was defined in the polaris AWS storage then we allow the usage
of any keys owned by that account.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
