cccs-cat001 opened a new pull request, #3170: URL: https://github.com/apache/polaris/pull/3170
Here is a preliminary pass at fixing https://github.com/apache/polaris/issues/3038, I've added in an option to have the sts use assumeRoleWithWebIdentity and pass along the user credentials. This will allow the STS to know who is asking for credentials instead of the request coming from some shared service credentials. We've found that using our on-prem S3 solution that the way Polaris accesses the STS results in connectivity errors, and the recommended way of accessing the STS is with a web identity token (A.K.A. access token), so adding this optional feature will result in Polaris being usable by more S3 appliances than just AWS :) ## Checklist - [ ] ๐ก๏ธ Don't disclose security issues! (contact [email protected]) - [x] ๐ Clearly explained why the changes are needed, or linked related issues: Fixes # - [x] ๐งช Added/updated tests with good coverage, or manually tested (and explained how) - [x] ๐ก Added comments for complex logic - [ ] ๐งพ Updated `CHANGELOG.md` (if needed) - [x] ๐ Updated documentation in `site/content/in-dev/unreleased` (if needed) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
