tokoko opened a new pull request, #3224: URL: https://github.com/apache/polaris/pull/3224
PR changes role session name of temporary credentials generated for s3 to contain principal name. The goal is to simplify audit of storage access with credentials generated by Polaris. PolarisPrincipal is injected in `StorageAccessConfigProvider`, used as part of a cache key and then value propagated through the call chain. Azure and Gcp integration classes also accept PolarisPrincipal, but the values are ignored for now. This will probably also result in relatively increased amount of sts calls as credential requests for the same table by different principals will no longer hit the same cache. Fixes #3196 ## Checklist - [x] 🛡️ Don't disclose security issues! (contact [email protected]) - [x] 🔗 Clearly explained why the changes are needed, or linked related issues: Fixes # - [x] 🧪 Added/updated tests with good coverage, or manually tested (and explained how) - [x] 💡 Added comments for complex logic - [x] 🧾 Updated `CHANGELOG.md` (if needed) - [x] 📚 Updated documentation in `site/content/in-dev/unreleased` (if needed) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
