evindj opened a new pull request, #3459: URL: https://github.com/apache/polaris/pull/3459
<!-- ๐ Describe what changes you're proposing, especially breaking or user-facing changes. ๐ See https://github.com/apache/polaris/blob/main/CONTRIBUTING.md for more. --> ### summary This change addresses issue #3292 One load table API request was resulting in two STS AssumeRole requests because refreshCredentialsEndpoint was part of the cache key in StorageCredentialCacheKey.java. During a loadTable operation, credentials were fetched twice: 1. First call with refreshCredentialsEndpoint=Optional.empty() (server-side metadata read) 2. Second call with refreshCredentialsEndpoint=Optional.of(url) (building client response) Since refreshCredentialsEndpoint was part of the cache key, these two calls resulted in cache misses, causing duplicate STS calls. So the fix is to remove refreshCredentialsEndpoint as cache key. I did not find any evidence that we wanted an STS per refresh endpoint. ### Added unit test to show previous behavior, the test passed after the change was updated. - I setup an aws backend to see that the sts request was not called twice. ## Checklist - [x] ๐ก๏ธ Don't disclose security issues! (contact [email protected]) - [x] ๐ Clearly explained why the changes are needed, or linked related issues: Fixes # - [x] ๐งช Added/updated tests with good coverage, or manually tested (and explained how) - [x] ๐ก Added comments for complex logic - [ ] ๐งพ Updated `CHANGELOG.md` (if needed) - [ ] ๐ Updated documentation in `site/content/in-dev/unreleased` (if needed) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
