dimas-b commented on code in PR #3525:
URL: https://github.com/apache/polaris/pull/3525#discussion_r2728572982
##########
polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java:
##########
@@ -103,17 +103,15 @@ public StorageAccessConfig getSubscopedCreds(
String roleSessionName =
includePrincipalNameInSubscopedCredential
- ? "polaris-" + polarisPrincipal.getName()
+ ? AwsRoleSessionNameSanitizer.sanitize("polaris-" +
polarisPrincipal.getName())
Review Comment:
The problem this change fixes is specific to AWS, AFAIK, but the benefits of
including the exact principal name may be applicable to other S3 systems, where
the session name is less restricted. Cf. #3224
@tokoko : WDYT? Is having exact principal names critical for your use cases?
@yushesp : In your use cases, do you actually need some Principal info in
the session name, or could you exclude it via the
`INCLUDE_PRINCIPAL_NAME_IN_SUBSCOPED_CREDENTIAL` flag?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
