This is an automated email from the ASF dual-hosted git repository.
dimas pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new 6654903c2 Fix site documentation (#3878)
6654903c2 is described below
commit 6654903c2dcc7fabbe7828f6f25672bba93cb354
Author: Anand K Sankaran <[email protected]>
AuthorDate: Tue Feb 24 09:30:29 2026 -0800
Fix site documentation (#3878)
Co-authored-by: Anand Kumar Sankaran <[email protected]>
---
.../config-sections/flags-polaris_features.md | 27 ++++++++--------------
1 file changed, 9 insertions(+), 18 deletions(-)
diff --git
a/site/content/in-dev/unreleased/configuration/config-sections/flags-polaris_features.md
b/site/content/in-dev/unreleased/configuration/config-sections/flags-polaris_features.md
index 7dbb76d85..e9cc792b2 100644
---
a/site/content/in-dev/unreleased/configuration/config-sections/flags-polaris_features.md
+++
b/site/content/in-dev/unreleased/configuration/config-sections/flags-polaris_features.md
@@ -355,24 +355,6 @@ If set to true, principal name will be included in
temporary subscoped credentia
---
-##### `polaris.features."INCLUDE_SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL"`
-
-If set to true, session tags (catalog, namespace, table, principal, roles)
will be included in AWS STS AssumeRole requests for credential vending. These
tags appear in CloudTrail events, enabling correlation between catalog
operations and S3 data access. Requires the IAM role trust policy to allow
sts:TagSession action. Note that enabling this feature may lead to degradation
in temporary credential caching as catalog will no longer be able to reuse
credentials for different tables/namesp [...]
-
-- **Type:** `Boolean`
-- **Default:** `false`
-
----
-
-##### `polaris.features."INCLUDE_TRACE_ID_IN_SESSION_TAGS"`
-
-If set to true (and INCLUDE_SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL is also
true), the OpenTelemetry trace ID will be included as a session tag in AWS STS
AssumeRole requests. This enables end-to-end correlation between catalog
operations (Polaris events), credential vending (CloudTrail), and metrics
reports from compute engines. WARNING: Enabling this feature completely
disables credential caching because every request has a unique trace ID. This
may significantly increase latency and STS [...]
-
-- **Type:** `Boolean`
-- **Default:** `false`
-
----
-
##### `polaris.features."LIST_PAGINATION_ENABLED"`
If set to true, pagination for APIs like listTables is enabled.
@@ -429,6 +411,15 @@ If set to true, resolve AWS credentials based on the
storageName field of the st
---
+##### `polaris.features."SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL"`
+
+A comma-separated list of fields to include as session tags in AWS STS
AssumeRole requests for credential vending. These tags appear in CloudTrail
events, enabling correlation between catalog operations and S3 data access. An
empty list (default) disables session tags entirely. Requires the IAM role
trust policy to allow sts:TagSession action. Supported fields: realm, catalog,
namespace, table, principal, roles, trace_id Note: each additional field may
contribute to AWS STS packed policy [...]
+
+- **Type:** `List<String>`
+- **Default:** `[]`
+
+---
+
##### `polaris.features."SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION"`
If set to true, skip credential-subscoping indirection entirely whenever
trying to obtain storage credentials for instantiating a FileIO. If 'true', no
attempt is made to use StorageConfigs to generate table-specific storage
credentials, but instead the default fallthrough of table-level credential
properties or else provider-specific APPLICATION_DEFAULT credential-loading
will be used for the FileIO. Typically this setting is used in single-tenant
server deployments that don't rely on " [...]
