Hi Dimitri, Thanks for the discussion thread to bring awareness. The change in 2615 makes sense to me. Yufei
On Fri, Sep 19, 2025 at 8:26 AM Dmitri Bourlatchkov <[email protected]> wrote: > Hi All, > > In order to support non-AWS S3 implementation better I propose [2615] to > obtain AccessConfig at the REST API layer in all cases that produce config > maps in response payloads. > > If credential vending is requested by the client, there is no change in > Polaris behaviour. > > If credential vending is _not_ requested by the client, Polaris will invoke > the storage integration code now, obtain an AccessConfig object, but will > only send to the client non-credential access properties (e.g. s3 > endpoint). > > This will allow clients to use MinIO with local credentials, while relying > on the catalog to manage the endpoint settings. > > As the next step towards [2589] I'm planning to make the use of STS > optional. Then, clients will be able to use local credentials plus > catalog-managed endpoint configuration for S3-compatible systems that do > not have STS. > > WDYT? > > [2589] https://github.com/apache/polaris/pull/2589 > [2615] https://github.com/apache/polaris/pull/2615 > > Thanks, > Dmitri. >
