Just approved as well - thanks for all your work! I'd recommend keeping the PR open for another 24-48hr for any last comments and then we should be good to merge!
Best, Adnan Hemani On Mon, Jun 22, 2026 at 1:10 PM Sung Yun <[email protected]> wrote: > Hi Anand and Dmitri, I just approved the PR. > > Anand - thanks again for the PR and for responding to all of the review > comments so quickly! > > Sung > > On 2026/06/22 14:40:36 Anand Kumar Sankaran via dev wrote: > > Hi Dmitry, > > > > Thanks again. Sorry I’m in endless meetings at work that I’ve been > unable to attend the weekly syncs. These are often customer / partner > meetings. > > > > I’ve addressed all the comments. I hope I’ve addressed the testing > concerns Adnan had as well. If I missed something, please post a comment in > the PR and / or tag me in slack. > > > > Get Outlook for iOS<https://aka.ms/o0ukef> > > ________________________________ > > From: Anand Kumar Sankaran via dev <[email protected]> > > Sent: Thursday, 11 June 2026 09:20:48 > > To: Polaris Dev Mailing List <[email protected]> > > Cc: Anand Kumar Sankaran <[email protected]> > > Subject: GCP counterpart to AWS STS session tags > > > > https: //urldefense. com/v3/__https: //github. > com/apache/polaris/issues/4706__;!!Iz9xO38YGHZK!6xLhQWuslJHADOTEpFgl4Z_iLhcDF6eW3qLENHFnIaalnp1V2PzeWXPPTqemWU5_e4w9aY0ebPuqkx5JrSNJZQ$ > https: //urldefense. com/v3/__https: //github. > com/apache/polaris/pull/4707__;!!Iz9xO38YGHZK!6xLhQWuslJHADOTEpFgl4Z_iLhcDF6eW3qLENHFnIaalnp1V2PzeWXPPTqemWU5_e4w9aY0ebPuqkx4vd5uy8Q$ > > > > > > > https://urldefense.com/v3/__https://github.com/apache/polaris/issues/4706__;!!Iz9xO38YGHZK!6xLhQWuslJHADOTEpFgl4Z_iLhcDF6eW3qLENHFnIaalnp1V2PzeWXPPTqemWU5_e4w9aY0ebPuqkx5JrSNJZQ$ > > > > > https://urldefense.com/v3/__https://github.com/apache/polaris/pull/4707__;!!Iz9xO38YGHZK!6xLhQWuslJHADOTEpFgl4Z_iLhcDF6eW3qLENHFnIaalnp1V2PzeWXPPTqemWU5_e4w9aY0ebPuqkx4vd5uy8Q$ > > > > Polaris can correlate vended-credential data access back to the catalog > operation that issued the credentials on AWS — via > SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL, which stamps polaris:principal, > polaris:realm, polaris:catalog, etc. as AWS STS session tags that then > appear in CloudTrail S3 data events. There is no equivalent on GCP. GCS > Data Access audit logs cannot today be tied to the Polaris principal that > requested the credential, which breaks audit correlation, > chargeback/attribution, and incident response for GCS-backed catalogs. > > > > This issue and PR provide a way to achieve similar correlation using > WIFs in GCP. > > > > Please review. > > > > - > > Anand > > > > >
