alessandro-nori opened a new issue, #379: URL: https://github.com/apache/polaris/issues/379
### Is this a possible security vulnerability? - [X] This is NOT a possible security vulnerability ### Describe the bug The TaskFileIOSupplier class always tries to get subscoped credentials and doesn't take into consideration the SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION configuration parameter. In certain setups, we should be able to load a FileIO without credentials. ### To Reproduce Assuming you're using AWS s3 as storage type for your catalog: 1. Set SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION to true and run polaris 2. Send a Purge request from a client that doesn't try to delete the files on the client side (e.g. pyiceberg) 3. Look at the traces and see the call to aws.AssumeRole coming from TaskFileIOSupplier ### Actual Behavior Polaris tries to get subscoped credentials for the FileIO ### Expected Behavior Polaris should load a FileIO without credentials ### Additional context _No response_ ### System information _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
