HonahX commented on code in PR #2784:
URL: https://github.com/apache/polaris/pull/2784#discussion_r2418119617
##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java:
##########
@@ -808,7 +809,10 @@ private LoadTableResponse.Builder
buildLoadTableResponseWithDelegationCredential
PolarisResolvedPathWrapper resolvedStoragePath =
CatalogUtils.findResolvedStorageEntity(resolutionManifest,
tableIdentifier);
- if (baseCatalog instanceof IcebergCatalog && resolvedStoragePath != null) {
+ if ((baseCatalog instanceof IcebergCatalog
+ || realmConfig.getConfig(
+ ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING,
getResolvedCatalogEntity()))
Review Comment:
Thanks for all the suggestions! After more thoughts, I realized that it
better to have a separate param to control the credential vending for federated
catalog. Plus we need to ensure `ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING`
guard the passthrough-facade catalog in both loadTable and createTable call
path.
The new experience is that we support credential vending for federated
catalog if both `ALLOW_EXTERNAL_CATALOG_CREDENTIAL_VENDING` and the newly added
`ALLOW_FEDERATED_CATALOGS_CREDENTIAL_VENDING` are set to true, which is the
default behavior. It will make it easier to explain in the changelog
I've added a line in the CHANGELOG, but will wait for
https://github.com/apache/polaris/pull/2783 first
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
