singhpk234 commented on code in PR #2280:
URL: https://github.com/apache/polaris/pull/2280#discussion_r2505969332
##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java:
##########
@@ -844,6 +869,37 @@ ALLOW_FEDERATED_CATALOGS_CREDENTIAL_VENDING,
getResolvedCatalogEntity())) {
return responseBuilder;
}
+ private AccessDelegationMode selectAccessDelegationMode(
Review Comment:
would it be helpful to add a comment here and link irc spec here to pick the
delegation mode they prefer ?
##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java:
##########
@@ -844,6 +869,37 @@ ALLOW_FEDERATED_CATALOGS_CREDENTIAL_VENDING,
getResolvedCatalogEntity())) {
return responseBuilder;
}
+ private AccessDelegationMode selectAccessDelegationMode(
+ Set<AccessDelegationMode> delegationModes) {
+
+ if (delegationModes.isEmpty()) {
+ return UNKNOWN;
+ }
+
+ if (delegationModes.size() == 1) {
+ return delegationModes.iterator().next();
+ }
+
+ if (delegationModes.contains(VENDED_CREDENTIALS) &&
delegationModes.contains(REMOTE_SIGNING)) {
+
+ boolean skipCredIndirection =
+
realmConfig.getConfig(FeatureConfiguration.SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION);
+
+ boolean credentialSubscopingAllowed =
+ baseCatalog instanceof IcebergCatalog
Review Comment:
If its an Iceberg catalog but doesn't support sts wouldn't we prefer
remote-signing then ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
