adutra opened a new issue, #3090:
URL: https://github.com/apache/polaris/issues/3090
### Is your feature request related to a problem? Please describe.
#2280 is bringing support for S3 request signing.
It introduces an access delegation mode selection algorithm that is roughly
like this:
1. If no delegation mode is requested, use `UNKNOWN`
2. If one single delegation mode is requested, use that mode
3. If requested modes include both `VENDED_CREDENTIALS` and `REMOTE_SIGNING`
a. If credentials subscoping is enabled for the catalog, use
`VENDED_CREDENTIALS`
b. Otherwise, use `REMOTE_SIGNING`
4. Otherwise, throw an error "unsupported mode(s)"
This algorithm aims at being smart but also fast to execute.
But it may select sub-optimal modes. For example, it doesn't check whether
STS is available, because that requires fetching the
`AwsStorageConfigurationInfo` for the catalog. So in some cases it may select
`VENDED_CREDENTIALS` while `REMOTE_SIGNING` would be a better choice.
### Describe the solution you'd like
_No response_
### Describe alternatives you've considered
_No response_
### Additional context
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
