dimas-b commented on issue #3038: URL: https://github.com/apache/polaris/issues/3038#issuecomment-3559405459
@dparent1 : The current state of the server codebase is that Polaris uses fixed base credentials for its own access to storage in all requests. It can use external IdP for authenticating API requests, but will switch to the single "service" credential for storage access. > I'd like to pass the jwt token provided to polaris to the s3 appliance so it can allow / deny access based on the claims in the jwt token. I fully support implementing this use case... however, I do believe it will require a lot of code changes in Polaris 😅 just a fair warning 😉 Ultimately, this is about feeding the right input credentials into [AwsCredentialsStorageIntegration](https://github.com/apache/polaris/blob/aa72157a8433c98f1de19b4237d31188cc6c3c83/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java#L73). I'd propose to move this discussion to the `dev` [ML](https://polaris.apache.org/community/) for visibility and because I believe email is a better tool than GH comments for design discussions :) As for me, I do not have a solid plan for this in my mind ATM, so I suppose it will have to be a collaborative and iterative process... as it's supposed to be at ASF :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
