tokoko commented on code in PR #3224:
URL: https://github.com/apache/polaris/pull/3224#discussion_r2596333948
##########
polaris-core/src/main/java/org/apache/polaris/core/storage/cache/StorageCredentialCache.java:
##########
@@ -123,6 +125,7 @@ public StorageAccessConfig getOrGenerateSubScopeCreds(
allowListOperation,
allowedReadLocations,
allowedWriteLocations,
+ polarisPrincipal,
Review Comment:
so far I added a single feature flag called
`INCLUDE_PRINCIPAL_NAME_IN_SUBSCOPED_CREDENTIAL` that is checked both by cache
and aws integration. couldn't really justify to myself a second flag that would
do essentially the same thing. The only downside I see is that as of now
someone might cause key proliferation even if using azure or gcp, but the
feature is by default disabled, so I don't think another feature flag to guard
against that is necessary. Let me know what you think.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
