dimas-b commented on PR #3236: URL: https://github.com/apache/polaris/pull/3236#issuecomment-3634900960
@adutra : > But if the goal is more about exposing ALL the principal credentials through the PolarisPrincipal interface [...] As far as I understand, the goal of this PR is simply to enable custom code to use the token during the authentication flow against STS. As far as I understand, `PolarisPrincipal` is involved only because we have to expose the right set of values for the Storage Credentials cache to consider when deciding to reuse previous credentials (because reusing a credential obtained with a different user token would be invalid). This aspect was [discussed briefly](https://github.com/apache/polaris/pull/3224#discussion_r2594524173) in #3224 (as you probably know) and in #3196 (indirectly). If `StorageAccessConfig` generation could be achieved with only request-scoped objects, then passing credentials through the call chain would not be necessary... However, this is going to be a rather big refactoring. From my POV limiting this PR to the unparsed auth token propagation is probably sufficient for now. However, I would not mind using `PolarisCredentials` too, the latter would be a more holistic approach, but again it will require a bigger change. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
