Re: [PR] Sanitize principal names in AWS STS role session names [polaris]

via GitHub Mon, 26 Jan 2026 09:58:20 -0800


tokoko commented on code in PR #3525:
URL: https://github.com/apache/polaris/pull/3525#discussion_r2728652640



##########
polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java:
##########
@@ -103,17 +103,15 @@ public StorageAccessConfig getSubscopedCreds(
 
     String roleSessionName =
         includePrincipalNameInSubscopedCredential
-            ? "polaris-" + polarisPrincipal.getName()
+            ? AwsRoleSessionNameSanitizer.sanitize("polaris-" + 
polarisPrincipal.getName())

Review Comment:
   exact names are preferable of course, but in case the name causes a fail, 
sanitizing it makes sense. we're effectively kind of already doing the same by 
capping the length of the role name. The principal name included could be 
different for really really long principal names.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] Sanitize principal names in AWS STS role session names [polaris]

Reply via email to