adutra commented on code in PR #3591:
URL: https://github.com/apache/polaris/pull/3591#discussion_r2749550769
##########
getting-started/ozone/README.md:
##########
@@ -48,6 +48,7 @@ bin/spark-sql \
--conf spark.sql.catalog.polaris.token-refresh-enabled=false \
--conf spark.sql.catalog.polaris.warehouse=quickstart_catalog \
--conf spark.sql.catalog.polaris.scope=PRINCIPAL_ROLE:ALL \
+ --conf spark.sql.catalog.polaris.header.X-Iceberg-Access-Delegation="" \
Review Comment:
This is very intriguing. I cannot reproduce the error locally. The error is
generated here:
https://github.com/apache/polaris/blob/baf01a54696b28095a197cbde156d386913cfd3e/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogHandler.java#L871-L887
As we see, this code path is clearly guarded by `if
(delegationModes.contains(VENDED_CREDENTIALS))`.
My best guess is that _something_ is setting this header value to
`vended-credentials` when running the Ozone getting-started guide, thus forcing
some users to override it with an empty string.
I noticed that PyIceberg does set this header by default to
`vended-credentials`:
https://github.com/apache/iceberg-python/blob/d62b36024ab36fc3f86be50634cd8b32ce3fb9a1/pyiceberg/catalog/rest/__init__.py#L768
But that still doesn't explain why we need to set it explicitly when running
Spark SQL.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
