adutra commented on issue #3710: URL: https://github.com/apache/polaris/issues/3710#issuecomment-3890911430
From my experience, Polaris does not forward `X-Iceberg-Access-Delegation` headers to the remote catalog, and thus, the remote catalog is never asked for vended credentials – even if the client included this header in the original request to Polaris. When the client requests credential vending, Polaris forwards the request to the remote catalog, but mints temporary credentials itself and vends them to the client. IOW, a `PolarisStorageConfigurationInfo` must have been configured when declaring the external catalog in Polaris, and it's this storage config that will be used for vending credentials. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
