jbonofre opened a new pull request, #4696: URL: https://github.com/apache/polaris/pull/4696
`IcebergCatalog.loadFileIOForTableLike` only passed `tableDefaultProperties` (the `table-default.*`-prefixed subset of catalog properties) to the `FileIOFactory`. For S3-compatible storage configured with `stsUnavailable: true`, catalogs typically carry static credentials (`s3.access-key-id` / `s3.secret-access-key`) as catalog properties. These were dropped before reaching `S3FileIO`, which then fell back to the AWS default credentials provider chain and failed when no chain credential was available. Merge `catalogProperties` as the base layer under `tableProperties`. `DefaultFileIOFactory` still overlays `StorageAccessConfig` last, so STS-vended subscoped credentials continue to take precedence over static catalog credentials when STS is available. ## Checklist - [x] ๐ก๏ธ Don't disclose security issues! (contact [email protected]) - [x] ๐ Clearly explained why the changes are needed, or linked related issues: Fixes # - [x] ๐งช Added/updated tests with good coverage, or manually tested (and explained how) - [ ] ๐ก Added comments for complex logic - [ ] ๐งพ Updated `CHANGELOG.md` (if needed) - [ ] ๐ Updated documentation in `site/content/in-dev/unreleased` (if needed) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
