XJDKC commented on PR #1506: URL: https://github.com/apache/polaris/pull/1506#issuecomment-2851659281
Hi folks, any other concerns about this spec change? There is one remaining thing we haven't made a decision: For non-STS based SigV4 authentication, how do we plan to support it? #### 1. **From env vars or server config**, e.g.: * POLARIS_IAM_USER_AWS_ACCESS_KEY_ID * POLARIS_IAM_USER_AWS_SECRET_ACCESS_KEY * POLARIS_IAM_USER_ARN In this case, `roleArn` would not be required. #### 2. **Configured via the Polaris Management API: Stick to `SigV4AuthenticationParameters`** If we stick with the existing `SigV4AuthenticationParameters` type, we could: * Make roleArn optional * Add `iamUserAwsAccessKeyId` and `iamUserAwsSecretAccessKey` as optional fields #### 3. **Configured via the Polaris Management API: Add new auth type** We could create a new type to distinguish clearly: * New AuthenticationType enum: SIGV4_STS, SIGV4_STATIC_CREDS #### 4. **Configured via the Polaris Management API: Add new auth types** We could create a new sub type to distinguish clearly: e.g. new subtype under SigV4AuthenticationParameters: STS, CREDS Do you have any perference or is the current proposal good to go? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
