adutra commented on code in PR #2280:
URL: https://github.com/apache/polaris/pull/2280#discussion_r2263157118
##########
runtime/service/src/main/java/org/apache/polaris/service/storage/StorageConfiguration.java:
##########
@@ -72,21 +71,19 @@ public interface StorageConfiguration extends
S3AccessConfig {
Optional<Duration> gcpAccessTokenLifespan();
default Supplier<StsClient> stsClientSupplier() {
- return stsClientSupplier(true);
- }
-
- default Supplier<StsClient> stsClientSupplier(boolean withCredentials) {
return Suppliers.memoize(
- () -> {
- StsClientBuilder stsClientBuilder = StsClient.builder();
- if (withCredentials) {
- stsClientBuilder.credentialsProvider(stsCredentials());
- }
- return stsClientBuilder.build();
- });
+ () ->
StsClient.builder().credentialsProvider(awsSystemCredentials()).build());
}
- default AwsCredentialsProvider stsCredentials() {
+ /**
+ * Returns an {@link AwsCredentialsProvider} that provides system-wide AWS
credentials. If both
+ * access key and secret key are present, it uses them directly; otherwise,
it uses the default
+ * credentials provider chain.
+ *
+ * <p>The returned provider is not meant to be vended directly to clients,
but rather used with
+ * STS, unless credential subscoping is disabled.
+ */
+ default AwsCredentialsProvider awsSystemCredentials() {
Review Comment:
Renamed to `awsSystemCredentials` because these are not "just" credentials
for STS, they are server credentials.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
