pass skip_credential_subscoping_indirection param to TaskFileIOSupplier #400
Conversation
alessandro-nori
force-pushed
the
fix_task_fileio_supplier_wo_creds_subscoping
branch
4 times, most recently
from
b5592c1
to
102e771
Compare
alessandro-nori
force-pushed
the
fix_task_fileio_supplier_wo_creds_subscoping
branch
from
102e771
to
09d3b09
Compare
| // Typically this setting is used in single-tenant server deployments that don't rely on | ||
| // "credential-vending" and can use server-default environment variables or credential config | ||
| // files for all storage access, or in test/dev scenarios. | ||
| public static final Boolean SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION_DEFAULT = false; |
There was a problem hiding this comment.
I would rather not have a separate public variable here; you can always get the default with SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION.defaultValue
| @@ -103,6 +103,22 @@ public static <T> Builder<T> builder() { | |||
| .defaultValue(false) | |||
| .build(); | |||
|
|
|||
| // Config key for whether to skip credential-subscoping indirection entirely whenever trying | |||
There was a problem hiding this comment.
Can we move this into the description? The description should ideally be detailed enough to understand the config without an additional comment explaining it.
Thanks for your input on this @eric-maynard ! |
|
I see, but how did you test it's working? i.e. how did you confirm that the credentials vended were not subscoped? |
I did some manual tests and verified it's working (it was not working in my setup when Polaris was subscoping the credentials because I cannot reach aws endpoints directly). |
Description
Fixes #379
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Checklist:
Please delete options that are not relevant.