All,
The current INCLUDE_PRINCIPAL_NAME_IN_SUBSCOPED_CREDENTIAL flag toggles between two hardcoded STS role session name formats: * false (default): PolarisAwsCredentialsStorageIntegration * true: polaris-<principal> There is no way to include additional context (realm, catalog, namespace, table) in the session name without forking AwsCredentialsStorageIntegration. This is a gap given that the existing SESSION_TAGS_IN_SUBSCOPED_CREDENTIAL flag already supports per-field selection for session tags. I raised this issue: https://github.com/apache/polaris/issues/4324 and here is a PR with a fix: https://github.com/apache/polaris/pull/4326#discussion_r3197459065. I would appreciate any and all feedback. Thanks. — anand
