Re: [DISCUSS] REST: Refreshing vended credentials

Hey Yufei, for 1) a client would choose the longest matching prefix. In terms of failure I guess it really depends on what kind of credentials the server sent to the client. If the server sent multiple credentials for the same table (one generic (*prefix=s3*) and one narrowed-down one ( *prefix=s3

Re: [DISCUSS] REST: Refreshing vended credentials

Hi Eduard, Thanks for the proposal. I'm excited about the new spec. I have two questions: 1. This is probably a dumb question due to the lack of context, but I'm a bit confused about how clients should select a prefix to use. In scenarios where multiple prefixes exist, which one should the client

Re: [DISCUSS] REST: Refreshing vended credentials

+1 for adding this in the REST spec. Glue has a similar API GetTemporaryGlueTableCredentials [1], which was introduced because of performance and also security reasons. For example, we don't want to propagate credentials across the compute nodes in the cluster, and each compute node needs to fetch

[DISCUSS] REST: Refreshing vended credentials

Hey everyone, I'd like to propose a mechanism and changes in order to be able to refresh vended credentials for tables. Please find the proposal doc here . The proposal requires a spec change, which