fixup! add refresh credentials property to loadTableResult

jasonf20 · jasonf20 · commit 5c92bddee9cf · 2025-08-18T12:52:20.000+03:00
diff --git a/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java b/runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalogAdapter.java
@@ -60,6 +60,7 @@
 import org.apache.iceberg.rest.responses.ConfigResponse;
 import org.apache.iceberg.rest.responses.ImmutableLoadCredentialsResponse;
 import org.apache.iceberg.rest.responses.LoadTableResponse;
+import org.apache.polaris.core.admin.model.StorageConfigInfo;
 import org.apache.polaris.core.auth.AuthenticatedPolarisPrincipal;
 import org.apache.polaris.core.auth.PolarisAuthorizer;
 import org.apache.polaris.core.context.CallContext;
@@ -74,7 +75,6 @@
 import org.apache.polaris.core.rest.PolarisEndpoints;
 import org.apache.polaris.core.rest.PolarisResourcePaths;
 import org.apache.polaris.core.secrets.UserSecretsManager;
-import org.apache.polaris.core.storage.StorageAccessProperty;
 import org.apache.polaris.service.catalog.AccessDelegationMode;
 import org.apache.polaris.service.catalog.CatalogPrefixParser;
 import org.apache.polaris.service.catalog.api.IcebergRestCatalogApiService;
@@ -444,22 +444,25 @@ public Response loadTable(
 
   private LoadTableResponse injectRefreshVendedCredentialProperties(
       LoadTableResponse originalResponse, String credentialsEndpoint) {
-    LoadTableResponse.Builder loadResponseBuilder =
-        LoadTableResponse.builder().withTableMetadata(originalResponse.tableMetadata());
-    loadResponseBuilder.addAllConfig(originalResponse.config());
-    loadResponseBuilder.addAllCredentials(originalResponse.credentials());
-    loadResponseBuilder.addConfig(
-        AwsClientProperties.REFRESH_CREDENTIALS_ENDPOINT, credentialsEndpoint);
     // Only enable credential refresh for currently supported credential types
     if (originalResponse.credentials().stream()
         .anyMatch(
             credential ->
                 credential
-                    .config()
-                    .containsKey(StorageAccessProperty.AWS_SECRET_KEY.getPropertyName()))) {
+                    .prefix()
+                    .toLowerCase()
+                    .startsWith(StorageConfigInfo.StorageTypeEnum.S3.name().toLowerCase()))) {
+      LoadTableResponse.Builder loadResponseBuilder =
+          LoadTableResponse.builder().withTableMetadata(originalResponse.tableMetadata());
+      loadResponseBuilder.addAllConfig(originalResponse.config());
+      loadResponseBuilder.addAllCredentials(originalResponse.credentials());
+      loadResponseBuilder.addConfig(
+          AwsClientProperties.REFRESH_CREDENTIALS_ENDPOINT, credentialsEndpoint);
       loadResponseBuilder.addConfig(AwsClientProperties.REFRESH_CREDENTIALS_ENABLED, "true");
+      return loadResponseBuilder.build();
+    } else {
+      return originalResponse;
     }
-    return loadResponseBuilder.build();
   }
 
   @Override
