chore(query): allow_anonymous when key token is empty #19143
Conversation
github-actions
bot
added
the
pr-chore
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
@codex review |
|
Codex Review: Didn't find any major issues. 🚀 ℹ️ About Codex in GitHubCodex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback". |
Docker Image for PR
|
… provided Remove the restrictive disable_credential_loader condition that prevented anonymous access to public S3 buckets in Databend Cloud environment. When users create an external stage pointing to a public bucket without providing credentials, OpenDAL should use unsigned requests. The previous condition required disable_credential_loader=true which is never set in cloud environments that rely on EC2/K8s metadata for credentials. OpenDAL will still prefer credentials from environment/EC2 metadata when available, and only fall back to unsigned requests when no credentials can be obtained from any source.
bohutang
force-pushed
the
allow_anonymous
branch
from
4f754d4 to
56c6ad2
Compare
bohutang
added
ci-cloud
Docker Image for PR
|
…sionDenied Restore unconditional allow_anonymous() in S3 operator initialization. This enables accessing public S3 buckets without explicit credentials. OpenDAL will prefer credentials when available and fall back to anonymous access only when needed. Also update check_operator() to accept PermissionDenied as a valid response. When allow_anonymous() is enabled and anonymous stat is attempted on a private bucket, it returns 403 instead of 404 for non-existent files. This is expected behavior - it just means the bucket exists but anonymous access is denied. Remove the unreliable external S3 test that depends on the wizardbend bucket being accessible from CI environments.
Docker Image for PR
|
bohutang
added
ci-cloud
Docker Image for PR
|
4 participants
I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/
Summary
chore(query): allow_anonymous when key token is empty
Tests
Type of change
This change is