Revert "Merge branch 'onprem-s3-dell-ecs' into handle-custom-sts-endpoint"

This reverts commit 69e402e, reversing
changes made to a169a79.

Author: rohangoli

polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsCredentialsStorageIntegration.java

@@ -211,24 +211,14 @@ private IamPolicy policyString(
     Map<String, IamStatement.Builder> bucketGetLocationStatementBuilder = new HashMap<>();
 
     String arnPrefix = arnPrefixForPartition(awsPartition);
-    boolean isEcsPartition = "ecs".equals(awsPartition);
     Stream.concat(readLocations.stream(), writeLocations.stream())
         .distinct()
         .forEach(
             location -> {
               URI uri = URI.create(location);
-              // Some on-prem S3/STSc implementations (for example ECS) do not accept object ARNs
-              // that include the path portion (bucket/key/*). For those, scope object permissions
-              // to
-              // the whole bucket (bucket/*) and rely on s3:prefix conditions for finer granularity.
-              if (isEcsPartition) {
-                allowGetObjectStatementBuilder.addResource(
-                    IamResource.create(arnPrefix + StorageUtil.getBucket(uri) + "/*"));
-              } else {
-                allowGetObjectStatementBuilder.addResource(
-                    IamResource.create(
-                        arnPrefix + StorageUtil.concatFilePrefixes(parseS3Path(uri), "*", "/")));
-              }
+              allowGetObjectStatementBuilder.addResource(
+                  IamResource.create(
+                      arnPrefix + StorageUtil.concatFilePrefixes(parseS3Path(uri), "*", "/")));
               final var bucket = arnPrefix + StorageUtil.getBucket(uri);
               if (allowList) {
                 bucketListStatementBuilder
@@ -262,14 +252,9 @@ private IamPolicy policyString(
       writeLocations.forEach(
           location -> {
             URI uri = URI.create(location);
-            if (isEcsPartition) {
-              allowPutObjectStatementBuilder.addResource(
-                  IamResource.create(arnPrefix + StorageUtil.getBucket(uri) + "/*"));
-            } else {
-              allowPutObjectStatementBuilder.addResource(
-                  IamResource.create(
-                      arnPrefix + StorageUtil.concatFilePrefixes(parseS3Path(uri), "*", "/")));
-            }
+            allowPutObjectStatementBuilder.addResource(
+                IamResource.create(
+                    arnPrefix + StorageUtil.concatFilePrefixes(parseS3Path(uri), "*", "/")));
           });
       policyBuilder.addStatement(allowPutObjectStatementBuilder.build());
     }
@@ -290,13 +275,7 @@ private IamPolicy policyString(
   }
 
   private static String arnPrefixForPartition(String awsPartition) {
-    // Some on-prem S3 compatible systems (e.g. ECS) use a non-standard partition value
-    // but expect S3 resource ARNs to use the 'aws' partition form (arn:aws:s3:::bucket).
-    String partition = awsPartition != null ? awsPartition : "aws";
-    if ("ecs".equals(partition)) {
-      partition = "aws";
-    }
-    return String.format("arn:%s:s3:::", partition);
+    return String.format("arn:%s:s3:::", awsPartition != null ? awsPartition : "aws");
   }
 
   private static @Nonnull String parseS3Path(URI uri) {

polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java

@@ -46,11 +46,7 @@ public static ImmutableAwsStorageConfigurationInfo.Builder builder() {
 
   // Technically, it should be ^arn:(aws|aws-cn|aws-us-gov):iam::(\d{12}):role/.+$,
   @JsonIgnore
-  // Account id may be a 12-digit AWS account number or a vendor-specific namespace that must
-  // not be purely numeric (must start with a letter, underscore or hyphen followed by allowed
-  // chars).
-  public static final String ROLE_ARN_PATTERN =
-      "^(arn|urn):(aws|aws-us-gov|ecs):iam::((\\d{12})|([a-zA-Z_-][a-zA-Z0-9_-]*)):role/.+$";
+  public static final String ROLE_ARN_PATTERN = "^arn:(aws|aws-us-gov):iam::(\\d{12}):role/.+$";
 
   private static final Pattern ROLE_ARN_PATTERN_COMPILED = Pattern.compile(ROLE_ARN_PATTERN);
 
@@ -129,8 +125,7 @@ public String getAwsAccountId() {
     if (arn != null) {
       Matcher matcher = ROLE_ARN_PATTERN_COMPILED.matcher(arn);
       checkState(matcher.matches());
-      // group(3) is the account identifier (either 12-digit AWS account or vendor namespace)
-      return matcher.group(3);
+      return matcher.group(2);
     }
     return null;
   }
@@ -142,8 +137,7 @@ public String getAwsPartition() {
     if (arn != null) {
       Matcher matcher = ROLE_ARN_PATTERN_COMPILED.matcher(arn);
       checkState(matcher.matches());
-      // group(2) captures the partition (e.g. aws, aws-us-gov, ecs)
-      return matcher.group(2);
+      return matcher.group(1);
     }
     return null;
   }

runtime/service/src/test/java/org/apache/polaris/service/entity/CatalogEntityTest.java

@@ -285,31 +285,6 @@ public void testInvalidArn(String roleArn) {
         .hasMessage(expectedMessage);
   }
 
-  @Test
-  public void testUrnRoleArnAccepted() {
-    String urnRole = "urn:ecs:iam::test-namespace:role/test-role";
-    String baseLocation = "s3://externally-owned-bucket";
-    AwsStorageConfigInfo awsStorageConfigModel =
-        AwsStorageConfigInfo.builder()
-            .setRoleArn(urnRole)
-            .setExternalId("externalId")
-            .setStorageType(StorageConfigInfo.StorageTypeEnum.S3)
-            .setAllowedLocations(List.of(baseLocation))
-            .build();
-
-    CatalogProperties prop = new CatalogProperties(baseLocation);
-    Catalog awsCatalog =
-        PolarisCatalog.builder()
-            .setType(Catalog.TypeEnum.INTERNAL)
-            .setName("name")
-            .setProperties(prop)
-            .setStorageConfigInfo(awsStorageConfigModel)
-            .build();
-
-    Assertions.assertThatCode(() -> CatalogEntity.fromCatalog(realmConfig, awsCatalog))
-        .doesNotThrowAnyException();
-  }
-
   @Test
   public void testCatalogTypeDefaultsToInternal() {
     String baseLocation = "s3://test-bucket/path";