eric-maynard commented on code in PR #264:
URL: https://github.com/apache/polaris/pull/264#discussion_r1744568537
##########
polaris-service/src/main/java/org/apache/polaris/service/catalog/BasePolarisCatalog.java:
##########
@@ -1144,7 +1148,7 @@ private void validateNoLocationOverlap(
URI existing = URI.create(siblingLocation);
if (isUnderParentLocation(target, existing)
|| isUnderParentLocation(existing, target)) {
- throw new org.apache.iceberg.exceptions.BadRequestException(
+ throw new org.apache.iceberg.exceptions.ForbiddenException(
"Unable to create table at location '%s' because it
conflicts with existing table or namespace at location '%s'",
Review Comment:
Yes, it does. I agree this is potentially an issue; maybe we should open up
a discussion on it?
My $0.02 is that this is essentially the lesser of two evils; not doing this
check would allow tables to share a location, undermining the role of
credential vending and the value of scoping credentials to a prefix.
Perhaps in the future we can skip this check if credentials can somehow be
scoped to just the files in a table e.g. by tagging or with file-level
encryption. For now, we scope them to a prefix.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
