This is an automated email from the ASF dual-hosted git repository. yzou pushed a commit to branch yzou-generic-table-credential-vending-specs in repository https://gitbox.apache.org/repos/asf/polaris.git
commit f656f80db243491336b8c25ef1083c879d2d0b39 Author: Yun Zou <[email protected]> AuthorDate: Mon Feb 16 14:10:07 2026 -0800 add docs --- spec/polaris-catalog-apis/generic-tables-api.yaml | 31 +++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/spec/polaris-catalog-apis/generic-tables-api.yaml b/spec/polaris-catalog-apis/generic-tables-api.yaml index ea884f3cb4..e597e9e0a9 100644 --- a/spec/polaris-catalog-apis/generic-tables-api.yaml +++ b/spec/polaris-catalog-apis/generic-tables-api.yaml @@ -246,6 +246,7 @@ components: $ref: '#/components/schemas/GenericTable' storage-credentials: type: array + description: Credentials for ADLS / GCS / S3. Clients must respect the credentials in the `storage-credentials` field if exist. items: $ref: '#/components/schemas/StorageCredential' @@ -272,6 +273,36 @@ components: specific prefix (by selecting the longest prefix) if several credentials of the same type are available. config: type: object + description: | + ## AWS Configurations + + The following configurations should be respected when working with tables stored in AWS S3 + - `s3.access-key-id`: id for credentials that provide access to the data in S3 + - `s3.secret-access-key`: secret for credentials that provide access to data in S3 + - `s3.session-token`: if present, this value should be used for as the session token + - `s3.session-token-expires-at-ms`: the time the aws session token expires, in milliseconds + Extra properties: + - `s3.endpoint`: the S3 endpoint to use for requests + - `s3.path-style-access`: whether to use S3 path style access + - `client.region`: region to configure client for making requests to AWS + - `client.refresh-credentials-endpoint`: the endpoint to load vended credentials for a table from the catalog + + ## GCP Configurations + + The following configurations should be respected when working with tables stored in GCP GCS + - `gcs.oauth2.token`: the gcs scoped access token + - `gcs.oauth2.token-expires-at`: the time the gcs access token expires, in milliseconds + Extra properties: + - `gcs.oauth2.refresh-credentials-endpoint`: the endpoint to load vended credentials for a table from the catalog + + # AZURE Configuration + + The following configurations should be respected when working with tables stored in AZURE ADLS + - `adls.sas-token.<hostname>`: an azure shared access signature token + - `adls.sas-token-expires-at-ms.<hostname>`: the expiration time for the access token, in milliseconds + Extra properties: + - `adls.refresh-credentials-endpoint`: the endpoint to load vended credentials for a table from the catalog + additionalProperties: type: string
