dennishuo commented on code in PR #77:
URL: https://github.com/apache/polaris/pull/77#discussion_r1726146291
##########
polaris-core/src/main/java/io/polaris/core/storage/azure/AzureCredentialsStorageIntegration.java:
##########
@@ -88,6 +89,40 @@ public EnumMap<PolarisCredentialProperty, String>
getSubscopedCreds(
String storageDnsName = location.getStorageAccount() + "." +
location.getEndpoint();
String filePath = location.getFilePath();
+ AzureStorageConfigInfo.AuthTypeEnum authType = storageConfig.getAuthType();
+ String sasToken = "";
+
+ switch (authType) {
+ case SAS_TOKEN:
+ sasToken =
+ getSasToken(
+ storageConfig,
+ allowListOperation,
+ allowedReadLocations,
+ allowedWriteLocations,
+ location,
+ filePath,
+ storageDnsName,
+ loc);
+ break;
+
+ case APPLICATION_DEFAULT:
+ break;
+ }
+ credentialMap.put(PolarisCredentialProperty.AZURE_SAS_TOKEN, sasToken);
Review Comment:
Actually, I'm thinking one level higher, where the server-level global
config can dictate whether or not credential-vending and subscoping is used at
all. Some details in this comment:
https://github.com/apache/polaris/issues/69#issuecomment-2283069430
In particular,
> At a high level we at least need to have a strict separation of effective
privileges between the personas who can configure and run the Polaris server
itself and those who can call createCatalog. In a mutual-trust setting, it
makes sense to have relaxed constraints on the server-level configuration, but
it needs to be possible to run the server in a secure mode as well where
catalog creators are in a different realm of trust than the admins of the
server.
Basically, instead of complicating the API model or RBAC model, maybe it'll
be easier to do all this short-circuiting in `BasePolarisCatalog.java` instead.
In particular, this line is an example of how to define a server-level
configuration setting:
https://github.com/apache/polaris/blob/e89ff19dc18c3cd5a357461222a52b91e682f5d0/polaris-service/src/main/java/io/polaris/service/catalog/BasePolarisCatalog.java#L200
And maybe you can put the short-circuit here:
https://github.com/apache/polaris/blob/e89ff19dc18c3cd5a357461222a52b91e682f5d0/polaris-service/src/main/java/io/polaris/service/catalog/BasePolarisCatalog.java#L792
after the "validateLocationForTableLike" call and before any attempt to get
a subscoped credential is made. Basically just LOGGER.atInfo and then return
early.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@polaris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
