collado-mike opened a new pull request, #395: URL: https://github.com/apache/polaris/pull/395
# Description Some external catalogs do not enforce any kind of directory structure for tables, allowing for table locations to overlap. Some admins may _mistakenly_ believe that vended credentials and table-level RBAC will save them from loose configurations and uncontrolled table locations. Thus, they may be encouraged to grant overly permissive privileges to the role used to generate the session token returned by the `loadTable` command without realizing that a user in the source catalog could create a table that intentionally overlaps with one or more tables in the catalog. If that user is granted read access to the table in Polaris, the user could take advantage of the generated session token to read tables they didn't have access to. This PR adds a configuration flag to disable credential vending for _all_ EXTERNAL catalogs with a catalog-level override so that admins can support credential vending, provided they are aware of the security implications. Right now, the default value for the flag does not change the current default behavior. We should consider changing the default so that users must explicitly allow credential vending for these cases. Fixes # (issue) ## Type of change Please delete options that are not relevant. - [X] Bug fix (non-breaking change which fixes an issue) - [ ] Documentation update - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] This change requires a documentation update # How Has This Been Tested? Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration - [X] PolarisRestCatalogIntegrationTest **Test Configuration**: * Hardware: * Toolchain: * SDK: # Checklist: Please delete options that are not relevant. - [X] I have performed a self-review of my code - [X] I have commented my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation - [ ] My changes generate no new warnings - [ ] If adding new functionality, I have discussed my implementation with the community using the linked GitHub issue -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
