Re: [PR] [FEATURE REQUEST #32] On-Premises S3... [polaris]

Sun, 03 Nov 2024 07:33:30 -0800 


lefebsy commented on code in PR #389:
URL: https://github.com/apache/polaris/pull/389#discussion_r1827006689


##########
spec/polaris-management-service.yml:
##########
@@ -901,6 +903,58 @@ components:
       required:
         - roleArn
 
+    S3StorageConfigInfo:
+      type: object
+      description: S3 compatible storage configuration info (MinIO, Dell ECS, 
Netapp StorageGRID, ...)
+      allOf:
+        - $ref: '#/components/schemas/StorageConfigInfo'
+      properties:
+        credsCatalogAndClientStrategy:
+          type: string
+          enum:
+            - VALUE
+            - ENV_VAR_NAME
+          default: ENV_VAR_NAME
+          example: "ACCESS_KEY"
+          description: When you send key VALUE directly via this command, they 
should apear in logs. By ENV_VAR_NAME without dollar, only a reference will 
appear in logs, but the value have to be available as environnement variable in 
the context where Polaris is running
+        credsVendingStrategy:
+          type: string
+          enum:
+            - TOKEN_WITH_ASSUME_ROLE
+            - KEYS_SAME_AS_CATALOG
+            - KEYS_DEDICATED_TO_CLIENT

Review Comment:
   Ok.
   
   It's simply one key for catalog itself, then another unique key for any 
clients whoever they are. I Let client distinction to the 
_principal/role/privilege_ level. I think it is hard at the class 
_storage/credential_ level to stick a pair of keys to each different clients.
   
   It is a basic way, when SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION is True and 
there is not a temporary token, to not divulge internal catalog key and serve a 
key that can be deactivated for security concerns without breaking catalog 
itself.
   
   After discussing with MonkeyCanCode here 
    [Prod Deployment 
credentials](https://github.com/apache/polaris/discussions/405)  the main 
advantage in this proposal is that you have not to rely on the main credentials 
provided at the global Polaris service level.
   
   Today if you revoke the Polaris service credentials for AWS, all catalogs 
with AWS storages are instantly KO.
   
   In this implementation each catalog is independent. It is the same idea 
about clients keys, to not breaking catalog when clients keys are revoked or 
rotated fo security reasons.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to