dimas-b opened a new pull request, #499: URL: https://github.com/apache/polaris/pull/499
Previously authZ checks were done based on a complex set of parameters provided individually. This PR consolidates authZ inputs into the PolarisResolutionManifest with declarative "selector" objects depending on operation context. Naturally, Principal entity resolution is moved from the request authentication phase to authorization phase. Request authentication merely validates the provided principal ID and/or name, but does not immediately access related entities from storage. An anonymous authenticator and corresponding "allow all" authorizer are added as simple examples the separation of authN and authZ duties. Also, application config is updated to allow different authorizer implementations to be chosen in runtime. # Description Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change. Fixes # (issue) ## Type of change Please delete options that are not relevant. - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] Documentation update - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] This change requires a documentation update # How Has This Been Tested? Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration - [ ] Test A - [ ] Test B **Test Configuration**: * Hardware: * Toolchain: * SDK: # Checklist: Please delete options that are not relevant. - [ ] I have performed a self-review of my code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation - [ ] My changes generate no new warnings - [ ] If adding new functionality, I have discussed my implementation with the community using the linked GitHub issue -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
