snazy commented on code in PR #511:
URL: https://github.com/apache/polaris/pull/511#discussion_r1877566584
##########
polaris-core/src/main/java/org/apache/polaris/core/auth/PolarisSecretsManager.java:
##########
@@ -39,6 +41,17 @@ public interface PolarisSecretsManager {
PrincipalSecretsResult loadPrincipalSecrets(
@Nonnull PolarisCallContext callCtx, @Nonnull String clientId);
+ @Nonnull
+ SecretValidationResult validateSecret(
+ @Nonnull PolarisCallContext callCtx, @Nonnull String clientId, @Nonnull
String clientSecret);
+
+ @Nonnull
+ EntityResult loadPrincipal(
+ @Nonnull PolarisCallContext callCtx,
+ @Nullable String roleName,
+ @Nullable String clientId,
+ @Nullable Long principalId);
Review Comment:
The problem is: effectively only the secrets manager knows which attributes
it has at hand, correct?
Currently, it's the principal-ID, which is another unique ID in the JWT -
but it should rather be just the client-ID. But that's currently hard to
refactor, because the data model details leak all the way up. That's why #512
is there as an immediate follow-up.
TL;DR this PR is one of a series of upcoming PRs to untangle the hard
dependency of all the services on the data model details/internals.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
