Re: [PR] Catalog Spec: Policy Management Apis [polaris]

Wed, 05 Feb 2025 15:44:57 -0800 


flyrain commented on code in PR #808:
URL: https://github.com/apache/polaris/pull/808#discussion_r1943833112


##########
spec/generated/bundled-polaris-catalog-service.yaml:
##########
@@ -1359,6 +1359,269 @@ paths:
           $ref: '#/components/responses/ServiceUnavailableResponse'
         5XX:
           $ref: '#/components/responses/ServerErrorResponse'
+  /v1/{prefix}/namespaces/{namespace}/policies:
+    parameters:
+      - $ref: '#/components/parameters/prefix'
+      - $ref: '#/components/parameters/namespace'
+    post:
+      tags:
+        - Catalog API
+      summary: Create a policy in the given namespace
+      operationId: createPolicy
+      description: |
+        Creates a policy within the specified namespace.
+
+        A policy defines a set of rules governing actions on specified 
resources under predefined conditions.
+        In Apache Polaris, policies are created, stored, and later referenced 
by external engines to enforce access controls on associated resources.
+
+        User provides the following inputs when creating a policy
+        - `name`(REQUIRED): The name of the policy. It Must include only 
unreserved URL characters: letters(A-Z, a-z), digits (0-9), hyphens (-), 
periods (.), underscores (_) and tildes (~)
+        - `type` (REQUIRED): The type of the policy. It can be either 
predefined type or custom type.
+          - **Predefined Policies:** system.compaction, 
system.snapshot_retention
+          - **Custom Policies:** custom.<org_name>.data_masking, 
custom.<user_id>.audit_policy

Review Comment:
   I'm now questioning myself if it's a good idea to allow `.` in policy name. 
The concern is that how do we address a policy. Ideally it should be addressed 
similar to a table identifier(`c1.ns1.t1`). With a dot in the name, a name like 
`c1.ns1.system.compaction` is ambiguous, esp. that Polaris supports multiple 
level of namespace. We don't know if `system` is a namespace or part of policy 
name. 
   
   Maybe we follow the same naming convention as table and view here, 
flattening the name with understore(_), like `system_snapshot_retention`, 
`custom_<org_name>_data_masking`. WDYT?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to