lefebsy commented on code in PR #389:
URL: https://github.com/apache/polaris/pull/389#discussion_r1953597985
##########
spec/polaris-management-service.yml:
##########
@@ -905,6 +907,51 @@ components:
required:
- roleArn
+ S3CompatibleStorageConfigInfo:
+ type: object
+ description: S3 compatible storage configuration info (MinIO, Ceph, Dell
ECS, Netapp StorageGRID, ...)
+ allOf:
+ - $ref: '#/components/schemas/StorageConfigInfo'
+ properties:
+ s3.endpoint:
+ type: string
+ description: the S3 endpoint, will also be used as STS endpoint
+ example: "http[s]://host:port"
+ s3.credentials.catalog.accessKeyId:
+ type: string
+ description: Default to AWS credentials, otherwise set the
environement variable name for the 'ACCESS_KEY_ID' used by the catalog to
communicate with S3
+ example: "CATALOG_1_ACCESS_KEY_ENV_VARIABLE_NAME or
AWS_ACCESS_KEY_ID"
Review Comment:
Yes if catalog creator want to use specific keys he have to be aware of the
name of the variables inside Polaris service environnement.
Otherwise the creator let the key parameters empty, "cross fingers", and
let default s3 sdk use whatever is available in polaris service environement.
I have not find a better solution. Passing values will leak secret in logs
and in catalog "get response" :-(
Upper in this code review Collado-Mike suggest to switch to AWS Profile (I
like this proposition). But the catalog creator still have to be aware of the
name of the profile...
=> Need agreement between Polaris service deployment administrator and
catalog creator.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
