XJDKC commented on code in PR #1191:
URL: https://github.com/apache/polaris/pull/1191#discussion_r2006144562
##########
service/common/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java:
##########
@@ -664,6 +665,15 @@ private void validateUpdateCatalogDiffOrThrow(
"Cannot modify ExternalId in storage config from %s to %s",
currentStorageConfig, newStorageConfig);
}
+
+ if ((currentAwsConfig.getUserARN() != null
+ &&
!currentAwsConfig.getUserARN().equals(newAwsConfig.getUserARN()))
+ || (newAwsConfig.getUserARN() != null
+ &&
!newAwsConfig.getUserARN().equals(currentAwsConfig.getUserARN()))) {
+ throw new BadRequestException(
+ "Cannot modify userARN in storage config from %s to %s",
Review Comment:
`userARN` represents the polaris service, from my understanding, it should
be configured by the polaris service provider rather than the user.
The owner of the catalog is an user, user only needs to provide an IAM role,
polaris service will use its AWS credential (the `userARN`) to assume the role
and get the temp AWS credential. How could an user provide an AWS user ARN for
polaris service?
Here is the guidance from Open Catalog for creating a catalog:
https://other-docs.snowflake.com/en/opencatalog/create-catalog
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
