dimas-b commented on code in PR #1191:
URL: https://github.com/apache/polaris/pull/1191#discussion_r2029582960
##########
service/common/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java:
##########
@@ -664,6 +665,15 @@ private void validateUpdateCatalogDiffOrThrow(
"Cannot modify ExternalId in storage config from %s to %s",
currentStorageConfig, newStorageConfig);
}
+
+ if ((currentAwsConfig.getUserARN() != null
+ &&
!currentAwsConfig.getUserARN().equals(newAwsConfig.getUserARN()))
+ || (newAwsConfig.getUserARN() != null
+ &&
!newAwsConfig.getUserARN().equals(currentAwsConfig.getUserARN()))) {
+ throw new BadRequestException(
+ "Cannot modify userARN in storage config from %s to %s",
Review Comment:
I think this opens a can of worms :)
From the OSS perspective I can imagine users of Apache Polaris, who may want
to have one service, but use different `userArn` for different catalogs.
Ultimately, it depends on the scope of control the catalog owner has and the
service owner has. Deployment scenarios can vary vastly.
I'd propose to cover this by a feature flag (using service-level `userArn`
or catalog-level)... but it might be best to discuss this on the `dev` ML.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
