collado-mike commented on code in PR #1353:
URL: https://github.com/apache/polaris/pull/1353#discussion_r2045082533
##########
spec/polaris-management-service.yml:
##########
@@ -1089,6 +1089,10 @@ components:
clientId:
type: string
description: The output-only OAuth clientId associated with this
principal if applicable
+ federated:
Review Comment:
The main case is to support adding federated roles so that privileges can be
defined. Per the original design doc, federated identities are created on the
fly when a user logs in, but if we don't allow creation of federated roles, we
can't define any privileges for those users until they've logged in. That makes
things hard for the admins, IMO.
For Principals, I don't think federated principals should be created via the
API, for the same reasoning you suggest, but we should be able to return
federated principals and report that they are federated. To make that clearer,
maybe I can update the spec to return one of two types, but to only allow
creation of one type.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
