Re: [PR] Disable custom namespace locations [polaris]

Tue, 26 Aug 2025 10:31:05 -0700 


dennishuo commented on code in PR #2422:
URL: https://github.com/apache/polaris/pull/2422#discussion_r2301668333


##########
runtime/service/src/main/java/org/apache/polaris/service/catalog/iceberg/IcebergCatalog.java:
##########
@@ -1083,6 +1093,74 @@ private void validateNoLocationOverlap(
     }
   }
 
+  /** Checks whether the location of a namespace is valid given its parent */
+  private void validateNamespaceLocation(
+      NamespaceEntity namespace, PolarisResolvedPathWrapper resolvedParent) {
+    StorageLocation namespaceLocation =
+        StorageLocation.of(
+            StorageLocation.ensureTrailingSlash(
+                resolveNamespaceLocation(namespace.asNamespace(), 
namespace.getPropertiesAsMap())));
+    PolarisEntity parent = resolvedParent.getResolvedLeafEntity().getEntity();
+    if (parent.getType().equals(PolarisEntityType.CATALOG)) {
+      CatalogEntity parentEntity = CatalogEntity.of(parent);
+      LOGGER.debug(
+          "Validating namespace {} given parent catalog {}",
+          namespace.getName(),
+          parentEntity.getName());
+      var storageConfigInfo = parentEntity.getStorageConfigurationInfo();
+      if (storageConfigInfo == null) {
+        throw new IllegalArgumentException(
+            "Cannot create namespace without a parent storage configuration");
+      }
+      boolean allowed =
+          
parentEntity.getStorageConfigurationInfo().getAllowedLocations().stream()

Review Comment:
   Right, I was explaining why your PR description is misleading:
   
   > in order for our overlap checks and assumptions around credential vending 
to be valid
   
   Is this PR fixing assumptions around credential vending, or just adding an 
option for whether to enforce "standard" locations for namespaces? In general 
we shouldn't need namespaces to be standard to still provide the intended 
guarantees about enforcement of ALLOWED_LOCATIONS.
   
   The more important bug to fix is enforcement of ALLOWED_LOCATIONS.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to