singhpk234 commented on code in PR #3330:
URL: https://github.com/apache/polaris/pull/3330#discussion_r2647503933
##########
client/python/apache_polaris/cli/command/__init__.py:
##########
@@ -72,6 +72,8 @@ def options_get(key, f=lambda x: x):
sts_endpoint=options_get(Arguments.STS_ENDPOINT),
sts_unavailable=options_get(Arguments.STS_UNAVAILABLE),
path_style_access=options_get(Arguments.PATH_STYLE_ACCESS),
+ current_kms_key=options_get(Arguments.KMS_KEY_CURRENT),
+ allowed_kms_keys=options_get(Arguments.KMS_KEY_ALLOWED),
Review Comment:
does just setting `current_kms_key` automatically adds the
`allowed_kms_keys` ?
##########
client/python/apache_polaris/cli/constants.py:
##########
@@ -258,6 +260,12 @@ class Create:
"(Only for S3) Indicates that Polaris should not use STS (e.g.
if STS is not available)"
)
PATH_STYLE_ACCESS = "(Only for S3) Whether to use
path-style-access for S3"
+ KMS_KEY_CURRENT = (
+ "(Only for AWS S3) The AWS KMS key ARN to be used for
encrypting new S3 data"
Review Comment:
I am assuming this is required because we need to use this key to encrypt
metadata.json ? as when we are vending creds we don't know which snapshot the
client will be reading so we vend creds for all or we just give decrypt creds
for allowed key and encrypt | decrypt creds for current keys ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
