adutra commented on issue #441:
URL: https://github.com/apache/polaris/issues/441#issuecomment-3744445404
Hi @synint91!
> Is this new approach interoperable with the older mixed-realm
authentication model ?
The new principal federation approach is compatible with your existing
deployment model, which uses two realms (one for external authentication via
EntraID and one for internal authentication). Principal federation is
orthogonal to multi-realm setups, meaning your current configuration remains
valid.
> Will enabling these new features cause any corruption or duplication of
entity records in the metadata database ?
There is a risk of data issues if you use both a custom synchronization
mechanism (like the one you appear to have via the internal realm) and the new
external/federated principals, as they would overlap. You must either keep your
current mechanism, or migrate to federated/external principals.
Here are the migration implications:
* Migrating to **Federated Principals**: This **MAY** cause corruption or
duplication. To avoid issues, you would need to carefully remove all currently
persisted principals and then re-create them with the necessary "federated"
flag and federation source, or alternatively, run a SQL update script.
* Migrating to **External Principals**: afaict this would not cause
corruption or duplication, but the existing principal entities persisted in
your database would become obsolete and serve no purpose.
And just a reminder: none of these modes (federated or external) exist
today, it's still WIP!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
