This is an automated email from the ASF dual-hosted git repository.
yufei pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new c1c922793 Site: Added GCS related Bucket Properties for vending
credentials. (#3066)
c1c922793 is described below
commit c1c922793adc80561e1e701a2ea567a1a689456f
Author: Saksham Ratra <[email protected]>
AuthorDate: Fri Nov 21 10:40:52 2025 +0530
Site: Added GCS related Bucket Properties for vending credentials. (#3066)
---
.../_index.md} | 6 +++-
.../configuring-gcs-cloud-storage-specific.md | 32 ++++++++++++++++++++++
2 files changed, 37 insertions(+), 1 deletion(-)
diff --git
a/site/content/in-dev/unreleased/configuring-polaris-for-production.md
b/site/content/in-dev/unreleased/configuring-polaris-for-production/_index.md
similarity index 97%
rename from site/content/in-dev/unreleased/configuring-polaris-for-production.md
rename to
site/content/in-dev/unreleased/configuring-polaris-for-production/_index.md
index 2a1efe36b..0666aea1e 100644
--- a/site/content/in-dev/unreleased/configuring-polaris-for-production.md
+++
b/site/content/in-dev/unreleased/configuring-polaris-for-production/_index.md
@@ -173,7 +173,7 @@ Depending on your database, this may not be convenient as
the generated credenti
in clear text in the database.
In order to provide your own credentials for `root` principal (so you can
request tokens via
-`api/catalog/v1/oauth/tokens`), use the [Polaris Admin Tool]({{% ref
"admin-tool" %}})
+`api/catalog/v1/oauth/tokens`), use the [Polaris Admin
Tool](../../../../docs/admin-tool.md)
You can verify the setup by attempting a token issue for the `root` principal:
@@ -234,3 +234,7 @@ profile (for example, `%prod`).
The [Polaris Evolution](../evolution) page discusses backward compatibility and
upgrade concerns.
+
+### Configuring Polaris for Cloud Storages
+
+For guidance on configuring specific cloud storage providers see child pages
(links in the left-hand pane).
diff --git
a/site/content/in-dev/unreleased/configuring-polaris-for-production/configuring-gcs-cloud-storage-specific.md
b/site/content/in-dev/unreleased/configuring-polaris-for-production/configuring-gcs-cloud-storage-specific.md
new file mode 100644
index 000000000..9417edfcd
--- /dev/null
+++
b/site/content/in-dev/unreleased/configuring-polaris-for-production/configuring-gcs-cloud-storage-specific.md
@@ -0,0 +1,32 @@
+---
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+title: Configuring GCS Cloud Storage
+linkTitle: Configuring GCS Cloud Storage
+type: docs
+weight: 600
+---
+
+This page provides guidance for configuring GCS Cloud Storage provider for use
with Polaris. It covers credential vending, IAM roles, ACL requirements, and
best practices to ensure secure and reliable integration.
+
+All catalog operations in Polaris for Google Cloud Storage (GCS)—including
listing, reading, and writing objects—are performed using credential vending,
which issues scoped (vended) tokens for secure access.
+
+Polaris requires both IAM roles and [Hierarchical Namespace
(HNS)](https://docs.cloud.google.com/storage/docs/hns-overview) ACLs (if HNS is
enabled) to be properly configured. Even with the correct IAM role (e.g.,
`roles/storage.objectAdmin`), access to paths such as
`gs://<bucket>/idsp_ns/sample_table4/` may fail with 403 errors if HNS ACLs are
missing for scoped tokens. The original access token may work, but scoped
(vended) tokens require HNS ACLs on the base path or relevant subpath.
+
+**Note:** HNS is not mandatory when using GCS for a catalog in Polaris. If HNS
is not enabled on the bucket, only IAM roles are required for access. Always
verify HNS ACLs in addition to IAM roles when troubleshooting GCS access issues
with credential vending and HNS enabled.
