collado-mike commented on code in PR #808:
URL: https://github.com/apache/polaris/pull/808#discussion_r1950045102
##########
spec/polaris-catalog-service.yaml:
##########
@@ -123,6 +123,15 @@ paths:
/v1/{prefix}/namespaces/{namespace}/tables/{table}/notifications:
$ref:
'./polaris-catalog-apis/notifications-api.yaml#/paths/~1v1~1{prefix}~1namespaces~1{namespace}~1tables~1{table}~1notifications'
+ /v1/{prefix}/namespaces/{namespace}/policies:
+ $ref:
'./polaris-catalog-apis/policy-apis.yaml#/paths/~1v1~1{prefix}~1namespaces~1{namespace}~1policies'
+
+ /v1/{prefix}/namespaces/{namespace}/policies/{policy}:
+ $ref:
'./polaris-catalog-apis/policy-apis.yaml#/paths/~1v1~1{prefix}~1namespaces~1{namespace}~1policies~1{policy}'
+
+ /v1/{prefix}/namespaces/{namespace}/policies/{policy}/mappings:
+ $ref:
'./polaris-catalog-apis/policy-apis.yaml#/paths/~1v1~1{prefix}~1namespaces~1{namespace}~1policies~1{policy}~1mappings'
Review Comment:
I understood the policies are created at the Catalog level. Why are they
underneath the namespaces here?
##########
spec/generated/bundled-polaris-catalog-service.yaml:
##########
@@ -3505,6 +3921,12 @@ components:
schema:
type: string
example: sales
+ policy:
Review Comment:
can we name this `policy_name` so it's clear that it's not the policy id?
##########
spec/generated/bundled-polaris-catalog-service.yaml:
##########
@@ -1359,6 +1359,253 @@ paths:
$ref: '#/components/responses/ServiceUnavailableResponse'
5XX:
$ref: '#/components/responses/ServerErrorResponse'
+ /v1/{prefix}/namespaces/{namespace}/policies:
+ parameters:
+ - $ref: '#/components/parameters/prefix'
+ - $ref: '#/components/parameters/namespace'
+ post:
+ tags:
+ - Catalog API
+ summary: Create a policy in the given namespace
+ operationId: createPolicy
+ description: |
+ Creates a policy within the specified namespace.
+
+ A policy defines a set of rules governing actions on specified
resources under predefined conditions.
+ In Apache Polaris, policies are created, stored, and later referenced
by external engines to enforce access controls on associated resources.
+
+ User provides the following inputs when creating a policy
+ - `name`(REQUIRED): The name of the policy.
+ - `type` (REQUIRED): The type of the policy. It can be either
predefined type or custom type.
+ - **Predefined Policies:** system.compaction,
system.snapshot_retention
+ - **Custom Policies:** custom.<org_name>.data_masking,
custom.<user_id>.audit_policy
Review Comment:
What are `org_name` and `user_id`? Just random custom prefixes? Is there a
required structure to these type names? Is only the `system` prefix reserved?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
