HonahX commented on code in PR #808:
URL: https://github.com/apache/polaris/pull/808#discussion_r1992115816
##########
spec/generated/bundled-polaris-catalog-service.yaml:
##########
@@ -3257,6 +3614,187 @@ components:
$ref: '#/components/schemas/NotificationType'
payload:
$ref: '#/components/schemas/TableUpdateNotification'
+ PolicyType:
+ description: The type of a policy
+ type: string
+ nullable: true
+ example: system.data-compaction
+ PolicyIdentifier:
+ type: object
+ required:
+ - namespace
+ - name
+ properties:
+ namespace:
+ $ref: '#/components/schemas/Namespace'
+ name:
+ type: string
+ nullable: false
+ ListPoliciesResponse:
+ type: object
+ properties:
+ next-page-token:
+ $ref: '#/components/schemas/PageToken'
+ identifiers:
+ type: array
+ uniqueItems: true
+ items:
+ $ref: '#/components/schemas/PolicyIdentifier'
+ PolicyName:
+ type: string
+ description: A policy name. A valid policy name should only consist of
uppercase and lowercase letters (A-Z, a-z), digits (0-9), hyphens (-),
underscores (_).
+ pattern: ^[A-Za-z0-9\-_]+$
+ example: compaction
+ CreatePolicyRequest:
+ type: object
+ required:
+ - name
+ - type
+ properties:
+ name:
+ $ref: '#/components/schemas/PolicyName'
+ type:
+ type: string
+ description:
+ type: string
+ content:
+ type: string
+ Policy:
+ type: object
+ description: |
+ A policy in Apache Polaris defines a set of rules for governing
access, data usage, and operational consistency across various catalog
resources.
+ Policies are stored within Polaris and can be applied to catalogs,
namespaces, tables, views, and other table-like entities.
+ For example, they can be used for fine-grained control over who can
perform specific actions on certain resources.
+
+ The policy object includes
+ - **policy-type:** The type of the policy, which determines the
expected format and semantics of the policy content.
+ - **name:** A human-readable name for the policy, which must be
unique within a given namespace.
+ - **description:** Detailed description of the purpose and
functionalities of the policy.
+ - **content:** Policy content, which can be validated against
predefined schemas of a policy type.
+ - **version:** Indicates the current version of the policy. Versions
increased monotonically, the default value is 0
+ - **created-at:** A timestamp indicating when the policy was created,
represented as a string in ISO-8601 format
+ - **updated-at:** A timestamp indicating the last update time of the
policy, represented as a string in ISO-8601 format
+
+ Policies stored in Polaris serve as the persistent definition for
access control and governance rules.
+ required:
+ - policy-type
+ - name
+ - version
+ properties:
+ policy-type:
+ type: string
+ name:
+ $ref: '#/components/schemas/PolicyName'
+ description:
+ type: string
+ content:
+ type: string
+ version:
+ type: integer
+ created-at:
+ type: string
+ example: '2024-03-03T12:00:00Z'
+ updated-at:
+ type: integer
+ example: '2024-03-03T12:00:00Z'
+ LoadPolicyResponse:
+ type: object
+ properties:
+ policy:
+ $ref: '#/components/schemas/Policy'
+ UpdatePolicyRequest:
+ type: object
+ properties:
+ description:
+ type: string
+ content:
+ type: string
+ EntityIdentifier:
+ type: object
+ discriminator:
+ propertyName: type
+ mapping:
+ catalog: '#/components/schemas/CatalogIdentifier'
+ namespace: '#/components/schemas/NamespaceIdentifier'
+ table-like: '#/components/schemas/TableLikeIdentifier'
+ properties:
+ type:
+ type: string
+ enum:
+ - catalog
+ - namespace
+ - table-like
+ required:
+ - type
+ CatalogIdentifier:
+ allOf:
+ - $ref: '#/components/schemas/EntityIdentifier'
+ - type: object
+ required:
+ - catalog
+ properties:
+ catalog:
+ type: string
+ NamespaceIdentifier:
+ allOf:
+ - $ref: '#/components/schemas/EntityIdentifier'
+ - type: object
+ required:
+ - catalog
+ - namespace
+ properties:
Review Comment:
Thanks for the suggestion! I understand the idea behind breaking things up,
but I’d prefer to keep all the APIs in the same PR to maintain the context of
policy definitions. I've updated the design doc to address recent comments and
removed redundant definitions, which should help simplify the review. Let me
know if you have any concerns!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
