dimas-b commented on code in PR #1506:
URL: https://github.com/apache/polaris/pull/1506#discussion_r2070942579
##########
spec/polaris-management-service.yml:
##########
@@ -938,6 +940,34 @@ components:
format: password
description: Bearer token (input-only)
+ SigV4AuthenticationParameters:
+ type: object
+ description: AWS Signature Version 4 authentication
+ allOf:
+ - $ref: '#/components/schemas/AuthenticationParameters'
+ properties:
+ roleArn:
+ type: string
+ description: The aws IAM role arn assume when signing requests
Review Comment:
Thanks for the info. Re: `Polaris acts as the service provider ...` while I
agree that it's a possible use case, I do not think Apache Polaris needs to be
restricted to just that use case. I can imagine users who'd want to deploy and
use Polaris in a controlled environment and have ownership both of the AWS
storage and Polaris servers.
That, of course, does not invalidate the security best practices that you
referenced.
Given that the new connection config is apparently meant to enable
connections to AWS services and not to generic S3 implementations, I'd propose
to rename the config type to something like `AWSSTSAuthenticationParameters` to
avoid ambiguity (with type code `AWSSTS`). WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
