evindj commented on code in PR #3347:
URL: https://github.com/apache/polaris/pull/3347#discussion_r2658152180
##########
spec/polaris-management-service.yml:
##########
@@ -1166,6 +1166,12 @@ components:
consentUrl:
type: string
description: URL to the Azure permissions request page
+ hierarchical:
+ type: boolean
+ description: >-
+ If set to `true`, instructs Polaris Servers to scope SAS
tokens down to the most specific path
+ in the storage container (in most cases the table's base
location). This flag should be set only
+ if hierarchical namespace is enabled in the Azure storage
account.
Review Comment:
What is the behavior if the flag is set but the Azure account does not have
the feature enabled?
I am wondering if in a future iteration there will be a way to enable this
feature based on whether or not the feature is enabled in Azure.
##########
runtime/service/src/test/java/org/apache/polaris/service/entity/CatalogEntityTest.java:
##########
@@ -405,11 +405,11 @@ public void testAwsConfigJsonPropertiesPresence() throws
JsonProcessingException
@ParameterizedTest
@MethodSource
- public void testAwsConfigRoundTrip(AwsStorageConfigInfo config) throws
JsonProcessingException {
+ public void testStorageConfigRoundTrip(StorageConfigInfo config) throws
JsonProcessingException {
String configStr = MAPPER.writeValueAsString(config);
CatalogEntity catalogEntity =
new CatalogEntity.Builder()
- .setName("testAwsConfigRoundTrip")
+ .setName("testStorageConfigRoundTrip")
Review Comment:
+1 for removing AWS specific here.
##########
polaris-core/src/main/java/org/apache/polaris/core/storage/azure/AzureCredentialsStorageIntegration.java:
##########
@@ -165,6 +167,17 @@ public StorageAccessConfig getSubscopedCreds(
blobSasPermission,
Mono.just(accessToken));
} else if
(location.getEndpoint().equalsIgnoreCase(AzureLocation.ADLS_ENDPOINT)) {
+ String path = null;
+ if (Boolean.TRUE.equals(config().isHierarchical())) {
+ Preconditions.checkArgument(
+ allowedReadLocations.size() <= 1,
+ "Allowed read locations must not have more that one entry");
+ Preconditions.checkArgument(
+ allowedWriteLocations.size() <= 1,
+ "Allowed write locations must not have more that one entry");
Review Comment:
N00b question for my own understanding, what is the use case for several
allowedReadLocations and allowedWriteLocations?
Also why does this apply only to hierarchical use case?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
