dimas-b commented on code in PR #1353:
URL: https://github.com/apache/polaris/pull/1353#discussion_r2043032833
##########
service/common/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java:
##########
@@ -771,6 +771,9 @@ public PrincipalWithCredentials
createPrincipal(PolarisEntity entity) {
PolarisAuthorizableOperation op =
PolarisAuthorizableOperation.CREATE_PRINCIPAL;
authorizeBasicRootOperationOrThrow(op);
+ if (PolarisEntity.isFederated(entity)) {
Review Comment:
Why do we expose "federated" as a property settable via java API only to add
validation that it cannot be set?
Also, REST API (which is the only caller of this method) does not allow
setting the "federated" property, as far as I can tell, because it does not set
_internal_ properties on the `PrincipalEntity` :thinking:
##########
spec/polaris-management-service.yml:
##########
@@ -1089,6 +1089,10 @@ components:
clientId:
type: string
description: The output-only OAuth clientId associated with this
principal if applicable
+ federated:
Review Comment:
+1 to ML discussion.
What's the use case for exposing federated principal in the Polaris
Management API? Acting as a proxy in front of an IdP sounds questionable to me.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
