dimas-b commented on code in PR #1353:
URL: https://github.com/apache/polaris/pull/1353#discussion_r2045315911
##########
service/common/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java:
##########
@@ -771,6 +771,9 @@ public PrincipalWithCredentials
createPrincipal(PolarisEntity entity) {
PolarisAuthorizableOperation op =
PolarisAuthorizableOperation.CREATE_PRINCIPAL;
authorizeBasicRootOperationOrThrow(op);
+ if (PolarisEntity.isFederated(entity)) {
Review Comment:
to clarify: My thinking was that the fact that make those entities "not
creatable" via the Admin API is not the presence of a specific property (i.e.
"federated") but the fact that they are managed in a different way (via IdP
integrations, I believe).
Can this be made more explicit in code? I do not have a solid suggestion,
but I wonder if some sort of a "manager" class might be suitable here. That
"manager" would then make the decision about allowing or not allowing changes
via Admin API. WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
