dennishuo commented on code in PR #1506:
URL: https://github.com/apache/polaris/pull/1506#discussion_r2074716349
##########
spec/polaris-management-service.yml:
##########
@@ -938,6 +940,40 @@ components:
format: password
description: Bearer token (input-only)
+ SigV4AuthenticationParameters:
+ type: object
+ description: AWS Signature Version 4 authentication
+ allOf:
+ - $ref: '#/components/schemas/AuthenticationParameters'
+ properties:
+ roleArn:
+ type: string
+ description: The aws IAM role arn assumed by polaris userArn when
signing requests
+ example:
"arn:aws:iam::123456789001:role/role-that-has-remote-catalog-access"
+ roleSessionName:
+ type: string
+ description: The role session name to be used by the SigV4 protocol
for signing requests
+ example: "polaris-remote-catalog-access"
+ externalId:
+ type: string
+ description: An optional external id used to establish a trust
relationship with AWS in the trust policy
+ example: "external-id-1234"
+ signingRegion:
+ type: string
+ description: Region to be used by the SigV4 protocol for signing
requests
+ example: "us-west-2"
+ signingName:
+ type: string
+ description: The service name to be used by the SigV4 protocol for
signing requests, the default signing name is "execute-api" is if not provided
+ example: "glue"
+ userArn:
+ type: string
+ description: The aws user arn used to assume the aws role, this
represents the polaris service itself
+ example: "arn:aws:iam::123456789001:user/polaris-service-user"
Review Comment:
Looks like the concept of "read-only" or "write-only" fields are actually
first-class in OpenAPI:
https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#fixed-fields-20
readOnly:
> Relevant only for Schema "properties" definitions. Declares the property
as "read only". This means that it MAY be sent as part of a response but SHOULD
NOT be sent as part of the request. If the property is marked as readOnly being
true and is in the required list, the required will take effect on the response
only. A property MUST NOT be marked as both readOnly and writeOnly being true.
Default value is false.
writeOnly:
> Relevant only for Schema "properties" definitions. Declares the property
as "write only". Therefore, it MAY be sent as part of a request but SHOULD NOT
be sent as part of the response. If the property is marked as writeOnly being
true and is in the required list, the required will take effect on the request
only. A property MUST NOT be marked as both readOnly and writeOnly being true.
Default value is false.
Maybe we should experiment with some of those additional annotations?
Interestingly, `writeOnly` conveys well other patterns we've had such as inline
secrets.
And `readOnly` would be fields used for communicating things decided by the
server backend back to the user.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
