tokoko commented on issue #2970: URL: https://github.com/apache/polaris/issues/2970#issuecomment-3726316143
> Using the first "allowed" location works for me, especially considering I think that refers to read locations, not the original list of allowed locations that's defined on catalog-level. > I'd also suggest adding an optional "storage name" to catalog properties, which could be used for linking catalog to credentials in a many-to-one manner (defaulting to bucket name)... but this is subject to discussion, of course. If we do that, we might as well make it mandatory (if you want to override creds) and avoid bucket/endpoint resolution confusion. The main reason why I wanted to avoid using anything other than catalog name is that catalog name is part of rbac scope, using anything else sort of allows catalog creator to hijack credentials that might not have been meant for them. If we make storage name "mandatory", maybe we can mitigate this by including storage name (or entire storage config info) in the payload that's sent to OPA. wdyt? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
