Skip to content

Spec: Add SigV4 Auth Support for Catalog Federation #1506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dimas-b merged 5 commits into from
May 20, 2025
Merged

Spec: Add SigV4 Auth Support for Catalog Federation #1506

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
67e1ec5
Spec changes for SigV4 Auth Support for Catalog Federation
XJDKC May 1, 2025
f02f3a7
Resolved issues based on review feedback
XJDKC May 2, 2025
8efa34a
Extract service identity info as a nested object
XJDKC May 9, 2025
81f87f9
Use single subtype for AWS IAM related service identity info
XJDKC May 13, 2025
42f29a1
Move serviceIdentity to the top-level of ConnectionConfigInfo
XJDKC May 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 31 additions & 1 deletion spec/polaris-management-service.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -889,13 +889,14 @@ components:

AuthenticationParameters:
type: object
description: Authentication-specific information for a REST connection
description: Authentication-specific information for a connection
properties:
authenticationType:
type: string
enum:
- OAUTH
- BEARER
- SIGV4
description: The type of authentication to use when connecting to the remote rest service
required:
- authenticationType
Expand All @@ -904,6 +905,7 @@ components:
mapping:
OAUTH: "#/components/schemas/OAuthClientCredentialsParameters"
BEARER: "#/components/schemas/BearerAuthenticationParameters"
SIGV4: "#/components/schemas/SigV4AuthenticationParameters"

OAuthClientCredentialsParameters:
type: object
Expand Down Expand Up @@ -938,6 +940,34 @@ components:
format: password
description: Bearer token (input-only)

SigV4AuthenticationParameters:
type: object
description: AWS Signature Version 4 authentication
allOf:
- $ref: '#/components/schemas/AuthenticationParameters'
properties:
roleArn:
type: string
description: The aws IAM role arn assume when signing requests
example: "arn:aws:iam::123456789001:role/role-that-has-remote-catalog-access"
externalId:
type: string
description: An optional external id used to establish a trust relationship with AWS in the trust policy
signingRegion:
type: string
description: Region to be used by the SigV4 protocol for signing requests
example: "us-west-2"
signingName:
type: string
description: The service name to be used by the SigV4 protocol for signing requests, the default signing name is "execute-api" is if not provided
example: "glue"
userArn:
type: string
description: The aws user arn used to assume the aws role, this represents the polaris service itself
example: "arn:aws:iam::123456789001:user/polaris-service-user"
required:
- roleArn

StorageConfigInfo:
type: object
description: A storage configuration used by catalogs
Expand Down