diff --git a/docs/index.html b/docs/index.html index ac8987d906..b7a80094a4 100644 --- a/docs/index.html +++ b/docs/index.html @@ -430,7 +430,7 @@ -
Polaris Catalog Logo
API docs by Redocly
Polaris Catalog Logo
API docs by Redocly

Polaris Catalog Documentation

Download OpenAPI specification:Download

E-mail: community [at] polaris.io URL: https://github.com/polaris-catalog/polaris License: Apache v2.0

Quick Start

This guide serves as a introduction to several key entities that can be managed with Polaris, describes how to build and deploy Polaris locally, and finally includes examples of how to use Polaris with Spark and Trino.

@@ -1295,7 +1291,6 @@

Access control

For more information, see Access control.

Polaris Catalog Entities

Access control WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - --> <p>This page documents various entities that can be managed in Polaris.</p> ">

This page documents various entities that can be managed in Polaris.

@@ -1968,6 +1960,134 @@

Catalog privileges

Diagram that shows an example of how RBAC works in Polaris Catalog.

+

Configuring Polaris for Production

+ + +

Configuring Polaris for Production

The default polaris-server.yml configuration is intended for develoment and testing. When deploying Polaris in production, there are several best practices to keep in mind.

+

Security

Configurations

+

There are many Polaris configurations that should be adjusted to ensure a secure Polaris deployment. Some of these configurations are briefly outlined below, along with a short description of each.

+
    +

  • oauth2

    +
      +
    • Configure OAuth with this setting, including a token broker
      • +
    +
    • +

  • callContextResolver & realmContextResolver

    +
      +
    • Use these configurations to specify a service that can resolve a realm from your bearer tokens.
      • +
    • The service(s) used here must implement the relevant interfaces (e.g. CallContextResolver).
      • +
    +
    • +

  • authenticator.tokenBroker

    +
      +
    • Ensure that this setting reflects the token broker specified in oauth2 above
      • +
    +
    • +

  • cors

    +
      +
    • Use settings like cors.allowed-origins to control what connections your Polaris service will accept
      • +
    +
    • +
+

Metastore Management

Use the configuration metaStoreManager to configure a MetastoreManager implementation where Polaris entities will be persisted.

+

The default in-memory implementation is meant for testing and not suitable for production usage. Instead, consider an implementation such as eclipse-link which allows you to store metadata in a remote database.

+

Credentials and metadata will be stored in the metastore manager, and so be sure that your metastore manager is accordingly secured.

+ +

To use EclipseLink for metastore management, specify the configuration metaStoreManager.conf-file to point to an EclipseLink persistence.xml file. This file, local to the Polaris service, will contain information on what database to use for metastore management and how to connect to it.

+

Bootstrapping

+

Before using Polaris when using a metastore manager other than in-memory, you must bootstrap the metastore manager. This is a manual operation that must be performed only once in order to prepare the metastore manager to integrate with Polaris. When the metastore manager is bootstrapped, any existing Polaris entities in the metastore manager may be purged.

+

To bootstrap Polaris, run a command like the following:

+
java jar /app/snowflake-polaris-all.jar bootstrap polaris-server.yml
+
+

Afterwards, you can launch Polaris normally with a command like the following:

+
java jar /app/snowflake-polaris-all.jar server polaris-server.yml
+
+

Other Configurations

When deploying Polaris in production, consider adjusting the following configurations:

+
    +
  • featureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES
      +
    • By default, the FILE storage type may be supported. This is intended for testing, and in produciton you'll likely want to disable it
      • +
    • Here you can also disable or enable any other storage type based on your expected usage of Apache Iceberg
      • +
    +
    • +

other

listCatalogs

List all catalogs in this polaris service

Authorizations:
Polaris_Management_Service_OAuth2

Responses

Authorizations:
Apache_Iceberg_REST_Catalog_API_BearerAuth
Request Body schema: application/x-www-form-urlencoded
required
Any of
grant_type
required
string
Value: "client_credentials"
scope
string
client_id
required
string
Authorizations:
Apache_Iceberg_REST_Catalog_API_BearerAuth
header Parameters
Authorization
string
Request Body schema: application/x-www-form-urlencoded
required
Any of
grant_type
required
string
Value: "client_credentials"
scope
string
client_id
required
string

Client ID

This can be sent in the request body, but OAuth2 recommends sending it in a Basic Authorization header.

@@ -3470,7 +3590,7 @@

Catalog privileges

" class="sc-euGpHm sc-exayXG fwfkcU jYGAQp">

Generic base server URL, with all parts configurable

{scheme}://{host}:{port}/{basePath}/v1/{prefix}/views/rename

Request samples

Content type
application/json
{
  • "source": {
    },
  • "destination": {
    }
}

Response samples

Content type
application/json
{
  • "error": {
    }
}