Just to be really clear, the hypothetical [code] change we’re discussing would take the form of a PR. I don’t think it’s really unreasonable to ask that a PR include tests for the functionality being added? It seems like that’s basically why the functionality was left off in the cited PR. Sounds like nobody is opposed to adding it, but surely it’s a good idea to test changes before making them?
—EM On Mon, Nov 10, 2025 at 11:58 AM Dmitri Bourlatchkov <[email protected]> wrote: > I agree with Robert. I do not think Polaris as a project should test all > possible storage scenarios. > > At the same time, Polaris does not appear to have a reason to block aws-cn. > > I propose to remove the explicit block and address user feedback as it > comes in (if it comes in). > > WDYT? > > Thanks, > Dmitri. > > On Mon, Nov 10, 2025 at 5:24 AM Robert Stupp <[email protected]> wrote: > > > Testing every possible ARN rather manually is quite an effort, both > > for the quite special cn and us-gov ones and also for appliance/vendor > > specific ones. > > While certain Polaris installations may have a need to forbid those, > > other user-scenarios have legit reasons to allow them. > > I'm not sure whether the Polaris project should enforce anything there. > > > > On Sat, Nov 8, 2025 at 1:25 AM Eric Maynard <[email protected]> > > wrote: > > > > > > Originally there was no way to specify region/endpoint on a catalog, so > > > these regions had to be disabled for the reason given in #1056. I’m > > > guessing nobody has tested aws-cn and so nobody has enabled it. If you > > can > > > test it and it works, I’m definitely in favor of enabling it. > > > > > > —EM > > > > > > > > > On Fri, Nov 7, 2025 at 6:57 PM Dmitri Bourlatchkov <[email protected]> > > wrote: > > > > > > > Hi All, > > > > > > > > PR [3005] expanded the RegEx rule for Role ARN parameter validation. > > > > > > > > However, I see [1] that aws-cn ARNs are blocked by an explicit code > > check. > > > > This blocking appears to be present since day 1 of the Apache Polaris > > > > codebase [2], when aws-us-gov was also blocked. The blocking of > > aws-us-gov > > > > ended with [1056]. > > > > > > > > Does anyone have any rationale on why Polaris should block aws-cn > ARNs? > > > > > > > > [1] > > > > > > > > > > > https://github.com/apache/polaris/blob/main/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java#L165 > > > > > > > > [2] > > > > > > > > > > > https://github.com/apache/polaris/blob/f3d9141c9708940523aa8d206a0bb32465398a7f/polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java#L91 > > > > > > > > [1056] https://github.com/apache/polaris/pull/1056 > > > > [3005] https://github.com/apache/polaris/pull/3005 > > > > > > > > Thanks, > > > > Dmitri. > > > > > > >
