Re: [PR] Add X-Generic-Table-Access-Delegation header in the Generic Table API spec for credential vending [polaris]

Tue, 24 Mar 2026 07:43:52 -0700 


dimas-b commented on code in PR #4043:
URL: https://github.com/apache/polaris/pull/4043#discussion_r2982074069


##########
spec/polaris-catalog-apis/generic-tables-api.yaml:
##########
@@ -182,6 +186,26 @@ components:
         type: string
       example: "sales"
 
+    generic-table-data-access:
+      name: X-Generic-Table-Access-Delegation
+      in: header
+      description: >
+        Optional signal to the server that the client supports delegated access
+        via a comma-separated list of access mechanisms. The server may choose
+        to supply access via any or none of the requested mechanisms.
+
+
+        When `vended-credentials` is included, the server may return scoped

Review Comment:
   Re: `may return` - do you mean that the server is not allowed to return 
credentials in `storage-access-configs` when this header value is not set?



##########
spec/polaris-catalog-apis/generic-tables-api.yaml:
##########
@@ -182,6 +186,26 @@ components:
         type: string
       example: "sales"
 
+    generic-table-data-access:
+      name: X-Generic-Table-Access-Delegation
+      in: header
+      description: >
+        Optional signal to the server that the client supports delegated access
+        via a comma-separated list of access mechanisms. The server may choose
+        to supply access via any or none of the requested mechanisms.
+
+
+        When `vended-credentials` is included, the server may return scoped
+        storage credentials in the `storage-access-configs` field of the 
response.
+      required: false
+      schema:
+        type: string
+        enum:

Review Comment:
   `enum` means exactly one of many values can be specified, right? How can it 
work for a comma-separated list (line 194)?



##########
spec/polaris-catalog-apis/generic-tables-api.yaml:
##########
@@ -182,6 +186,26 @@ components:
         type: string
       example: "sales"
 
+    generic-table-data-access:
+      name: X-Generic-Table-Access-Delegation
+      in: header
+      description: >
+        Optional signal to the server that the client supports delegated access
+        via a comma-separated list of access mechanisms. The server may choose
+        to supply access via any or none of the requested mechanisms.

Review Comment:
   Re: `none` - in the Polaris IRC impl., if the client requests credential 
vending, but the server cannot provide them, the server will return an error 
response. 
   
   Do we want the server to silently ignore credential vending requests in the 
Generic Tables API?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to