diff --git a/.github/workflows/check-md-link.yml b/.github/workflows/check-md-link.yml index cb0c0d34c..6cdb4195e 100644 --- a/.github/workflows/check-md-link.yml +++ b/.github/workflows/check-md-link.yml @@ -41,4 +41,5 @@ jobs: with: use-quiet-mode: 'yes' config-file: '.github/workflows/check-md-link-config.json' - folder-path: '.' # checks all md files + folder-path: 'regtests, regtests/client/python/docs, regtests/client/python, .github, build-logic, polaris-core, polaris-service, extension, spec, k8, notebooks' + file-path: 'CHAT_BYLAWS.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, README.md SECURITY.md' diff --git a/.github/workflows/site.yml b/.github/workflows/site.yml new file mode 100644 index 000000000..d3bb9ab3b --- /dev/null +++ b/.github/workflows/site.yml @@ -0,0 +1,58 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: "Hugo Site" +on: + push: + branches: [ "main", "versioned-docs" ] + pull_request: + +jobs: + site: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + with: + ref: "versioned-docs" + path: site/content/releases + + - name: Install docker-compose + run: | + sudo curl -SL \ + https://github.com/docker/compose/releases/download/v2.29.2/docker-compose-linux-x86_64 \ + -o /usr/local/bin/docker-compose + sudo chmod 755 /usr/local/bin/docker-compose + sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose + + - name: Build Apache Site + run: site/bin/create-static-site.sh + + # TODO Do we want to deploy from 'asf-site' in the 'polaris-site' repo or in the 'polaris' repo? + # The former requires a secret + - name: Deploy Static Site to GitHub + if: github.event_name == 'push' && github.repository == 'apache/polaris' + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_branch: asf-site + publish_dir: ./site/build/apache-site + cname: polaris.apache.org diff --git a/.gitignore b/.gitignore index f9b35731c..3855dceb5 100644 --- a/.gitignore +++ b/.gitignore @@ -64,6 +64,11 @@ gradle/wrapper/gradle-wrapper-*.sha256 **/build/ !src/**/build/ +# Possibly generated by npm from our Hugo container and leaking to the workspace - no need to track those in our case. +node_modules/ +/package.json +/package-lock.json + # jenv .java-version diff --git a/README.md b/README.md index f0f7ffb34..f98625d7f 100644 --- a/README.md +++ b/README.md @@ -90,11 +90,12 @@ Running regression tests - `docker compose up --build --exit-code-from regtest` - To run regression tests in a Docker environment. Building docs -- Docs are generated using [Redocly](https://redocly.com/docs/cli/installation). To regenerate them, run the following -commands from the project root directory. -```bash -docs/build -``` +- Docs are generated using [Hugo](https://gohugo.io/) using the [Docsy](https://www.docsy.dev/docs/) theme. +- To view the site locally, run + ```bash + site/bin/run-hugo-in-docker.sh + ``` +- See [README in `site/`](site/README.md) for more information. ## License diff --git a/build.gradle.kts b/build.gradle.kts index 21e403989..7b685987c 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -87,6 +87,13 @@ tasks.named("rat").configure { excludes.add("polaris-service/src/**/banner.txt") excludes.add("polaris-service/logs") + excludes.add("site/node_modules/**") + excludes.add("site/layouts/robots.txt") + // Ignore generated stuff, when the Hugo is run w/o Docker + excludes.add("site/public/**") + excludes.add("site/resources/_gen/**") + excludes.add("node_modules/**") + excludes.add("**/polaris-venv/**") excludes.add("**/.pytest_cache/**") @@ -110,6 +117,8 @@ tasks.named("rat").configure { excludes.add("**/*.lock") excludes.add("**/*.env*") + + excludes.add("**/go.sum") } // Pass environment variables: diff --git a/docs/CNAME b/docs/CNAME deleted file mode 100644 index 0aacaad23..000000000 --- a/docs/CNAME +++ /dev/null @@ -1 +0,0 @@ -polaris.io \ No newline at end of file diff --git a/docs/build b/docs/build deleted file mode 100755 index c396639bf..000000000 --- a/docs/build +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash - -set -eux - -docker run -p 8080:80 -v ${PWD}:/spec --rm docker.io/redocly/cli join spec/docs.yaml spec/polaris-management-service.yml spec/rest-catalog-open-api.yaml -o spec/index.yaml --prefix-components-with-info-prop title -docker run -p 8080:80 -v ${PWD}:/spec --rm docker.io/redocly/cli build-docs spec/index.yaml --output=docs/index.html --config=spec/redocly.yaml diff --git a/docs/index.html b/docs/index.html deleted file mode 100644 index b9c31b28d..000000000 --- a/docs/index.html +++ /dev/null @@ -1,3665 +0,0 @@ - - - - - - Apache Polaris (Incubating) Documentation - - - - - - - - - -
Apache Polaris Logo
API docs by Redocly

Apache Polaris (Incubating) Documentation

Download OpenAPI specification:Download

E-mail: dev [at] polaris.apache.org URL: https://github.com/apache/polaris License: Apache v2.0
-

Quick Start

This guide serves as a introduction to several key entities that can be managed with Apache Polaris (Incubating), describes how to build and deploy Polaris locally, and finally includes examples of how to use Polaris with Apache Spark™.

-

Prerequisites

This guide covers building Polaris, deploying it locally or via Docker, and interacting with it using the command-line interface and Apache Spark. Before proceeding with Polaris, be sure to satisfy the relevant prerequisites listed here.

-

Building and Deploying Polaris

-

To get the latest Polaris code, you'll need to clone the repository using git. You can install git using homebrew:

-
brew install git
-
-

Then, use git to clone the Polaris repo:

-
cd ~
-git clone https://github.com/apache/polaris.git
-
-

With Docker

-

If you plan to deploy Polaris inside Docker, you'll need to install docker itself. For example, this can be done using homebrew:

-
brew install --cask docker
-
-

Once installed, make sure Docker is running.

-

From Source

-

If you plan to build Polaris from source yourself, you will need to satisfy a few prerequisites first.

-

Polaris is built using gradle and is compatible with Java 21. We recommend the use of jenv to manage multiple Java versions. For example, to install Java 21 via homebrew and configure it with jenv:

-
cd ~/polaris
-brew install openjdk@21 jenv
-jenv add $(brew --prefix openjdk@21)
-jenv local 21
-
-

Connecting to Polaris

-

Polaris is compatible with any Apache Iceberg client that supports the REST API. Depending on the client you plan to use, refer to the prerequisites below.

-

With Spark

-

If you want to connect to Polaris with Apache Spark, you'll need to start by cloning Spark. As above, make sure git is installed first. You can install it with homebrew:

-
brew install git
-
-

Then, clone Spark and check out a versioned branch. This guide uses Spark 3.5.

-
cd ~
-git clone https://github.com/apache/spark.git
-cd ~/spark
-git checkout branch-3.5
-
-

Deploying Polaris

Polaris can be deployed via a lightweight docker image or as a standalone process. Before starting, be sure that you've satisfied the relevant prerequisites detailed above.

-

Docker Image

-

To start using Polaris in Docker, launch Polaris while Docker is running:

-
cd ~/polaris
-docker compose -f docker-compose.yml up --build
-
-

Once the polaris-polaris container is up, you can continue to Defining a Catalog.

-

Building Polaris

-

Run Polaris locally with:

-
cd ~/polaris
-./gradlew runApp
-
-

You should see output for some time as Polaris builds and starts up. Eventually, you won’t see any more logs and should see messages that resemble the following:

-
INFO  [...] [main] [] o.e.j.s.handler.ContextHandler: Started i.d.j.MutableServletContextHandler@...
-INFO  [...] [main] [] o.e.j.server.AbstractConnector: Started application@...
-INFO  [...] [main] [] o.e.j.server.AbstractConnector: Started admin@...
-INFO  [...] [main] [] o.eclipse.jetty.server.Server: Started Server@...
-
-

At this point, Polaris is running.

-

Bootstrapping Polaris

For this tutorial, we'll launch an instance of Polaris that stores entities only in-memory. This means that any entities that you define will be destroyed when Polaris is shut down. It also means that Polaris will automatically bootstrap itself with root credentials. For more information on how to configure Polaris for production usage, see the docs.

-

When Polaris is launched using in-memory mode the root principal credentials can be found in stdout on initial startup. For example:

-
realm: default-realm root principal credentials: <client-id>:<client-secret>
-
-

Be sure to note of these credentials as we'll be using them below. You can also set these credentials as environment variables for use with the Polaris CLI:

-
export CLIENT_ID=<client-id> 
-export CLIENT_SECRET=<client-secret>
-
-

Defining a Catalog

In Polaris, the catalog is the top-level entity that objects like tables and views are organized under. With a Polaris service running, you can create a catalog like so:

-
cd ~/polaris
-
-./polaris \
-  --client-id ${CLIENT_ID} \
-  --client-secret ${CLIENT_SECRET} \
-  catalogs \
-  create \
-  --storage-type s3 \
-  --default-base-location ${DEFAULT_BASE_LOCATION} \
-  --role-arn ${ROLE_ARN} \
-  quickstart_catalog
-
-

This will create a new catalog called quickstart_catalog.

-

The DEFAULT_BASE_LOCATION you provide will be the default location that objects in this catalog should be stored in, and the ROLE_ARN you provide should be a Role ARN with access to read and write data in that location. These credentials will be provided to engines reading data from the catalog once they have authenticated with Polaris using credentials that have access to those resources.

-

If you’re using a storage type other than S3, such as Azure, you’ll provide a different type of credential than a Role ARN. For more details on supported storage types, see the docs.

-

Additionally, if Polaris is running somewhere other than localhost:8181, you can specify the correct hostname and port by providing --host and --port flags. For the full set of options supported by the CLI, please refer to the docs.

-

Creating a Principal and Assigning it Privileges

-

With a catalog created, we can create a principal that has access to manage that catalog. For details on how to configure the Polaris CLI, see the section above or refer to the docs.

-
./polaris \
-  --client-id ${CLIENT_ID} \
-  --client-secret ${CLIENT_SECRET} \
-  principals \
-  create \
-  quickstart_user
-
-./polaris \
-  --client-id ${CLIENT_ID} \
-  --client-secret ${CLIENT_SECRET} \
-  principal-roles \
-  create \
-  quickstart_user_role
-
-./polaris \
-  --client-id ${CLIENT_ID} \
-  --client-secret ${CLIENT_SECRET} \
-  catalog-roles \
-  create \
-  --catalog quickstart_catalog \
-  quickstart_catalog_role
-
-

Be sure to provide the necessary credentials, hostname, and port as before.

-

When the principals create command completes successfully, it will return the credentials for this new principal. Be sure to note these down for later. For example:

-
./polaris ... principals create example
-{"clientId": "XXXX", "clientSecret": "YYYY"}
-
-

Now, we grant the principal the principal role we created, and grant the catalog role the principal role we created. For more information on these entities, please refer to the linked documentation.

-
./polaris \
-  --client-id ${CLIENT_ID} \
-  --client-secret ${CLIENT_SECRET} \
-  principal-roles \
-  grant \
-  --principal quickstart_user \
-  quickstart_user_role
-
-./polaris \
-  --client-id ${CLIENT_ID} \
-  --client-secret ${CLIENT_SECRET} \
-  catalog-roles \
-  grant \
-  --catalog quickstart_catalog \
-  --principal-role quickstart_user_role \
-  quickstart_catalog_role
-
-

Now, we’ve linked our principal to the catalog via roles like so:

-

Principal to Catalog

-

In order to give this principal the ability to interact with the catalog, we must assign some privileges. For the time being, we will give this principal the ability to fully manage content in our new catalog. We can do this with the CLI like so:

-
./polaris \
-  --client-id ${CLIENT_ID} \
-  --client-secret ${CLIENT_SECRET} \
-  privileges \
-  catalog \
-  grant \
-  --catalog quickstart_catalog \
-  --catalog-role quickstart_catalog_role \
-  CATALOG_MANAGE_CONTENT
-
-

This grants the catalog privileges CATALOG_MANAGE_CONTENT to our catalog role, linking everything together like so:

-

Principal to Catalog with Catalog Role

-

CATALOG_MANAGE_CONTENT has create/list/read/write privileges on all entities within the catalog. The same privilege could be granted to a namespace, in which case the principal could create/list/read/write any entity under that namespace.

-

Using Iceberg & Polaris

At this point, we’ve created a principal and granted it the ability to manage a catalog. We can now use an external engine to assume that principal, access our catalog, and store data in that catalog using Apache Iceberg.

-

Connecting with Spark

-

To use a Polaris-managed catalog in Apache Spark, we can configure Spark to use the Iceberg catalog REST API.

-

This guide uses Apache Spark 3.5, but be sure to find the appropriate iceberg-spark package for your Spark version. From a local Spark clone on the branch-3.5 branch we can run the following:

-

Note: the credentials provided here are those for our principal, not the root credentials.

-
bin/spark-shell \
---packages org.apache.iceberg:iceberg-spark-runtime-3.5_2.12:1.5.2,org.apache.hadoop:hadoop-aws:3.4.0 \
---conf spark.sql.extensions=org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions \
---conf spark.sql.catalog.quickstart_catalog.warehouse=quickstart_catalog \
---conf spark.sql.catalog.quickstart_catalog.header.X-Iceberg-Access-Delegation=vended-credentials \
---conf spark.sql.catalog.quickstart_catalog=org.apache.iceberg.spark.SparkCatalog \
---conf spark.sql.catalog.quickstart_catalog.catalog-impl=org.apache.iceberg.rest.RESTCatalog \
---conf spark.sql.catalog.quickstart_catalog.uri=http://localhost:8181/api/catalog \
---conf spark.sql.catalog.quickstart_catalog.credential='XXXX:YYYY' \
---conf spark.sql.catalog.quickstart_catalog.scope='PRINCIPAL_ROLE:ALL' \
---conf spark.sql.catalog.quickstart_catalog.token-refresh-enabled=true
-
-

Replace XXXX and YYYY with the client ID and client secret generated when you created the quickstart_user principal.

-

Similar to the CLI commands above, this configures Spark to use the Polaris running at localhost:8181. If your Polaris server is running elsewhere, but sure to update the configuration appropriately.

-

Finally, note that we include the hadoop-aws package here. If your table is using a different filesystem, be sure to include the appropriate dependency.

-

Once the Spark session starts, we can create a namespace and table within the catalog:

-
spark.sql("USE quickstart_catalog")
-spark.sql("CREATE NAMESPACE IF NOT EXISTS quickstart_namespace")
-spark.sql("CREATE NAMESPACE IF NOT EXISTS quickstart_namespace.schema")
-spark.sql("USE NAMESPACE quickstart_namespace.schema")
-spark.sql("""
-    CREATE TABLE IF NOT EXISTS quickstart_table (
-        id BIGINT, data STRING
-    ) 
-USING ICEBERG
-""")
-
-

We can now use this table like any other:

-
spark.sql("INSERT INTO quickstart_table VALUES (1, 'some data')")
-spark.sql("SELECT * FROM quickstart_table").show(false)
-. . .
-+---+---------+
-|id |data     |
-+---+---------+
-|1  |some data|
-+---+---------+
-
-

If at any time access is revoked...

-
./polaris \
-  --client-id ${CLIENT_ID} \
-  --client-secret ${CLIENT_SECRET} \
-  privileges \
-  catalog \
-  revoke \
-  --catalog quickstart_catalog \
-  --catalog-role quickstart_catalog_role \
-  CATALOG_MANAGE_CONTENT
-
-

Spark will lose access to the table:

-
spark.sql("SELECT * FROM quickstart_table").show(false)
-
-org.apache.iceberg.exceptions.ForbiddenException: Forbidden: Principal 'quickstart_user' with activated PrincipalRoles '[]' and activated ids '[6, 7]' is not authorized for op LOAD_TABLE_WITH_READ_DELEGATION
-
-

Overview

- -

Apache Polaris (Incubating) is a catalog implementation for Apache Iceberg™ tables and is built on the open source Apache Iceberg™ REST protocol.

-

With Polaris, you can provide centralized, secure read and write access to your Iceberg tables across different REST-compatible query engines.

-

Conceptual diagram of Apache Polaris (Incubating).

-

Key concepts

This section introduces key concepts associated with using Apache Polaris (Incubating).

-

In the following diagram, a sample Apache Polaris (Incubating) structure with nested namespaces is shown for Catalog1. No tables -or namespaces have been created yet for Catalog2 or Catalog3.

-

Diagram that shows an example Apache Polaris (Incubating) structure.

-

Catalog

-

In Polaris, you can create one or more catalog resources to organize Iceberg tables.

-

Configure your catalog by setting values in the storage configuration for S3, Azure, or Google Cloud Storage. An Iceberg catalog enables a -query engine to manage and organize tables. The catalog forms the first architectural layer in the Apache Iceberg™ table specification and must support the following tasks:

-
    -

  • Storing the current metadata pointer for one or more Iceberg tables. A metadata pointer maps a table name to the location of that table's - current metadata file.

    -
    • -

  • Performing atomic operations so that you can update the current metadata pointer for a table to the metadata pointer of a new version of -the table.

    -
    • -
-

To learn more about Iceberg catalogs, see the Apache Iceberg™ documentation.

-

Catalog types

-

A catalog can be one of the following two types:

-
    -

  • Internal: The catalog is managed by Polaris. Tables from this catalog can be read and written in Polaris.

    -
    • -

  • External: The catalog is externally managed by another Iceberg catalog provider (for example, Snowflake, Glue, Dremio Arctic). Tables from -this catalog are synced to Polaris. These tables are read-only in Polaris. In the current release, only a Snowflake external catalog is provided.

    -
    • -
-

A catalog is configured with a storage configuration that can point to S3, Azure storage, or GCS.

-

Namespace

-

You create namespaces to logically group Iceberg tables within a catalog. A catalog can have multiple namespaces. You can also create -nested namespaces. Iceberg tables belong to namespaces.

-

Apache Iceberg™ tables and catalogs

-

In an internal catalog, an Iceberg table is registered in Polaris, but read and written via query engines. The table data and -metadata is stored in your external cloud storage. The table uses Polaris as the Iceberg catalog.

-

If you have tables housed in another Iceberg catalog, you can sync these tables to an external catalog in Polaris. -If you sync this catalog to Polaris, it appears as an external catalog in Polaris. Clients connecting to the external -catalog can read from or write to these tables. However, clients connecting to Polaris will only be able to -read from these tables.

-
-

Important

-

For the access privileges defined for a catalog to be enforced correctly, the following conditions must be met:

-
    -
  • The directory only contains the data files that belong to a single table.
    • -
  • The directory hierarchy matches the namespace hierarchy for the catalog.
    • -
-

For example, if a catalog includes the following items:

-
    -
  • Top-level namespace namespace1
    • -
  • Nested namespace namespace1a
    • -
  • A customers table, which is grouped under nested namespace namespace1a
    • -
  • An orders table, which is grouped under nested namespace namespace1a
    • -
-

The directory hierarchy for the catalog must follow this structure:

-
    -
  • /namespace1/namespace1a/customers/<files for the customers table *only*>
    • -
  • /namespace1/namespace1a/orders/<files for the orders table *only*>
    • -
-
-

Service principal

-

A service principal is an entity that you create in Polaris. Each service principal encapsulates credentials that you use to connect -to Polaris.

-

Query engines use service principals to connect to catalogs.

-

Polaris generates a Client ID and Client Secret pair for each service principal.

-

The following table displays example service principals that you might create in Polaris:

- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Service connection namePurpose
Flink ingestionFor Apache Flink® to ingest streaming data into Apache Iceberg™ tables.
Spark ETL pipelineFor Apache Spark™ to run ETL pipeline jobs on Iceberg tables.
Snowflake data pipelinesFor Snowflake to run data pipelines for transforming data in Apache Iceberg™ tables.
Trino BI dashboardFor Trino to run BI queries for powering a dashboard.
Snowflake AI teamFor Snowflake to run AI jobs on data in Apache Iceberg™ tables.
-

Service connection

-

A service connection represents a REST-compatible engine (such as Apache Spark™, Apache Flink®, or Trino) that can read from and write to Polaris -Catalog. When creating a new service connection, the Polaris administrator grants the service principal that is created with the new service -connection either a new or existing principal role. A principal role is a resource in Polaris that you can use to logically group Polaris -service principals together and grant privileges on securable objects. For more information, see Principal role. Polaris uses a role-based access control (RBAC) model to grant service principals access to resources. For more information, -see Access control. For a diagram of this model, see RBAC model.

-

If the Polaris administrator grants the service principal for the new service connection a new principal role, the service principal -doesn't have any privileges granted to it yet. When securing the catalog that the new service connection will connect to, the Polaris -administrator grants privileges to catalog roles and then grants these catalog roles to the new principal role. As a result, the service -principal for the new service connection has these privileges. For more information about catalog roles, see Catalog role.

-

If the Polaris administrator grants an existing principal role to the service principal for the new service connection, the service principal -has the same privileges granted to the catalog roles that are granted to the existing principal role. If needed, the Polaris -administrator can grant additional catalog roles to the existing principal role or remove catalog roles from it to adjust the privileges -bestowed to the service principal. For an example of how RBAC works in Polaris, see RBAC example.

-

Storage configuration

-

A storage configuration stores a generated identity and access management (IAM) entity for your external cloud storage and is created -when you create a catalog. The storage configuration is used to set the values to connect Polaris to your cloud storage. During the -catalog creation process, an IAM entity is generated and used to create a trust relationship between the cloud storage provider and Polaris -Catalog.

-

When you create a catalog, you supply the following information about your external cloud storage:

- - - - - - - - - - - - - - - - - - - -
Cloud storage providerInformation
Amazon S3
  • Default base location for your Amazon S3 bucket
  • Locations for your Amazon S3 bucket
  • S3 role ARN
  • External ID (optional)
Google Cloud Storage (GCS)
  • Default base location for your GCS bucket
  • Locations for your GCS bucket
Azure
  • Default base location for your Microsoft Azure container
  • Locations for your Microsoft Azure container
  • Azure tenant ID
-

Example workflow

In the following example workflow, Bob creates an Apache Iceberg™ table named Table1 and Alice reads data from Table1.

-
    -

  1. Bob uses Apache Spark™ to create the Table1 table under the -Namespace1 namespace in the Catalog1 catalog and insert values into -Table1.

    -

    Bob can create Table1 and insert data into it because he is using a -service connection with a service principal that has -the privileges to perform these actions.

    -
    2. -

  2. Alice uses Trino to read data from Table1.

    -

    Alice can read data from Table1 because she is using a service -connection with a service principal that has the privileges to -perform this action.

    -
    3. -
-

Diagram that shows an example workflow for Apache Polaris (Incubating)

-

Security and access control

This section describes security and access control.

-

Credential vending

-

To secure interactions with service connections, Polaris vends temporary storage credentials to the query engine during query -execution. These credentials allow the query engine to run the query without requiring access to your external cloud storage for -Iceberg tables. This process is called credential vending.

-

Identity and access management (IAM)

-

Polaris uses the identity and access management (IAM) entity to securely connect to your storage for accessing table data, Iceberg -metadata, and manifest files that store the table schema, partitions, and other metadata. Polaris retains the IAM entity for your -storage location.

-

Access control

-

Polaris enforces the access control that you configure across all tables registered with the service and governs security for all -queries from query engines in a consistent manner.

-

Polaris uses a role-based access control (RBAC) model that lets you centrally configure access for Polaris service principals to catalogs, -namespaces, and tables.

-

Polaris RBAC uses two different role types to delegate privileges:

-
    -

  • Principal roles: Granted to Polaris service principals and -analogous to roles in other access control systems that you grant to -service principals.

    -
    • -

  • Catalog roles: Configured with certain privileges on Polaris -catalog resources and granted to principal roles.

    -
    • -
-

For more information, see Access control.

-

Legal Notices

Apache®, Apache Iceberg™, Apache Spark™, Apache Flink®, and Flink® are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries.

-

Polaris Entities

- -

This page documents various entities that can be managed in Apache Polaris (Incubating).

-

Catalog

A catalog is a top-level entity in Polaris that may contain other entities like namespaces and tables. These map directly to Apache Iceberg catalogs.

-

For information on managing catalogs with the REST API or for more information on what data can be associated with a catalog, see the API docs.

-

Storage Type

-

All catalogs in Polaris are associated with a storage type. Valid Storage Types are S3, Azure, and GCS. The FILE type is also additionally available for testing. Each of these types relates to a different storage provider where data within the catalog may reside. Depending on the storage type, various other configurations may be set for a catalog including credentials to be used when accessing data inside the catalog.

-

For details on how to use Storage Types in the REST API, see the API docs.

-

Namespace

A namespace is a logical entity that resides within a catalog and can contain other entities such as tables or views. Some other systems may refer to namespaces as schemas or databases.

-

In Polaris, namespaces can be nested. For example, a.b.c.d.e.f.g is a valid namespace. b is said to reside within a, and so on.

-

For information on managing namespaces with the REST API or for more information on what data can be associated with a namespace, see the API docs.

-

Table

Polaris tables are entities that map to Apache Iceberg tables.

-

For information on managing tables with the REST API or for more information on what data can be associated with a table, see the API docs.

-

View

Polaris views are entities that map to Apache Iceberg views.

-

For information on managing views with the REST API or for more information on what data can be associated with a view, see the API docs.

-

Principal

Polaris principals are unique identities that can be used to represent users or services. Each principal may have one or more principal roles assigned to it for the purpose of accessing catalogs and the entities within them.

-

For information on managing principals with the REST API or for more information on what data can be associated with a principal, see the API docs.

-

Principal Role

Polaris principal roles are labels that may be granted to principals. Each principal may have one or more principal roles, and the same principal role may be granted to multiple principals. Principal roles may be assigned based on the persona or responsibilities of a given principal, or on how that principal will need to access different entities within Polaris.

-

For information on managing principal roles with the REST API or for more information on what data can be associated with a principal role, see the API docs.

-

Catalog Role

Polaris catalog roles are labels that may be granted to catalogs. Each catalog may have one or more catalog roles, and the same catalog role may be granted to multiple catalogs. Catalog roles may be assigned based on the nature of data that will reside in a catalog, or by the groups of users and services that might need to access that data.

-

Each catalog role may have multiple privileges granted to it, and each catalog role can be granted to one or more principal roles. This is the mechanism by which principals are granted access to entities inside a catalog such as namespaces and tables.

-

Privilege

Polaris privileges are granted to catalog roles in order to grant principals with a given principal role some degree of access to catalogs with a given catalog role. When a privilege is granted to a catalog role, any principal roles granted that catalog role receive the privilege. In turn, any principals who are granted that principal role receive it.

-

A privilege can be scoped to any entity inside a catalog, including the catalog itself.

-

For a list of supported privileges for each privilege class, see the API docs:

- -

Access Control

- -

This section provides information about how access control works for Apache Polaris (Incubating).

-

Polaris uses a role-based access control (RBAC) model in which the Polaris administrator assigns access privileges to catalog roles -and then grants access to resources to service principals by assigning catalog roles to principal roles.

-

These are the key concepts to understanding access control in Polaris:

-
    -
  • Securable object
    • -
  • Principal role
    • -
  • Catalog role
    • -
  • Privilege
    • -
-

Securable object

A securable object is an object to which access can be granted. Polaris -has the following securable objects:

-
    -
  • Catalog
    • -
  • Namespace
    • -
  • Iceberg table
    • -
  • View
    • -
-

Principal role

A principal role is a resource in Polaris that you can use to logically group Polaris service principals together and grant privileges on -securable objects.

-

Polaris supports a many-to-one relationship between service principals and principal roles. For example, to grant the same privileges to -multiple service principals, you can grant a single principal role to those service principals. A service principal can be granted one -principal role. When registering a service connection, the Polaris administrator specifies the principal role that is granted to the -service principal.

-

You don't grant privileges directly to a principal role. Instead, you configure object permissions at the catalog role level, and then grant -catalog roles to a principal role.

-

The following table shows examples of principal roles that you might configure in Polaris:

- - - - - - - - - - - - - - - -
Principal role nameDescription
Data_engineerA role that is granted to multiple service principals for running data engineering jobs.
Data_scientistA role that is granted to multiple service principals for running data science or AI jobs.
-

Catalog role

A catalog role belongs to a particular catalog resource in Polaris and specifies a set of permissions for actions on the catalog or objects -in the catalog, such as catalog namespaces or tables. You can create one or more catalog roles for a catalog.

-

You grant privileges to a catalog role and then grant the catalog role to a principal role to bestow the privileges to one or more service -principals.

-
-

Note

-

If you update the privileges bestowed to a service principal, the updates won't take effect for up to one hour. This means that if you -revoke or grant some privileges for a catalog, the updated privileges won't take effect on any service principal with access to that catalog -for up to one hour.

-
-

Polaris also supports a many-to-many relationship between catalog roles and principal roles. You can grant the same catalog role to one or more -principal roles. Likewise, a principal role can be granted to one or more catalog roles.

-

The following table displays examples of catalog roles that you might -configure in Polaris:

- - - - - - - - - - - - - - - - - - - -
Example Catalog roleDescription
Catalog administratorsA role that has been granted multiple privileges to emulate full access to the catalog.

Principal roles that have been granted this role are permitted to create, alter, read, write, and drop tables in the catalog.
Catalog readersA role that has been granted read-only privileges to tables in the catalog.

Principal roles that have been granted this role are allowed to read from tables in the catalog.
Catalog contributorA role that has been granted read and write access privileges to all tables that belong to the catalog.

Principal roles that have been granted this role are allowed to perform read and write operations on tables in the catalog.
-

RBAC model

The following diagram illustrates the RBAC model used by Polaris. For each catalog, the Polaris administrator assigns access -privileges to catalog roles and then grants service principals access to resources by assigning catalog roles to principal roles. Polaris -supports a many-to-one relationship between service principals and principal roles.

-

Diagram that shows the RBAC model for Apache Polaris.

-

Access control privileges

This section describes the privileges that are available in the Polaris access control model. Privileges are granted to catalog roles, catalog -roles are granted to principal roles, and principal roles are granted to service principals to specify the operations that service principals can -perform on objects in Polaris.

-
-

Important

-

You can only grant privileges at the catalog level. Fine-grained access controls are not available. For example, you can grant read -privileges to all tables in a catalog but not to an individual table in the catalog.

-
-

To grant the full set of privileges (drop, list, read, write, etc.) on an object, you can use the full privilege option.

-

Table privileges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrivilegeDescription
TABLE_CREATEEnables registering a table with the catalog.
TABLE_DROPEnables dropping a table from the catalog.
TABLE_LISTEnables listing any tables in the catalog.
TABLE_READ_PROPERTIESEnables reading properties of the table.
TABLE_WRITE_PROPERTIESEnables configuring properties for the table.
TABLE_READ_DATAEnables reading data from the table by receiving short-lived read-only storage credentials from the catalog.
TABLE_WRITE_DATAEnables writing data to the table by receiving short-lived read+write storage credentials from the catalog.
TABLE_FULL_METADATAGrants all table privileges, except TABLE_READ_DATA and TABLE_WRITE_DATA, which need to be granted individually.
-

View privileges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrivilegeDescription
VIEW_CREATEEnables registering a view with the catalog.
VIEW_DROPEnables dropping a view from the catalog.
VIEW_LISTEnables listing any views in the catalog.
VIEW_READ_PROPERTIESEnables reading all the view properties.
VIEW_WRITE_PROPERTIESEnables configuring view properties.
VIEW_FULL_METADATAGrants all view privileges.
-

Namespace privileges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrivilegeDescription
NAMESPACE_CREATEEnables creating a namespace in a catalog.
NAMESPACE_DROPEnables dropping the namespace from the catalog.
NAMESPACE_LISTEnables listing any object in the namespace, including nested namespaces and tables.
NAMESPACE_READ_PROPERTIESEnables reading all the namespace properties.
NAMESPACE_WRITE_PROPERTIESEnables configuring namespace properties.
NAMESPACE_FULL_METADATAGrants all namespace privileges.
-

Catalog privileges

- - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrivilegeDescription
CATALOG_MANAGE_ACCESSIncludes the ability to grant or revoke privileges on objects in a catalog to catalog roles, and the ability to grant or revoke catalog roles to or from principal roles.
CATALOG_MANAGE_CONTENTEnables full management of content for the catalog. This privilege encompasses the following privileges:
  • CATALOG_MANAGE_METADATA
  • TABLE_FULL_METADATA
  • NAMESPACE_FULL_METADATA
  • VIEW_FULL_METADATA
  • TABLE_WRITE_DATA
  • TABLE_READ_DATA
  • CATALOG_READ_PROPERTIES
  • CATALOG_WRITE_PROPERTIES
CATALOG_MANAGE_METADATAEnables full management of the catalog, catalog roles, namespaces, and tables.
CATALOG_READ_PROPERTIESEnables listing catalogs and reading properties of the catalog.
CATALOG_WRITE_PROPERTIESEnables configuring catalog properties.
-

RBAC example

The following diagram illustrates how RBAC works in Polaris and -includes the following users:

-
    -

  • Alice: A service admin who signs up for Polaris. Alice can - create service principals. She can also create catalogs and - namespaces and configure access control for Polaris resources.

    -
    • -

  • Bob: A data engineer who uses Apache Spark™ to - interact with Polaris.

    -
      -

    • Alice has created a service principal for Bob. It has been - granted the Data_engineer principal role, which in turn has been - granted the following catalog roles: Catalog contributor and - Data administrator (for both the Silver and Gold zone catalogs - in the following diagram).

      -
      • -

    • The Catalog contributor role grants permission to create - namespaces and tables in the Bronze zone catalog.

      -
      • -

    • The Data administrator roles grant full administrative rights to - the Silver zone catalog and Gold zone catalog.

      -
      • -
    -
    • -

  • Mark: A data scientist who uses trains models with data managed - by Polaris.

    -
      -

    • Alice has created a service principal for Mark. It has been - granted the Data_scientist principal role, which in turn has - been granted the catalog role named Catalog reader.

      -
      • -

    • The Catalog reader role grants read-only access for a catalog - named Gold zone catalog.

      -
      • -
    -
    • -
-

Diagram that shows an example of how RBAC works in Apache Polaris.

-

Configuring Polaris for Production

- - -

Configuring Apache Polaris (Incubating) for Production

-

The default polaris-server.yml configuration is intended for development and testing. When deploying Polaris in production, there are several best practices to keep in mind.

-

Security

-

Configurations

-

Notable configuration used to secure a Polaris deployment are outlined below.

-

oauth2

-
-

[!WARNING]
Ensure that the tokenBroker setting reflects the token broker specified in authenticator below.

-
-
    -
  • Configure OAuth with this setting. Remove the TestInlineBearerTokenPolarisAuthenticator option and uncomment the DefaultPolarisAuthenticator authenticator option beneath it.
    • -
  • Then, configure the token broker. You can configure the token broker to use either asymmetric or symmetric keys.
    • -
-

authenticator.tokenBroker

-
-

[!WARNING]
Ensure that the tokenBroker setting reflects the token broker specified in oauth2 above.

-
-

callContextResolver & realmContextResolver

-
    -
  • Use these configurations to specify a service that can resolve a realm from bearer tokens.
    • -
  • The service(s) used here must implement the relevant interfaces (i.e. CallContextResolver and RealmContextResolver).
    • -
-

Metastore Management

-
-

[!IMPORTANT]
The default in-memory implementation for metastoreManager is meant for testing and not suitable for production usage. Instead, consider an implementation such as eclipse-link which allows you to store metadata in a remote database.

-
-

A Metastore Manger should be configured with an implementation that durably persists Polaris entities. Use the configuration metaStoreManager to configure a MetastoreManager implementation where Polaris entities will be persisted.

-

Be sure to secure your metastore backend since it will be storing credentials and catalog metadata.

- -

To use EclipseLink for metastore management, specify the configuration metaStoreManager.conf-file to point to an EclipseLink persistence.xml file. This file, local to the Polaris service, contains details of the database used for metastore management and the connection settings. For more information, refer to metastore documentation for details.

-

Bootstrapping

-

Before using Polaris when using a metastore manager other than in-memory, you must bootstrap the metastore manager. This is a manual operation that must be performed only once in order to prepare the metastore manager to integrate with Polaris. When the metastore manager is bootstrapped, any existing Polaris entities in the metastore manager may be purged.

-

To bootstrap Polaris, run:

-
java -jar /path/to/jar/polaris-service-all.jar bootstrap polaris-server.yml
-
-

Afterwards, Polaris can be launched normally:

-
java -jar /path/to/jar/polaris-service-all.jar server polaris-server.yml
-
-

Other Configurations

-

When deploying Polaris in production, consider adjusting the following configurations:

-

featureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES

-
    -
  • By default Polaris catalogs are allowed to be located in local filesystem with the FILE storage type. This should be disabled for production systems.
    • -
  • Use this configuration to additionally disable any other storage types that will not be in use.
    • -
-

Configuring Apache Polaris (Incubating) for Production

The default polaris-server.yml configuration is intended for development and testing. When deploying Polaris in production, there are several best practices to keep in mind.

-

Security

Configurations

-

Notable configuration used to secure a Polaris deployment are outlined below.

-

oauth2

-
-

[!WARNING]
Ensure that the tokenBroker setting reflects the token broker specified in authenticator below.

-
-
    -
  • Configure OAuth with this setting. Remove the TestInlineBearerTokenPolarisAuthenticator option and uncomment the DefaultPolarisAuthenticator authenticator option beneath it.
    • -
  • Then, configure the token broker. You can configure the token broker to use either asymmetric or symmetric keys.
    • -
-

authenticator.tokenBroker

-
-

[!WARNING]
Ensure that the tokenBroker setting reflects the token broker specified in oauth2 above.

-
-

callContextResolver & realmContextResolver

-
    -
  • Use these configurations to specify a service that can resolve a realm from bearer tokens.
    • -
  • The service(s) used here must implement the relevant interfaces (i.e. CallContextResolver and RealmContextResolver).
    • -
-

Metastore Management

-

[!IMPORTANT]
The default in-memory implementation for metastoreManager is meant for testing and not suitable for production usage. Instead, consider an implementation such as eclipse-link which allows you to store metadata in a remote database.

-
-

A Metastore Manger should be configured with an implementation that durably persists Polaris entities. Use the configuration metaStoreManager to configure a MetastoreManager implementation where Polaris entities will be persisted.

-

Be sure to secure your metastore backend since it will be storing credentials and catalog metadata.

- -

To use EclipseLink for metastore management, specify the configuration metaStoreManager.conf-file to point to an EclipseLink persistence.xml file. This file, local to the Polaris service, contains details of the database used for metastore management and the connection settings. For more information, refer to metastore documentation for details.

-

Bootstrapping

-

Before using Polaris when using a metastore manager other than in-memory, you must bootstrap the metastore manager. This is a manual operation that must be performed only once in order to prepare the metastore manager to integrate with Polaris. When the metastore manager is bootstrapped, any existing Polaris entities in the metastore manager may be purged.

-

To bootstrap Polaris, run:

-
java -jar /path/to/jar/polaris-service-all.jar bootstrap polaris-server.yml
-
-

Afterwards, Polaris can be launched normally:

-
java -jar /path/to/jar/polaris-service-all.jar server polaris-server.yml
-
-

Other Configurations

When deploying Polaris in production, consider adjusting the following configurations:

-

featureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES

-
    -
  • By default Polaris catalogs are allowed to be located in local filesystem with the FILE storage type. This should be disabled for production systems.
    • -
  • Use this configuration to additionally disable any other storage types that will not be in use.
    • -
-

other

listCatalogs

List all catalogs in this polaris service

-
Authorizations:
Polaris_Management_Service_OAuth2

Responses

Response samples

Content type
application/json
{
  • "catalogs": [
    ]
}

createCatalog

Add a new Catalog

-
Authorizations:
Polaris_Management_Service_OAuth2
Request Body schema: application/json
required

The Catalog to create

-
required
object (Polaris_Management_Service_Catalog)

A catalog object. A catalog may be internal or external. External catalogs are managed entirely by an external catalog interface. Third party catalogs may be other Iceberg REST implementations or other services with their own proprietary APIs

-

Responses

Request samples

Content type
application/json
{
  • "catalog": {
    }
}

getCatalog

Get the details of a catalog

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog

-

Responses

Response samples

Content type
application/json
Example
{
  • "type": "INTERNAL",
  • "name": "string",
  • "properties": {
    },
  • "createTimestamp": 0,
  • "lastUpdateTimestamp": 0,
  • "entityVersion": 0,
  • "storageConfigInfo": {
    }
}

updateCatalog

Update an existing catalog

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog

-
Request Body schema: application/json
required

The catalog details to use in the update

-
currentEntityVersion
integer

The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version.

-
object
object (Polaris_Management_Service_StorageConfigInfo)

A storage configuration used by catalogs

-

Responses

Request samples

Content type
application/json
{
  • "currentEntityVersion": 0,
  • "properties": {
    },
  • "storageConfigInfo": {
    }
}

Response samples

Content type
application/json
Example
{
  • "type": "INTERNAL",
  • "name": "string",
  • "properties": {
    },
  • "createTimestamp": 0,
  • "lastUpdateTimestamp": 0,
  • "entityVersion": 0,
  • "storageConfigInfo": {
    }
}

deleteCatalog

Delete an existing catalog. The catalog must be empty.

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog

-

Responses

listPrincipals

List the principals for the current catalog

-
Authorizations:
Polaris_Management_Service_OAuth2

Responses

Response samples

Content type
application/json
{
  • "principals": [
    ]
}

createPrincipal

Create a principal

-
Authorizations:
Polaris_Management_Service_OAuth2
Request Body schema: application/json
required

The principal to create

-
object (Polaris_Management_Service_Principal)

A Polaris principal.

-
credentialRotationRequired
boolean

If true, the initial credentials can only be used to call rotateCredentials

-

Responses

Request samples

Content type
application/json
{
  • "principal": {
    },
  • "credentialRotationRequired": true
}

Response samples

Content type
application/json
{
  • "principal": {
    },
  • "credentials": {
    }
}

getPrincipal

Get the principal details

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal name

-

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "clientId": "string",
  • "properties": {
    },
  • "createTimestamp": 0,
  • "lastUpdateTimestamp": 0,
  • "entityVersion": 0
}

updatePrincipal

Update an existing principal

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal name

-
Request Body schema: application/json
required

The principal details to use in the update

-
currentEntityVersion
required
integer

The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version.

-
required
object

Responses

Request samples

Content type
application/json
{
  • "currentEntityVersion": 0,
  • "properties": {
    }
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "clientId": "string",
  • "properties": {
    },
  • "createTimestamp": 0,
  • "lastUpdateTimestamp": 0,
  • "entityVersion": 0
}

deletePrincipal

Remove a principal from polaris

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal name

-

Responses

rotateCredentials

Rotate a principal's credentials. The new credentials will be returned in the response. This is the only API, aside from createPrincipal, that returns the user's credentials. This API is not idempotent.

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The user name

-

Responses

Response samples

Content type
application/json
{
  • "principal": {
    },
  • "credentials": {
    }
}

listPrincipalRolesAssigned

List the roles assigned to the principal

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the target principal

-

Responses

Response samples

Content type
application/json
{
  • "roles": [
    ]
}

assignPrincipalRole

Add a role to the principal

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the target principal

-
Request Body schema: application/json
required

The principal role to assign

-
object (Polaris_Management_Service_PrincipalRole)

Responses

Request samples

Content type
application/json
{
  • "principalRole": {
    }
}

revokePrincipalRole

Remove a role from a catalog principal

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the target principal

-
principalRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the role

-

Responses

listPrincipalRoles

List the principal roles

-
Authorizations:
Polaris_Management_Service_OAuth2

Responses

Response samples

Content type
application/json
{
  • "roles": [
    ]
}

createPrincipalRole

Create a principal role

-
Authorizations:
Polaris_Management_Service_OAuth2
Request Body schema: application/json
required

The principal to create

-
object (Polaris_Management_Service_PrincipalRole)

Responses

Request samples

Content type
application/json
{
  • "principalRole": {
    }
}

getPrincipalRole

Get the principal role details

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal role name

-

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "properties": {
    },
  • "createTimestamp": 0,
  • "lastUpdateTimestamp": 0,
  • "entityVersion": 0
}

updatePrincipalRole

Update an existing principalRole

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal role name

-
Request Body schema: application/json
required

The principalRole details to use in the update

-
currentEntityVersion
required
integer

The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version.

-
required
object

Responses

Request samples

Content type
application/json
{
  • "currentEntityVersion": 0,
  • "properties": {
    }
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "properties": {
    },
  • "createTimestamp": 0,
  • "lastUpdateTimestamp": 0,
  • "entityVersion": 0
}

deletePrincipalRole

Remove a principal role from polaris

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal role name

-

Responses

listAssigneePrincipalsForPrincipalRole

List the Principals to whom the target principal role has been assigned

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal role name

-

Responses

Response samples

Content type
application/json
{
  • "principals": [
    ]
}

listCatalogRolesForPrincipalRole

Get the catalog roles mapped to the principal role

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal role name

-
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog where the catalogRoles reside

-

Responses

Response samples

Content type
application/json
{
  • "roles": [
    ]
}

assignCatalogRoleToPrincipalRole

Assign a catalog role to a principal role

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal role name

-
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog where the catalogRoles reside

-
Request Body schema: application/json
required

The principal to create

-
object (Polaris_Management_Service_CatalogRole)

Responses

Request samples

Content type
application/json
{
  • "catalogRole": {
    }
}

revokeCatalogRoleFromPrincipalRole

Remove a catalog role from a principal role

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
principalRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The principal role name

-
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog that contains the role to revoke

-
catalogRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog role that should be revoked

-

Responses

listCatalogRoles

List existing roles in the catalog

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The catalog for which we are reading/updating roles

-

Responses

Response samples

Content type
application/json
{
  • "roles": [
    ]
}

createCatalogRole

Create a new role in the catalog

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The catalog for which we are reading/updating roles

-
Request Body schema: application/json
object (Polaris_Management_Service_CatalogRole)

Responses

Request samples

Content type
application/json
{
  • "catalogRole": {
    }
}

getCatalogRole

Get the details of an existing role

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The catalog for which we are retrieving roles

-
catalogRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the role

-

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "properties": {
    },
  • "createTimestamp": 0,
  • "lastUpdateTimestamp": 0,
  • "entityVersion": 0
}

updateCatalogRole

Update an existing role in the catalog

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The catalog for which we are retrieving roles

-
catalogRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the role

-
Request Body schema: application/json
currentEntityVersion
required
integer

The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version.

-
required
object

Responses

Request samples

Content type
application/json
{
  • "currentEntityVersion": 0,
  • "properties": {
    }
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "properties": {
    },
  • "createTimestamp": 0,
  • "lastUpdateTimestamp": 0,
  • "entityVersion": 0
}

deleteCatalogRole

Delete an existing role from the catalog. All associated grants will also be deleted

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The catalog for which we are retrieving roles

-
catalogRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the role

-

Responses

listAssigneePrincipalRolesForCatalogRole

List the PrincipalRoles to which the target catalog role has been assigned

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog where the catalog role resides

-
catalogRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog role

-

Responses

Response samples

Content type
application/json
{
  • "roles": [
    ]
}

listGrantsForCatalogRole

List the grants the catalog role holds

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog where the role will receive the grant

-
catalogRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the role receiving the grant (must exist)

-

Responses

Response samples

Content type
application/json
{
  • "grants": [
    ]
}

addGrantToCatalogRole

Add a new grant to the catalog role

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog where the role will receive the grant

-
catalogRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the role receiving the grant (must exist)

-
Request Body schema: application/json
object (Polaris_Management_Service_GrantResource)

Responses

Request samples

Content type
application/json
{
  • "grant": {
    }
}

revokeGrantFromCatalogRole

Delete a specific grant from the role. This may be a subset or a superset of the grants the role has. In case of a subset, the role will retain the grants not specified. If the cascade parameter is true, grant revocation will have a cascading effect - that is, if a principal has specific grants on a subresource, and grants are revoked on a parent resource, the grants present on the subresource will be revoked as well. By default, this behavior is disabled and grant revocation only affects the specified resource.

-
Authorizations:
Polaris_Management_Service_OAuth2
path Parameters
catalogName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the catalog where the role will receive the grant

-
catalogRoleName
required
string [ 1 .. 256 ] characters ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$

The name of the role receiving the grant (must exist)

-
query Parameters
cascade
boolean
Default: false

If true, the grant revocation cascades to all subresources.

-
Request Body schema: application/json
object (Polaris_Management_Service_GrantResource)

Responses

Request samples

Content type
application/json
{
  • "grant": {
    }
}

Configuration API

List all catalog configuration settings

All REST clients should first call this route to get catalog configuration properties from the server to configure the catalog and its HTTP client. Configuration from the server consists of two sets of key/value pairs.

-
    -
  • defaults - properties that should be used as default configuration; applied before client configuration
    • -
  • overrides - properties that should be used to override client configuration; applied after defaults and client configuration
    • -
-

Catalog configuration is constructed by setting the defaults, then client- provided configuration, and finally overrides. The final property set is then used to configure the catalog.

-

For example, a default configuration property might set the size of the client pool, which can be replaced with a client-specific setting. An override might be used to set the warehouse location, which is stored on the server rather than in client configuration.

-

Common catalog configuration settings are documented at https://iceberg.apache.org/docs/latest/configuration/#catalog-properties

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
query Parameters
warehouse
string

Warehouse location or identifier to request from the service

-

Responses

Response samples

Content type
application/json
{
  • "overrides": {
    },
  • "defaults": {
    }
}

OAuth2 API

Get a token using an OAuth2 flow

Exchange credentials for a token using the OAuth2 client credentials flow or token exchange.

-

This endpoint is used for three purposes -

-
    -
  1. To exchange client credentials (client ID and secret) for an access token This uses the client credentials flow.
    2. -
  2. To exchange a client token and an identity token for a more specific access token This uses the token exchange flow.
    3. -
  3. To exchange an access token for one with the same claims and a refreshed expiration period This uses the token exchange flow.
    4. -
-

For example, a catalog client may be configured with client credentials from the OAuth2 Authorization flow. This client would exchange its client ID and secret for an access token using the client credentials request with this endpoint (1). Subsequent requests would then use that access token.

-

Some clients may also handle sessions that have additional user context. These clients would use the token exchange flow to exchange a user token (the "subject" token) from the session for a more specific access token for that user, using the catalog's access token as the "actor" token (2). The user ID token is the "subject" token and can be any token type allowed by the OAuth2 token exchange flow, including a unsecured JWT token with a sub claim. This request should use the catalog's bearer token in the "Authorization" header.

-

Clients may also use the token exchange flow to refresh a token that is about to expire by sending a token exchange request (3). The request's "subject" token should be the expiring token. This request should use the subject token in the "Authorization" header.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_BearerAuth
header Parameters
Authorization
string
Request Body schema: application/x-www-form-urlencoded
required
Any of
grant_type
required
string
Value: "client_credentials"
scope
string
client_id
required
string

Client ID

-

This can be sent in the request body, but OAuth2 recommends sending it in a Basic Authorization header.

-
client_secret
required
string

Client secret

-

This can be sent in the request body, but OAuth2 recommends sending it in a Basic Authorization header.

-

Responses

Response samples

Content type
application/json
{
  • "access_token": "string",
  • "token_type": "bearer",
  • "expires_in": 0,
  • "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
  • "refresh_token": "string",
  • "scope": "string"
}

Catalog API

List namespaces, optionally providing a parent namespace to list underneath

List all namespaces at a certain level, optionally starting from a given parent namespace. If table accounting.tax.paid.info exists, using 'SELECT NAMESPACE IN accounting' would translate into GET /namespaces?parent=accounting and must return a namespace, ["accounting", "tax"] only. Using 'SELECT NAMESPACE IN accounting.tax' would translate into GET /namespaces?parent=accounting%1Ftax and must return a namespace, ["accounting", "tax", "paid"]. If parent is not provided, all top-level namespaces should be listed.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
query Parameters
pageToken
string or null (Apache_Iceberg_REST_Catalog_API_PageToken)

An opaque token that allows clients to make use of pagination for list APIs (e.g. ListTables). Clients may initiate the first paginated request by sending an empty query parameter pageToken to the server. -Servers that support pagination should identify the pageToken parameter and return a next-page-token in the response if there are more results available. After the initial request, the value of next-page-token from each response must be used as the pageToken parameter value for the next request. The server must return null value for the next-page-token in the last response. -Servers that support pagination must return all results in a single response with the value of next-page-token set to null if the query parameter pageToken is not set in the request. -Servers that do not support pagination should ignore the pageToken parameter and return all results in a single response. The next-page-token must be omitted from the response. -Clients must interpret either null or missing response value of next-page-token as the end of the listing results.

-
pageSize
integer >= 1

For servers that support pagination, this signals an upper bound of the number of results that a client will receive. For servers that do not support pagination, clients may receive results larger than the indicated pageSize.

-
parent
string
Example: parent=accounting%1Ftax

An optional namespace, underneath which to list namespaces. If not provided or empty, all top-level namespaces should be listed. If parent is a multipart namespace, the parts must be separated by the unit separator (0x1F) byte.

-

Responses

Response samples

Content type
application/json
Example
{
  • "namespaces": [
    ]
}

Create a namespace

Create a namespace, with an optional set of properties. The server might also add properties, such as last_modified_time etc.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
Request Body schema: application/json
required
namespace
required
Array of strings (Apache_Iceberg_REST_Catalog_API_Namespace)

Reference to one or more levels of a namespace

-
object
Default: {}

Configured string to string map of properties for the namespace

-

Responses

Request samples

Content type
application/json
{
  • "namespace": [
    ],
  • "properties": {
    }
}

Response samples

Content type
application/json
{
  • "namespace": [
    ],
  • "properties": {
    }
}

Load the metadata properties for a namespace

Return all stored metadata properties for a given namespace

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-

Responses

Response samples

Content type
application/json
{
  • "namespace": [
    ],
  • "properties": {
    }
}

Check if a namespace exists

Check if a namespace exists. The response does not contain a body.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Drop a namespace from the catalog. Namespace must be empty.

Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Set or remove properties on a namespace

Set and/or remove properties on a namespace. The request body specifies a list of properties to remove and a map of key value pairs to update. -Properties that are not in the request are not modified or removed by this call. -Server implementations are not required to support namespace properties.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
Request Body schema: application/json
required
removals
Array of strings unique
object

Responses

Request samples

Content type
application/json
{
  • "removals": [
    ],
  • "updates": {
    }
}

Response samples

Content type
application/json
{
  • "updated": [
    ],
  • "removed": [
    ],
  • "missing": [
    ]
}

List all table identifiers underneath a given namespace

Return all table identifiers under this namespace

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
query Parameters
pageToken
string or null (Apache_Iceberg_REST_Catalog_API_PageToken)

An opaque token that allows clients to make use of pagination for list APIs (e.g. ListTables). Clients may initiate the first paginated request by sending an empty query parameter pageToken to the server. -Servers that support pagination should identify the pageToken parameter and return a next-page-token in the response if there are more results available. After the initial request, the value of next-page-token from each response must be used as the pageToken parameter value for the next request. The server must return null value for the next-page-token in the last response. -Servers that support pagination must return all results in a single response with the value of next-page-token set to null if the query parameter pageToken is not set in the request. -Servers that do not support pagination should ignore the pageToken parameter and return all results in a single response. The next-page-token must be omitted from the response. -Clients must interpret either null or missing response value of next-page-token as the end of the listing results.

-
pageSize
integer >= 1

For servers that support pagination, this signals an upper bound of the number of results that a client will receive. For servers that do not support pagination, clients may receive results larger than the indicated pageSize.

-

Responses

Response samples

Content type
application/json
Example
{
  • "identifiers": [
    ]
}

Create a table in the given namespace

Create a table or start a create transaction, like atomic CTAS.

-

If stage-create is false, the table is created immediately.

-

If stage-create is true, the table is not created, but table metadata is initialized and returned. The service should prepare as needed for a commit to the table commit endpoint to complete the create transaction. The client uses the returned metadata to begin a transaction. To commit the transaction, the client sends all create and subsequent changes to the table commit route. Changes from the table create operation include changes like AddSchemaUpdate and SetCurrentSchemaUpdate that set the initial table state.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
header Parameters
X-Iceberg-Access-Delegation
string
Enum: "vended-credentials" "remote-signing"
Example: vended-credentials,remote-signing

Optional signal to the server that the client supports delegated access via a comma-separated list of access mechanisms. The server may choose to supply access via any or none of the requested mechanisms.

-

Specific properties and handling for vended-credentials is documented in the LoadTableResult schema section of this spec document.

-

The protocol and specification for remote-signing is documented in the s3-signer-open-api.yaml OpenApi spec in the aws module.

-
Request Body schema: application/json
required
name
required
string
location
string
required
object (Apache_Iceberg_REST_Catalog_API_Schema)
object (Apache_Iceberg_REST_Catalog_API_PartitionSpec)
object (Apache_Iceberg_REST_Catalog_API_SortOrder)
stage-create
boolean
object

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "location": "string",
  • "schema": {
    },
  • "partition-spec": {
    },
  • "write-order": {
    },
  • "stage-create": true,
  • "properties": {
    }
}

Response samples

Content type
application/json
{
  • "metadata-location": "string",
  • "metadata": {
    },
  • "config": {
    }
}

Register a table in the given namespace using given metadata file location

Register a table using given metadata file location.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
Request Body schema: application/json
required
name
required
string
metadata-location
required
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "metadata-location": "string"
}

Response samples

Content type
application/json
{
  • "metadata-location": "string",
  • "metadata": {
    },
  • "config": {
    }
}

Load a table from the catalog

Load a table from the catalog.

-

The response contains both configuration and table metadata. The configuration, if non-empty is used as additional configuration for the table that overrides catalog configuration. For example, this configuration may change the FileIO implementation to be used for the table.

-

The response also contains the table's full metadata, matching the table metadata JSON file.

-

The catalog configuration may contain credentials that should be used for subsequent requests for the table. The configuration key "token" is used to pass an access token to be used as a bearer token for table requests. Otherwise, a token may be passed using a RFC 8693 token type as a configuration key. For example, "urn:ietf:params:oauth:token-type:jwt=".

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
table
required
string
Example: sales

A table name

-
query Parameters
snapshots
string
Enum: "all" "refs"

The snapshots to return in the body of the metadata. Setting the value to all would return the full set of snapshots currently valid for the table. Setting the value to refs would load all snapshots referenced by branches or tags. -Default if no param is provided is all.

-
header Parameters
X-Iceberg-Access-Delegation
string
Enum: "vended-credentials" "remote-signing"
Example: vended-credentials,remote-signing

Optional signal to the server that the client supports delegated access via a comma-separated list of access mechanisms. The server may choose to supply access via any or none of the requested mechanisms.

-

Specific properties and handling for vended-credentials is documented in the LoadTableResult schema section of this spec document.

-

The protocol and specification for remote-signing is documented in the s3-signer-open-api.yaml OpenApi spec in the aws module.

-

Responses

Response samples

Content type
application/json
{
  • "metadata-location": "string",
  • "metadata": {
    },
  • "config": {
    }
}

Commit updates to a table

Commit updates to a table.

-

Commits have two parts, requirements and updates. Requirements are assertions that will be validated before attempting to make and commit changes. For example, assert-ref-snapshot-id will check that a named ref's snapshot ID has a certain value.

-

Updates are changes to make to table metadata. For example, after asserting that the current main ref is at the expected snapshot, a commit may add a new child snapshot and set the ref to the new snapshot id.

-

Create table transactions that are started by createTable with stage-create set to true are committed using this route. Transactions should include all changes to the table, including table initialization, like AddSchemaUpdate and SetCurrentSchemaUpdate. The assert-create requirement is used to ensure that the table was not created concurrently.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
table
required
string
Example: sales

A table name

-
Request Body schema: application/json
required
object (Apache_Iceberg_REST_Catalog_API_TableIdentifier)
required
Array of objects (Apache_Iceberg_REST_Catalog_API_TableRequirement)
required
Array of Apache_Iceberg_REST_Catalog_API_AssignUUIDUpdate (object) or Apache_Iceberg_REST_Catalog_API_UpgradeFormatVersionUpdate (object) or Apache_Iceberg_REST_Catalog_API_AddSchemaUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetCurrentSchemaUpdate (object) or Apache_Iceberg_REST_Catalog_API_AddPartitionSpecUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetDefaultSpecUpdate (object) or Apache_Iceberg_REST_Catalog_API_AddSortOrderUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetDefaultSortOrderUpdate (object) or Apache_Iceberg_REST_Catalog_API_AddSnapshotUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetSnapshotRefUpdate (object) or Apache_Iceberg_REST_Catalog_API_RemoveSnapshotsUpdate (object) or Apache_Iceberg_REST_Catalog_API_RemoveSnapshotRefUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetLocationUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetPropertiesUpdate (object) or Apache_Iceberg_REST_Catalog_API_RemovePropertiesUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetStatisticsUpdate (object) or Apache_Iceberg_REST_Catalog_API_RemoveStatisticsUpdate (object) (Apache_Iceberg_REST_Catalog_API_TableUpdate)

Responses

Request samples

Content type
application/json
{
  • "identifier": {
    },
  • "requirements": [
    ],
  • "updates": [
    ]
}

Response samples

Content type
application/json
{
  • "metadata-location": "string",
  • "metadata": {
    }
}

Drop a table from the catalog

Remove a table from the catalog

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
table
required
string
Example: sales

A table name

-
query Parameters
purgeRequested
boolean
Default: false

Whether the user requested to purge the underlying table's data and metadata

-

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Check if a table exists

Check if a table exists within a given namespace. The response does not contain a body.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
table
required
string
Example: sales

A table name

-

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Rename a table from its current name to a new name

Rename a table from one identifier to another. It's valid to move a table across namespaces, but the server implementation is not required to support it.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
Request Body schema: application/json
required

Current table identifier to rename and new table identifier to rename to

-
required
object (Apache_Iceberg_REST_Catalog_API_TableIdentifier)
required
object (Apache_Iceberg_REST_Catalog_API_TableIdentifier)

Responses

Request samples

Content type
application/json
{
  • "source": {
    },
  • "destination": {
    }
}

Response samples

Content type
application/json
{
  • "error": {
    }
}

Send a metrics report to this endpoint to be processed by the backend

Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
table
required
string
Example: sales

A table name

-
Request Body schema: application/json
required

The request containing the metrics report to be sent

-
Any of
table-name
required
string
snapshot-id
required
integer <int64>
required
Apache_Iceberg_REST_Catalog_API_AndOrExpression (object) or Apache_Iceberg_REST_Catalog_API_NotExpression (object) or Apache_Iceberg_REST_Catalog_API_SetExpression (object) or Apache_Iceberg_REST_Catalog_API_LiteralExpression (object) or Apache_Iceberg_REST_Catalog_API_UnaryExpression (object) (Apache_Iceberg_REST_Catalog_API_Expression)
schema-id
required
integer
projected-field-ids
required
Array of integers
projected-field-names
required
Array of strings
required
object (Apache_Iceberg_REST_Catalog_API_Metrics)
object
report-type
required
string

Responses

Request samples

Content type
application/json
Example
{
  • "table-name": "string",
  • "snapshot-id": 0,
  • "filter": {
    },
  • "schema-id": 0,
  • "projected-field-ids": [
    ],
  • "projected-field-names": [
    ],
  • "metrics": {
    },
  • "metadata": {
    },
  • "report-type": "string"
}

Response samples

Content type
application/json
{
  • "error": {
    }
}

Sends a notification to the table

Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
table
required
string
Example: sales

A table name

-
Request Body schema: application/json
required

The request containing the notification to be sent. -For each table, Polaris will reject any notification where the timestamp in the request body is older than or equal to the most recent time Polaris has already processed for the table. The responsibility of ensuring the correct order of timestamps for a sequence of notifications lies with the caller of the API. This includes managing potential clock skew or inconsistencies when notifications are sent from multiple sources. -A VALIDATE request behaves like a dry-run of a CREATE or UPDATE request up to but not including loading the contents of a metadata file; this includes validations of permissions, the specified metadata path being within ALLOWED_LOCATIONS, having an EXTERNAL catalog, etc. The intended use case for a VALIDATE notification is to allow a remote catalog to pre-validate the general settings of a receiving catalog against an intended new table location before possibly creating a table intended for sending notifcations in the remote catalog at all. For a VALIDATE request, the specified metadata-location can either be a prospective full metadata file path, or a relevant parent directory of the intended table to validate against ALLOWED_LOCATIONS.

-
notification-type
required
string (Apache_Iceberg_REST_Catalog_API_NotificationType)
Enum: "UNKNOWN" "CREATE" "UPDATE" "DROP" "VALIDATE"
required
object (Apache_Iceberg_REST_Catalog_API_TableUpdateNotification)

Responses

Request samples

Content type
application/json
{
  • "notification-type": "UNKNOWN",
  • "payload": {
    }
}

Response samples

Content type
application/json
{
  • "error": {
    }
}

Commit updates to multiple tables in an atomic operation

Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
Request Body schema: application/json
required

Commit updates to multiple tables in an atomic operation

-

A commit for a single table consists of a table identifier with requirements and updates. Requirements are assertions that will be validated before attempting to make and commit changes. For example, assert-ref-snapshot-id will check that a named ref's snapshot ID has a certain value.

-

Updates are changes to make to table metadata. For example, after asserting that the current main ref is at the expected snapshot, a commit may add a new child snapshot and set the ref to the new snapshot id.

-
required
Array of objects (Apache_Iceberg_REST_Catalog_API_CommitTableRequest)

Responses

Request samples

Content type
application/json
{
  • "table-changes": [
    ]
}

Response samples

Content type
application/json
{
  • "error": {
    }
}

List all view identifiers underneath a given namespace

Return all view identifiers under this namespace

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
query Parameters
pageToken
string or null (Apache_Iceberg_REST_Catalog_API_PageToken)

An opaque token that allows clients to make use of pagination for list APIs (e.g. ListTables). Clients may initiate the first paginated request by sending an empty query parameter pageToken to the server. -Servers that support pagination should identify the pageToken parameter and return a next-page-token in the response if there are more results available. After the initial request, the value of next-page-token from each response must be used as the pageToken parameter value for the next request. The server must return null value for the next-page-token in the last response. -Servers that support pagination must return all results in a single response with the value of next-page-token set to null if the query parameter pageToken is not set in the request. -Servers that do not support pagination should ignore the pageToken parameter and return all results in a single response. The next-page-token must be omitted from the response. -Clients must interpret either null or missing response value of next-page-token as the end of the listing results.

-
pageSize
integer >= 1

For servers that support pagination, this signals an upper bound of the number of results that a client will receive. For servers that do not support pagination, clients may receive results larger than the indicated pageSize.

-

Responses

Response samples

Content type
application/json
Example
{
  • "identifiers": [
    ]
}

Create a view in the given namespace

Create a view in the given namespace.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
Request Body schema: application/json
required
name
required
string
location
string
required
object (Apache_Iceberg_REST_Catalog_API_Schema)
required
object (Apache_Iceberg_REST_Catalog_API_ViewVersion)
required
object

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "location": "string",
  • "schema": {
    },
  • "view-version": {
    },
  • "properties": {
    }
}

Response samples

Content type
application/json
{
  • "metadata-location": "string",
  • "metadata": {
    },
  • "config": {
    }
}

Load a view from the catalog

Load a view from the catalog.

-

The response contains both configuration and view metadata. The configuration, if non-empty is used as additional configuration for the view that overrides catalog configuration.

-

The response also contains the view's full metadata, matching the view metadata JSON file.

-

The catalog configuration may contain credentials that should be used for subsequent requests for the view. The configuration key "token" is used to pass an access token to be used as a bearer token for view requests. Otherwise, a token may be passed using a RFC 8693 token type as a configuration key. For example, "urn:ietf:params:oauth:token-type:jwt=".

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
view
required
string
Example: sales

A view name

-

Responses

Response samples

Content type
application/json
{
  • "metadata-location": "string",
  • "metadata": {
    },
  • "config": {
    }
}

Replace a view

Commit updates to a view.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
view
required
string
Example: sales

A view name

-
Request Body schema: application/json
required
object (Apache_Iceberg_REST_Catalog_API_TableIdentifier)
Array of objects (Apache_Iceberg_REST_Catalog_API_ViewRequirement)
required
Array of Apache_Iceberg_REST_Catalog_API_AssignUUIDUpdate (object) or Apache_Iceberg_REST_Catalog_API_UpgradeFormatVersionUpdate (object) or Apache_Iceberg_REST_Catalog_API_AddSchemaUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetLocationUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetPropertiesUpdate (object) or Apache_Iceberg_REST_Catalog_API_RemovePropertiesUpdate (object) or Apache_Iceberg_REST_Catalog_API_AddViewVersionUpdate (object) or Apache_Iceberg_REST_Catalog_API_SetCurrentViewVersionUpdate (object) (Apache_Iceberg_REST_Catalog_API_ViewUpdate)

Responses

Request samples

Content type
application/json
{
  • "identifier": {
    },
  • "requirements": [
    ],
  • "updates": [
    ]
}

Response samples

Content type
application/json
{
  • "metadata-location": "string",
  • "metadata": {
    },
  • "config": {
    }
}

Drop a view from the catalog

Remove a view from the catalog

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
view
required
string
Example: sales

A view name

-

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Check if a view exists

Check if a view exists within a given namespace. This request does not return a response body.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
namespace
required
string
Examples:
  • accounting -
  • accounting%1Ftax -

A namespace identifier as a single string. Multipart namespace parts should be separated by the unit separator (0x1F) byte.

-
view
required
string
Example: sales

A view name

-

Responses

Response samples

Content type
application/json
{
  • "error": {
    }
}

Rename a view from its current name to a new name

Rename a view from one identifier to another. It's valid to move a view across namespaces, but the server implementation is not required to support it.

-
Authorizations:
Apache_Iceberg_REST_Catalog_API_OAuth2Apache_Iceberg_REST_Catalog_API_BearerAuth
path Parameters
prefix
required
string

An optional prefix in the path

-
Request Body schema: application/json
required

Current view identifier to rename and new view identifier to rename to

-
required
object (Apache_Iceberg_REST_Catalog_API_TableIdentifier)
required
object (Apache_Iceberg_REST_Catalog_API_TableIdentifier)

Responses

Request samples

Content type
application/json
{
  • "source": {
    },
  • "destination": {
    }
}

Response samples

Content type
application/json
{
  • "error": {
    }
}
- - - - diff --git a/site/.gitignore b/site/.gitignore new file mode 100644 index 000000000..daee24583 --- /dev/null +++ b/site/.gitignore @@ -0,0 +1,25 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +content/releases/ + +# Created/generated when running Hugo on the local host +.hugo_build.lock +public/ +resources/_gen/ diff --git a/site/README.md b/site/README.md new file mode 100644 index 000000000..c21f3af6e --- /dev/null +++ b/site/README.md @@ -0,0 +1,210 @@ + + +Links: +* Hugo: https://gohugo.io/ +* Docsy theme: https://www.docsy.dev/docs/ and https://github.com/google/docsy/ +* Asciidoc help: https://docs.asciidoctor.org/asciidoc/latest/ +* Fontawesome logos/icons: https://fontawesome.com/v6/search?o=r&m=free + +# Quickstart + +Just run the following command to let Hugo serve files from the Polaris `site/`. +```bash +site/bin/run-hugo-in-docker.sh +``` + +Then point your browser to http://localhost:1313/ + +Then edit files from your IDE - you will see the changes in your browser. When changing the site structure, +it is often necessary to restart Hugo - just run `site/bin/run-hugo-in-docker.sh` again. + +# Building the static site + +## Building a static site - served at http://localhost:8080/ + +This builds the static Apache Polaris site into `site/build/localhost-site` to be served using a http daemon. +The base URL will be `https://localhost:8080/`, which is the URL to be used when running the command below. +(Note: static sites generated by Hugo do **not** work when opening the files from the local file system!) + +Run +```bash +site/bin/create-static-site.sh --local +``` + +## Building the Apache Polaris site + +This builds the static Apache Polaris site into `site/build/apache-site`. The base URL will be +`https://polaris.apache.org/` (as configured in `hugo.yaml`). +(Note: static sites generated by Hugo do **not** work when opening the files from the local file system!) + +Run +```bash +site/bin/create-static-site.sh +``` + +# Versioned docs + +(See [`/releases/` page](content/releases/_index.adoc) as well.) + +The idea here is that docs of releases live in either a separate branch or a separate Git repo. + +The `/releases` folder would _not_ be in the main Polaris repository (at least not in any code branch). It would be +mounted either via `git worktree` or `git clone`. Building and testing the site locally works without the `/releases` +folder. For developers, it is probably much easier to have a separate branch in the main Polaris GitHub repository +and leverage Git worktrees. + +Docs for the current code branch (e.g. `main` branch) are maintained in the `/in-dev/unreleased` folder. While we +could maintain the docs right in the `/in-dev` folder, having the in-dev docs in `/in-dev/unreleased` provides the +ability to use relative links that still work when the docs are in an `/releases/x.y.z` folder (think: links like +`../../guides/foo-bar.md`). + +Within a release's versioned docs folder, the release version number can be included in the markdown using the +custom Hugo shortcode `{{< releaseVersion >}}`. + +## Git worktree + +The `content/releases/` folder is maintained in the separate `versioned-docs` branch. The whole `content/releases/` +folder is `.gitignore`d in the main source tree, otherwise Git complains about `content/releases` not being versioned +and if added to the main source tree (possible, Git allows that), the `git worktree add` below would complain about +the existing directory. + +### Initial setup + +```bash +cd site/ + +cd content/releases/ +# Create a new empty branch 'versioned-docs' +git worktree add --orphan -b versioned-docs . +# (add some content to the content/releases/ directory - at least the "top-level" _index.adoc +git add . +git commit -m "Initial set of releases" +``` + +### Locally + +Use the following script to checkout the versioned release docs +```bash +cd site/ +# Checkout the versioned-docs branch locally +bin/checkout-releases.sh +``` + +`bin/remove-releases.sh` removes the `content/releases` folder, if it does not contain uncommitted changes. + +## New release + +When a release is created, a bunch of things would happen via an automated GitHub workflow calling a shell script +in the main source tree: + +1. The releases versioned docs folder is created - for example: `/releases/0.1.0` +2. The contents of the `/in-dev/unreleased` folder are copied into the directory for the new release. + 1. The file `release_index.md` would be copied as `_index.md` into the new release's + versioned docs folder, the `/in-dev/unreleased/_index.md` would not end in the release's versioned docs folder. +3. The front-matter of the release's `_index.md` would be rewritten. +4. The new release is added to `params.active_releases` in `hugo.yaml` +5. When publishing a new release for the most recent major/minor version: + 1. The new release's `_index.md` would be generated with `exclude_search: false` + 2. The front-matter of the previous release's `_index.md` would be updated, + `exclude_search: false` changed to `exclude_search: true`. +6. When publishing a new release for an older major/minor version: + 1. The new release's `_index.md` would be generated with `exclude_search: true` +7. Changes to the site added and committed to Git +8. Changes pushed to GitHub - both the `main` and the `versioned-docs` folder +9. The last step triggers the job to publish the web site + +# Web site publishing (production) + +To build a site locally (not required for `hugo serve -D`, but required for `hugo`) - with your local user. + +This would be a GitHub workflow. + +1. Triggered when the `main` branch or the `versioned-docs` branch changes. +2. Checkout the `main` branch +3. ```bash + cd site/ + ``` +4. ```bash + git worktree add content/releases/ versioned-docs + ``` +5. ```bash + npm i -D postcss postcss-cli autoprefixer + ``` +6. ```bash + rm -rf public ; hugo --minify --gc + ``` +7. Publish the contents of the `public` folder to the website. + +## Test statically built web site locally + +The statically built web site in `public` _does not_ work when opened from the file system. + +Instead, do something like this: + +1. ```bash + rm -rf public ; hugo --minify --gc --baseURL http://localhost:8080/ + (cd public/ ; http-server -p 8080 --cors) + ``` +2. Then use your web browser to open http://localhost:8080/ + +# Noteworthy + +* The `redoc` shortcode works fine with `hugo serve` and on the static site configured via the `baseURL` in `hugo.yaml`. + To test the static build result locally, it is mandatory to pass the `--baseURL` option to `hugo`. +* The embedded `redoc` looks awful with a dark theme. +* The `swaggerui` shortcode doesn't seem to work? +* Some changes, especially those that change the site structure, requires a restart of `hugo serve -D`. This is also + true when the layout for the `robots.txt` is changed. + +# Install Hugo + asciidoctor locally + +https://gohugo.io/installation/ + +## Ubuntu + +To develop the site locally (aka `hugo serve -D`), install the following dependencies using the `root` user: +```bash +apt install hugo asciidoctor +snap install dart-sass +``` + +If you want to build the static site locally as well (aka build with `hugo` + serve using another http server), +the following dependencies are needed as well (non-root user): +```bash +npm i -D postcss postcss-cli autoprefixer +npm install http-server -g +``` + +## macOS + +To develop the site locally (aka `hugo serve -D`), install the following dependencies: +```bash +brew install go +brew install hugo +brew install asciidoctor +``` + +If you want to build the static site locally as well (aka build with `hugo` + serve using another http server), +the following dependencies are needed as well (non-root user): +```bash +brew install npm +npm -i -D postcss postcss-cli autoprefixer +npm install http-server -g +``` diff --git a/site/assets/icons/logo.svg b/site/assets/icons/logo.svg new file mode 100644 index 000000000..8b05ce238 --- /dev/null +++ b/site/assets/icons/logo.svg @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/site/assets/scss/_styles_project.scss b/site/assets/scss/_styles_project.scss new file mode 100644 index 000000000..f5c8ca3f2 --- /dev/null +++ b/site/assets/scss/_styles_project.scss @@ -0,0 +1,26 @@ +/*! + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +.td-navbar .navbar-brand svg { + height: 2.5rem; +} + +.td-sidebar-toc { + padding-top: 1.75rem; +} diff --git a/site/bin/_hugo-docker-include.sh b/site/bin/_hugo-docker-include.sh new file mode 100644 index 000000000..8f2bdc36a --- /dev/null +++ b/site/bin/_hugo-docker-include.sh @@ -0,0 +1,76 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +DOCKER="$(which docker > /dev/null && echo docker || echo podman)" +COMPOSE="$(which docker-compose > /dev/null && echo docker-compose || echo podman-compose)" + +# absolute path to the Polaris workspace, for the volume mount +WORKSPACE="$(pwd)" +export WORKSPACE + +# Mount options for the Polaris workspace / slight difference between Podman + docker / Linux + macOS. +# The Linux specialties are there to ensure that neither Docker nor Podman "mess up" file/directory ownership +# to for example root or an ephemeral UID/GID (rootless). Git for example gets quite annoyed when the owner +# of the worktree changes and then refuses to consider it as a valid Git worktree (aka git commands don't work). +MOUNT_OPTS_WORKSPACE="bind" +UID_GID="" +MOUNT_OPTS_RESOURCES="" +COMPOSE_ARGS="" +case "$(uname)" in + Linux) + # Don't do the Linux specific UID/GID dance in CI, it uses "low" UID/GID, not "real user" ones (>= 1000). + # And there's no human who cares about broken ownership on the workspace directories/files in CI. + if [[ -z ${CI} ]] ; then + # Mount options + MOUNT_OPTS_RESOURCES="uid=$(id -u),gid=$(id -g)" + + # Needed for podman on Linux, so it doesn't "chown" the Polaris workspace to an ephemeral UID (Linux only) + MOUNT_OPTS_WORKSPACE="bind,$MOUNT_OPTS_RESOURCES" + + # uid/gid option for the container + UID_GID="$(id -u):$(id -g)" + + if [[ ${COMPOSE} == "podman-compose" ]]; then + # Let podman use the user's UID+GID in the running container + COMPOSE_ARGS="--podman-run-args=--userns=keep-id" + fi + fi + ;; +esac +export MOUNT_OPTS_WORKSPACE MOUNT_OPTS_RESOURCES UID_GID + +mkdir -p site/build/hugo-cache + +# Cleanup before start and on exist / just to be on the "safe side" +function cleanup() { + $COMPOSE \ + --project-name polaris_site \ + --file site/docker/docker-compose-publish.yml \ + down > /dev/null 2>&1 || true + $COMPOSE \ + --project-name polaris_site \ + --file site/docker/docker-compose-hugo.yml \ + down > /dev/null 2>&1 || true + $DOCKER container rm -f polaris_site-hugo-1 polaris_site-hugo_publish_localhost8080-1 polaris_site-hugo_publish_apache-1 > /dev/null 2>&1 || true + $DOCKER volume rm -f polaris_site_resources polaris_site_workspace polaris_site_hugo_cache > /dev/null 2>&1 || true +} + +cleanup + +trap 'cleanup' EXIT diff --git a/site/bin/checkout-releases.sh b/site/bin/checkout-releases.sh new file mode 100755 index 000000000..13bb1b318 --- /dev/null +++ b/site/bin/checkout-releases.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +set -e + +cd "$(dirname "$0")/.." + +git worktree prune + +if [[ -d content/releases ]] ; then + echo "Directory content/releases already exists" + exit 1 +fi + +git worktree add content/releases versioned-docs diff --git a/site/bin/create-static-site.sh b/site/bin/create-static-site.sh new file mode 100755 index 000000000..59c57867a --- /dev/null +++ b/site/bin/create-static-site.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# Script to create the static website. Default is to create the static site for polaris.apache.org. +# The --local command line option also builds the static site to inspect it locally, it starts an +# http server for that purpose. + +set -e + +cd "$(dirname "$0")/../.." +. "site/bin/_hugo-docker-include.sh" + +SERVICE=hugo_publish_apache + +while [[ $# -gt 0 ]]; do + case $1 in + --local) + SERVICE=hugo_publish_localhost8080 + shift + ;; + *) + echo "Unknown option/argument $1" + exit 1 + ;; + esac +done + +$COMPOSE \ + --project-name polaris_site \ + --file site/docker/docker-compose-publish.yml \ + $COMPOSE_ARGS \ + up \ + --build \ + --abort-on-container-exit \ + --exit-code-from $SERVICE \ + $SERVICE diff --git a/site/bin/remove-releases.sh b/site/bin/remove-releases.sh new file mode 100755 index 000000000..4a067d038 --- /dev/null +++ b/site/bin/remove-releases.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +set -e + +cd "$(dirname "$0")/.." + +if [[ ! -d content/releases ]] ; then + echo "Directory content/releases does not exists" + exit 1 +fi + +cd content/releases +if git diff-index --quiet HEAD -- ; then + cd ../.. + rm -rf content/releases + git worktree prune +else + echo "Directory content/releases contains uncommitted changes" + exit 1 +fi diff --git a/site/bin/run-hugo-in-docker.sh b/site/bin/run-hugo-in-docker.sh new file mode 100755 index 000000000..33c58d6ba --- /dev/null +++ b/site/bin/run-hugo-in-docker.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# Script to run `hugo serve` within a container. + +set -e + +cd "$(dirname "$0")/../.." +. "site/bin/_hugo-docker-include.sh" + +$COMPOSE \ + --project-name polaris_site \ + --file site/docker/docker-compose-hugo.yml \ + $COMPOSE_ARGS \ + up \ + --build \ + --abort-on-container-exit \ + --exit-code-from hugo diff --git a/site/bin/stop-hugo-in-docker.sh b/site/bin/stop-hugo-in-docker.sh new file mode 100755 index 000000000..3215e0957 --- /dev/null +++ b/site/bin/stop-hugo-in-docker.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +set -e + +cd "$(dirname "$0")/../.." +. "site/bin/_hugo-docker-include.sh" + +# The included script calls the cleanup function for us - this is what this script is supposed to do. diff --git a/site/content/_index.adoc b/site/content/_index.adoc new file mode 100644 index 000000000..d9dec6d2c --- /dev/null +++ b/site/content/_index.adoc @@ -0,0 +1,53 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +title: "Apache Polaris" +type: home +cascade: + no_list: true +--- +{{< blocks/cover title="Welcome to the Apache Polaris™ (incubating) web site!" image_anchor="center" color="primary" >}} +Apache Polaris is an open-source, fully-featured catalog for Apache Iceberg™. It implements Iceberg's REST API, enabling seamless multi-engine interoperability across a wide range of platforms, including Apache Doris™, Apache Flink®, Apache Spark™, StarRocks, and Trino. +{{< /blocks/cover >}} + +image::images/Polaris-Catalog-BLOG-symmetrical-subhead.png[Polaris Catalog] + +{{< blocks/section color="dark" type="row" >}} +{{% blocks/feature icon="fa-lightbulb" title="Join the community!" url="https://polaris-catalog.zulipchat.com/" url_text="Chat with us" %}} +Chat with users and project developers! +{{% /blocks/feature %}} +{{% blocks/feature icon="fa-brands fa-github" title="Contributions welcome!" url="https://github.com/apache/polaris/pulls" url_text="Polaris Pull Requests" %}} +We do a https://github.com/apache/polaris/pulls[Pull Request] contributions workflow on **GitHub**. New users are always welcome! +{{% /blocks/feature %}} +{{% blocks/feature icon="fa fa-envelope" title="Join our mailing list" url="https://lists.apache.org/list.html?dev@polaris.apache.org" url_text="Subscribe" %}} +For announcement and discussions about the project. +{{% /blocks/feature %}} +{{< /blocks/section >}} + +{{< blocks/section color="dark" >}} +

+ +

+

+Apache Polaris™ is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. +

+

+Apache®, Apache Polaris™, Apache Iceberg™, Apache Spark™ are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. +

+{{< /blocks/section >}} diff --git a/site/content/blog/2024/10/01/dummy-post.md b/site/content/blog/2024/10/01/dummy-post.md new file mode 100644 index 000000000..2d34263d4 --- /dev/null +++ b/site/content/blog/2024/10/01/dummy-post.md @@ -0,0 +1,24 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +title: Dummy Post +date: 2024-10-01 +--- + +Just a dummy diff --git a/site/content/blog/_index.adoc b/site/content/blog/_index.adoc new file mode 100644 index 000000000..ec20c7813 --- /dev/null +++ b/site/content/blog/_index.adoc @@ -0,0 +1,31 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: "Blog" +title: "Apache Polaris Blog" +weight: 200 +cascade: + - type: "blog" +# TODO remove when adding the first post +top_hidden: true +toc_hide: true +hide_summary: true +--- + += Blog diff --git a/site/content/chat-bylaws.md b/site/content/chat-bylaws.md new file mode 120000 index 000000000..b28aebe2c --- /dev/null +++ b/site/content/chat-bylaws.md @@ -0,0 +1 @@ +../../CHAT_BYLAWS.md \ No newline at end of file diff --git a/site/content/code-of-conduct.md b/site/content/code-of-conduct.md new file mode 120000 index 000000000..a3613c99f --- /dev/null +++ b/site/content/code-of-conduct.md @@ -0,0 +1 @@ +../../CODE_OF_CONDUCT.md \ No newline at end of file diff --git a/site/content/community/_index.adoc b/site/content/community/_index.adoc new file mode 100644 index 000000000..c9ce0515a --- /dev/null +++ b/site/content/community/_index.adoc @@ -0,0 +1,97 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: 'Community' +title: 'Apache Polaris Community' +weight: 300 +params: + contributingUrl: "/community/contributing-guidelines" +cascade: + type: docs +--- + +{{< blocks/section color="white" type="row" >}} +{{% blocks/feature icon="fa-solid fa-graduation-cap" title="Learn, Connect and Collaborate" %}} +[cols="2,3"] +|=== +| link:https://polaris-catalog.zulipchat.com/[Zulip] +| Our public chat, open to everybody + +| link:./meetings/[Community Meetings] +| Upcoming, live and recorded Community Meetings + +| link:./proposals/[Proposals] +| Proposals about bigger topics + +| link:https://github.com/apache/polaris[GitHub] +| Development takes place here! + +| link:./code-of-conduct/[Code of Conduct] +| Code of Conduct + +| link:./chat-bylaws/[Chat Bylaws] +| A few rules around our public chat as a collaboration tool for the project. + +| link:./contributing-guidelines/[Contribution Guidelines] +| How to contribute to Apache Polaris +|=== +{{% /blocks/feature %}} + +{{% blocks/feature icon="fa fa-envelope" title="All Mailing Lists" %}} +[cols="3,3"] +|=== +| Development oriented content +| mailto:dev-subscribe@polaris.apache.org[Subscribe to dev@] + + link:https://lists.apache.org/list.html?polaris.apache.org[Mailing List Archives,window=_blank] +| Notifications about GitHub issues and PRs +| mailto:issues-subscribe@polaris.apache.org[Subscribe to issues@] + + link:https://lists.apache.org/list.html?polaris.apache.org[Mailing List Archives,window=_blank] +| Notifications about Git commits +| mailto:commits-subscribe@polaris.apache.org[Subscribe to commits@] + + link:https://lists.apache.org/list.html?polaris.apache.org[Mailing List Archives,window=_blank] +|=== +{{% /blocks/feature %}} + +{{% blocks/feature icon="fa-solid fa-people-group" title="Team" %}} +[cols="4,1,3"] +|=== + +| https://github.com/annafil[Anna Filippova] | Committer | link:https://www.snowflake.com/[Snowflake] +| Anoop Johnson | PPMC | link:https://www.google.com/[Google] +| https://github.com/ashvina[Ashvin Agrawal] | PPMC | link:https://www.microsoft.com/[Microsoft] +| Bertrand Delacretaz | Mentor | +| https://github.com/eric-maynard[Eric Maynard] | Committer | link:https://www.snowflake.com/[Snowflake] +| Holden Karau | Mentor | +| https://github.com/jackye1995[Jack Ye] | PPMC | link:https://aws.amazon.com/[Amazon] +| https://github.com/jbonofre[JB Onofre] | PPMC & Mentor | link:https://www.dremio.com/[Dremio] +| https://github.com/vvcephei[John Roesler] | PPMC | link:https://www.confluent.io/[Confluent] +| Kent Yao | Mentor | +| https://github.com/collado-mike[Michael Collado] | Committer | link:https://www.snowflake.com/[Snowflake] +| https://github.com/snazy[Robert Stupp] | PPMC | link:https://www.dremio.com/[Dremio] +| https://github.com/russellspitzer[Russell Spitzer] | PPMC | link:https://www.snowflake.com/[Snowflake] +| Ryan Blue | Mentor | +| https://github.com/takidau:[Tyler Akidau] | PPMC | link:https://www.snowflake.com/[Snowflake] +| https://github.com/flyrain[Yufei Gu] | Committer | link:https://www.snowflake.com/[Snowflake] +| https://github.com/ebyhr[Yuya Ebihara] | Committer | link:https://www.starburst.io/[Starburst] +|=== +{{% /blocks/feature %}} +{{< /blocks/section >}} diff --git a/site/content/community/chat-bylaws.md b/site/content/community/chat-bylaws.md new file mode 100644 index 000000000..520732e18 --- /dev/null +++ b/site/content/community/chat-bylaws.md @@ -0,0 +1,25 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: Chat Bylaws +type: docs +weight: 400 +--- + +{{< readfile "/chat-bylaws.md" >}} diff --git a/site/content/community/code-of-conduct.md b/site/content/community/code-of-conduct.md new file mode 100644 index 000000000..060fe605e --- /dev/null +++ b/site/content/community/code-of-conduct.md @@ -0,0 +1,25 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: Code Of Conduct +type: docs +weight: 300 +--- + +{{< readfile "/code-of-conduct.md" >}} diff --git a/site/content/community/contributing-guidelines.md b/site/content/community/contributing-guidelines.md new file mode 100644 index 000000000..8b9339059 --- /dev/null +++ b/site/content/community/contributing-guidelines.md @@ -0,0 +1,25 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: Contributing Guidelines +type: docs +weight: 500 +--- + +{{< readfile "/contributing-to-polaris.md" >}} diff --git a/site/content/community/meetings/2024/_index.adoc b/site/content/community/meetings/2024/_index.adoc new file mode 100644 index 000000000..838d0d82e --- /dev/null +++ b/site/content/community/meetings/2024/_index.adoc @@ -0,0 +1,44 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: '2024' +title: 'Apache Polaris Community Meetings in 2024' +--- + +== Upcoming Meetings + +We will have a community meeting shortly, stay tuned... + +//// +https://polaris.apache.org/[Agenda for upcoming Community Meetings] +//// + +//// +== Past Meetings + +[cols="1,3,3"] +|=== +| Date | Notes | Recording + +| 2024-08-30 +| Meeting Notes +| {{< youtube id=xyz loading=lazy title="Not a Polaris meeting" >}} + +|=== +//// diff --git a/site/content/community/meetings/_index.adoc b/site/content/community/meetings/_index.adoc new file mode 100644 index 000000000..318df290d --- /dev/null +++ b/site/content/community/meetings/_index.adoc @@ -0,0 +1,26 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: 'Meetings' +title: 'Apache Polaris Community Meetings' +weight: 100 +cascade: + type: docs + no_list: false +--- diff --git a/site/content/community/proposals.adoc b/site/content/community/proposals.adoc new file mode 100644 index 000000000..0a4264eed --- /dev/null +++ b/site/content/community/proposals.adoc @@ -0,0 +1,56 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: 'Proposals' +title: 'Apache Polaris Proposals' +weight: 200 +type: docs +# TODO remove when adding the first proposal +toc_hide: true +hide_summary: true +--- + +== Active Proposals + +[cols="4,2,4,4"] +|=== +| Topic | Date Created | Proposal Document | Dev-list discussion + +| Sample topic placeholder +| 2024/09/06 +| Link to Google Doc +| Link to dev-mailing list discussion + +|=== + + +== Previous Proposals + + +[cols="4,2,4,4,2"] +|=== +| Topic | Date Created | Proposal Document | Dev-list discussion + vote | Resolution + +| Sample topic placeholder +| 2024/09/06 +| Link to Google Doc +| Link to dev-mailing list discussion +| Accepted + +|=== diff --git a/site/content/contributing-to-polaris.md b/site/content/contributing-to-polaris.md new file mode 120000 index 000000000..f939e75f2 --- /dev/null +++ b/site/content/contributing-to-polaris.md @@ -0,0 +1 @@ +../../CONTRIBUTING.md \ No newline at end of file diff --git a/site/content/guides/_index.adoc b/site/content/guides/_index.adoc new file mode 100644 index 000000000..e86c6201c --- /dev/null +++ b/site/content/guides/_index.adoc @@ -0,0 +1,31 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: "Guides" +title: "Apache Polaris Guides" +weight: 200 +cascade: + type: docs +# TODO remove when adding the first proposal +top_hidden: true +toc_hide: true +hide_summary: true +--- + += Guides diff --git a/site/content/in-dev/_index.md b/site/content/in-dev/_index.md new file mode 100644 index 000000000..d3682b20f --- /dev/null +++ b/site/content/in-dev/_index.md @@ -0,0 +1,24 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# Hide `/in-dev/` +toc_hide: true +hide_summary: true +exclude_search: true +--- diff --git a/site/content/in-dev/release_index.md b/site/content/in-dev/release_index.md new file mode 100644 index 000000000..e8f38dbfa --- /dev/null +++ b/site/content/in-dev/release_index.md @@ -0,0 +1,35 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +title: 'POLARIS VERSION INDEX MD TEMPLATE' +toc_hide: true +hide_summary: true +params: + show_page_toc: false +cascade: + # The latest release specifies 'false', all others must be 'true' + exclude_search: false + params: + show_page_toc: true +# This file will be copied as `_index.md` into a new release's versioned docs folder. +--- + +== Apache Polaris version {{< releaseVersion >}} + +Download from ... diff --git a/site/content/in-dev/unreleased/_index.md b/site/content/in-dev/unreleased/_index.md new file mode 100644 index 000000000..22dbad89d --- /dev/null +++ b/site/content/in-dev/unreleased/_index.md @@ -0,0 +1,44 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: 'In Development' +title: 'Unreleased - current state of the main branch' +type: docs +weight: 200 +params: + top_hidden: true + show_page_toc: false +cascade: + type: docs + params: + show_page_toc: true +# This file will NOT be copied into a new release's versioned docs folder. +--- + +{{< alert title="Warning" color="warning" >}} +These pages refer to the current state of the main branch, which is still under active development. + +Functionalities can be changed, removed or added without prior notice. +{{< /alert >}} + +Checkout the [Quick Start](./quickstart.md) page. + + diff --git a/docs/access-control.md b/site/content/in-dev/unreleased/access-control.md similarity index 90% rename from docs/access-control.md rename to site/content/in-dev/unreleased/access-control.md index 783b017f6..7c4c9cc8e 100644 --- a/docs/access-control.md +++ b/site/content/in-dev/unreleased/access-control.md @@ -1,21 +1,26 @@ - +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +Title: Access Control +type: docs +weight: 500 +--- This section provides information about how access control works for Apache Polaris (Incubating). @@ -91,7 +96,7 @@ The following diagram illustrates the RBAC model used by Polaris. For each catal privileges to catalog roles and then grants service principals access to resources by assigning catalog roles to principal roles. Polaris supports a many-to-one relationship between service principals and principal roles. -![Diagram that shows the RBAC model for Apache Polaris.](img/rbac-model.svg "Apache Polaris RBAC model") +![Diagram that shows the RBAC model for Apache Polaris.](/img/rbac-model.svg "Apache Polaris RBAC model") ## Access control privileges @@ -185,4 +190,4 @@ includes the following users: - The Catalog reader role grants read-only access for a catalog named Gold zone catalog. -![Diagram that shows an example of how RBAC works in Apache Polaris.](img/rbac-example.svg "Apache Polaris RBAC example") +![Diagram that shows an example of how RBAC works in Apache Polaris.](/img/rbac-example.svg "Apache Polaris RBAC example") diff --git a/docs/command-line-interface.md b/site/content/in-dev/unreleased/command-line-interface.md similarity index 96% rename from docs/command-line-interface.md rename to site/content/in-dev/unreleased/command-line-interface.md index 026921eca..f0435bd18 100644 --- a/docs/command-line-interface.md +++ b/site/content/in-dev/unreleased/command-line-interface.md @@ -1,23 +1,27 @@ - - -# Apache Polaris (Incubating) CLI +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +linkTitle: Command Line Interface +title: Apache Polaris (Incubating) CLI +type: docs +weight: 300 +--- In order to help administrators quickly set up and manage their Polaris server, Polaris provides a simple command-line interface (CLI) for common tasks. @@ -798,7 +802,7 @@ polaris namespaces list --catalog my_catalog --parent a.b ### Privileges -The `privileges` command is used to grant various privileges to a catalog role, or to revoke those privileges. Privileges can be on the level of a catalog, a namespace, a table, or a view. For more information on privileges, please refer to the [docs](./entities.md#privilege). +The `privileges` command is used to grant various privileges to a catalog role, or to revoke those privileges. Privileges can be on the level of a catalog, a namespace, a table, or a view. For more information on privileges, please refer to the [docs](entities.mdrivilege). Note that when using the `privileges` command, the user specifies the relevant catalog and catalog role before selecting a subcommand. diff --git a/docs/configuring-polaris-for-production.md b/site/content/in-dev/unreleased/configuring-polaris-for-production.md similarity index 80% rename from docs/configuring-polaris-for-production.md rename to site/content/in-dev/unreleased/configuring-polaris-for-production.md index 37f682810..1a561c4e1 100644 --- a/docs/configuring-polaris-for-production.md +++ b/site/content/in-dev/unreleased/configuring-polaris-for-production.md @@ -1,24 +1,27 @@ - - - -# Configuring Apache Polaris (Incubating) for Production +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +title: Configuring Apache Polaris (Incubating) for Production +linkTitle: Deploying In Production +type: docs +weight: 600 +--- The default `polaris-server.yml` configuration is intended for development and testing. When deploying Polaris in production, there are several best practices to keep in mind. @@ -56,7 +59,7 @@ Be sure to secure your metastore backend since it will be storing credentials an ### Configuring EclipseLink -To use EclipseLink for metastore management, specify the configuration `metaStoreManager.conf-file` to point to an EclipseLink `persistence.xml` file. This file, local to the Polaris service, contains details of the database used for metastore management and the connection settings. For more information, refer to [metastore documentation](./metastores.md) for details. +To use EclipseLink for metastore management, specify the configuration `metaStoreManager.conf-file` to point to an EclipseLink `persistence.xml` file. This file, local to the Polaris service, contains details of the database used for metastore management and the connection settings. For more information, refer to [metastore documentation](metastores.md) for details. ### Bootstrapping diff --git a/docs/entities.md b/site/content/in-dev/unreleased/entities.md similarity index 85% rename from docs/entities.md rename to site/content/in-dev/unreleased/entities.md index df9f4897b..4439493bc 100644 --- a/docs/entities.md +++ b/site/content/in-dev/unreleased/entities.md @@ -1,21 +1,26 @@ - +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +Title: Entities +type: docs +weight: 400 +--- This page documents various entities that can be managed in Apache Polaris (Incubating). diff --git a/docs/metastores.md b/site/content/in-dev/unreleased/metastores.md similarity index 85% rename from docs/metastores.md rename to site/content/in-dev/unreleased/metastores.md index 26e8c14da..72d97a38b 100644 --- a/docs/metastores.md +++ b/site/content/in-dev/unreleased/metastores.md @@ -1,21 +1,27 @@ - +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +title: Metastores +linkTitle: Metastores +type: docs +weight: 700 +--- This page documents the general configurations to connect to production database through [EclipseLink](https://eclipse.dev/eclipselink/). diff --git a/site/content/in-dev/unreleased/openapi/polaris-management-service.yml b/site/content/in-dev/unreleased/openapi/polaris-management-service.yml new file mode 100644 index 000000000..03068c60a --- /dev/null +++ b/site/content/in-dev/unreleased/openapi/polaris-management-service.yml @@ -0,0 +1,1345 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + + +openapi: 3.0.3 +info: + title: Polaris Management Service + version: 0.0.1 + description: + Defines the management APIs for using Polaris to create and manage Iceberg catalogs and their principals +servers: + - url: "{scheme}://{host}/api/management/v1" + description: Server URL when the port can be inferred from the scheme + variables: + scheme: + description: The scheme of the URI, either http or https. + default: https + host: + description: The host address for the specified server + default: localhost +# All routes are currently configured using an Authorization header. +security: + - OAuth2: [] + +paths: + /catalogs: + get: + operationId: listCatalogs + description: List all catalogs in this polaris service + responses: + 200: + description: List of catalogs in the polaris service + content: + application/json: + schema: + $ref: "#/components/schemas/Catalogs" + 403: + description: "The caller does not have permission to list catalog details" + post: + operationId: createCatalog + description: Add a new Catalog + requestBody: + description: The Catalog to create + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/CreateCatalogRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The caller does not have permission to create a catalog" + 404: + description: "The catalog does not exist" + 409: + description: "A catalog with the specified name already exists" + + /catalogs/{catalogName}: + parameters: + - name: catalogName + in: path + description: The name of the catalog + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: getCatalog + description: Get the details of a catalog + responses: + 200: + description: The catalog details + content: + application/json: + schema: + $ref: "#/components/schemas/Catalog" + 403: + description: "The caller does not have permission to read catalog details" + 404: + description: "The catalog does not exist" + + put: + operationId: updateCatalog + description: Update an existing catalog + requestBody: + description: The catalog details to use in the update + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdateCatalogRequest" + responses: + 200: + description: The catalog details + content: + application/json: + schema: + $ref: "#/components/schemas/Catalog" + 403: + description: "The caller does not have permission to update catalog details" + 404: + description: "The catalog does not exist" + 409: + description: "The entity version doesn't match the currentEntityVersion; retry after fetching latest version" + + delete: + operationId: deleteCatalog + description: Delete an existing catalog. The catalog must be empty. + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to delete a catalog" + 404: + description: "The catalog does not exist" + + /principals: + get: + operationId: listPrincipals + description: List the principals for the current catalog + responses: + 200: + description: List of principals for this catalog + content: + application/json: + schema: + $ref: "#/components/schemas/Principals" + 403: + description: "The caller does not have permission to list catalog admins" + 404: + description: "The catalog does not exist" + + post: + operationId: createPrincipal + description: Create a principal + requestBody: + description: The principal to create + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/CreatePrincipalRequest" + responses: + 201: + description: "Successful response" + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalWithCredentials" + 403: + description: "The caller does not have permission to add a principal" + + /principals/{principalName}: + parameters: + - name: principalName + in: path + description: The principal name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: getPrincipal + description: Get the principal details + responses: + 200: + description: The requested principal + content: + application/json: + schema: + $ref: "#/components/schemas/Principal" + 403: + description: "The caller does not have permission to get principal details" + 404: + description: "The catalog or principal does not exist" + + put: + operationId: updatePrincipal + description: Update an existing principal + requestBody: + description: The principal details to use in the update + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdatePrincipalRequest" + responses: + 200: + description: The updated principal + content: + application/json: + schema: + $ref: "#/components/schemas/Principal" + 403: + description: "The caller does not have permission to update principal details" + 404: + description: "The principal does not exist" + 409: + description: "The entity version doesn't match the currentEntityVersion; retry after fetching latest version" + + delete: + operationId: deletePrincipal + description: Remove a principal from polaris + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to delete a principal" + 404: + description: "The principal does not exist" + + /principals/{principalName}/rotate: + parameters: + - name: principalName + in: path + description: The user name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + post: + operationId: rotateCredentials + description: Rotate a principal's credentials. The new credentials will be returned in the response. This is the only + API, aside from createPrincipal, that returns the user's credentials. This API is *not* idempotent. + responses: + 200: + description: The principal details along with the newly rotated credentials + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalWithCredentials" + 403: + description: "The caller does not have permission to rotate credentials" + 404: + description: "The principal does not exist" + + /principals/{principalName}/principal-roles: + parameters: + - name: principalName + in: path + description: The name of the target principal + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listPrincipalRolesAssigned + description: List the roles assigned to the principal + responses: + 200: + description: List of roles assigned to this principal + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRoles" + 403: + description: "The caller does not have permission to list roles" + 404: + description: "The principal or catalog does not exist" + + put: + operationId: assignPrincipalRole + description: Add a role to the principal + requestBody: + description: The principal role to assign + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/GrantPrincipalRoleRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The caller does not have permission to add assign a role to the principal" + 404: + description: "The catalog, the principal, or the role does not exist" + + /principals/{principalName}/principal-roles/{principalRoleName}: + parameters: + - name: principalName + in: path + description: The name of the target principal + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: principalRoleName + in: path + description: The name of the role + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + delete: + operationId: revokePrincipalRole + description: Remove a role from a catalog principal + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to remove a role from the principal" + 404: + description: "The catalog or principal does not exist" + + /principal-roles: + get: + operationId: listPrincipalRoles + description: List the principal roles + responses: + 200: + description: List of principal roles + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRoles" + 403: + description: "The caller does not have permission to list principal roles" + 404: + description: "The catalog does not exist" + + post: + operationId: createPrincipalRole + description: Create a principal role + requestBody: + description: The principal to create + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/CreatePrincipalRoleRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The caller does not have permission to add a principal role" + + /principal-roles/{principalRoleName}: + parameters: + - name: principalRoleName + in: path + description: The principal role name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: getPrincipalRole + description: Get the principal role details + responses: + 200: + description: The requested principal role + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRole" + 403: + description: "The caller does not have permission to get principal role details" + 404: + description: "The principal role does not exist" + + put: + operationId: updatePrincipalRole + description: Update an existing principalRole + requestBody: + description: The principalRole details to use in the update + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdatePrincipalRoleRequest" + responses: + 200: + description: The updated principal role + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRole" + 403: + description: "The caller does not have permission to update principal role details" + 404: + description: "The principal role does not exist" + 409: + description: "The entity version doesn't match the currentEntityVersion; retry after fetching latest version" + + delete: + operationId: deletePrincipalRole + description: Remove a principal role from polaris + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to delete a principal role" + 404: + description: "The principal role does not exist" + + /principal-roles/{principalRoleName}/principals: + parameters: + - name: principalRoleName + in: path + description: The principal role name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listAssigneePrincipalsForPrincipalRole + description: List the Principals to whom the target principal role has been assigned + responses: + 200: + description: List the Principals to whom the target principal role has been assigned + content: + application/json: + schema: + $ref: "#/components/schemas/Principals" + 403: + description: "The caller does not have permission to list principals" + 404: + description: "The principal role does not exist" + + /principal-roles/{principalRoleName}/catalog-roles/{catalogName}: + parameters: + - name: principalRoleName + in: path + description: The principal role name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogName + in: path + required: true + description: The name of the catalog where the catalogRoles reside + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listCatalogRolesForPrincipalRole + description: Get the catalog roles mapped to the principal role + responses: + 200: + description: The list of catalog roles mapped to the principal role + content: + application/json: + schema: + $ref: "#/components/schemas/CatalogRoles" + 403: + description: "The caller does not have permission to list catalog roles" + 404: + description: "The principal role does not exist" + + put: + operationId: assignCatalogRoleToPrincipalRole + description: Assign a catalog role to a principal role + requestBody: + description: The principal to create + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/GrantCatalogRoleRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The caller does not have permission to assign a catalog role" + + /principal-roles/{principalRoleName}/catalog-roles/{catalogName}/{catalogRoleName}: + parameters: + - name: principalRoleName + in: path + description: The principal role name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogName + in: path + description: The name of the catalog that contains the role to revoke + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogRoleName + in: path + description: The name of the catalog role that should be revoked + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + delete: + operationId: revokeCatalogRoleFromPrincipalRole + description: Remove a catalog role from a principal role + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to revoke a catalog role" + 404: + description: "The principal role does not exist" + + /catalogs/{catalogName}/catalog-roles: + parameters: + - name: catalogName + in: path + description: The catalog for which we are reading/updating roles + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listCatalogRoles + description: List existing roles in the catalog + responses: + 200: + description: The list of roles that exist in this catalog + content: + application/json: + schema: + $ref: "#/components/schemas/CatalogRoles" + post: + operationId: createCatalogRole + description: Create a new role in the catalog + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/CreateCatalogRoleRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The principal is not authorized to create roles" + 404: + description: "The catalog does not exist" + + /catalogs/{catalogName}/catalog-roles/{catalogRoleName}: + parameters: + - name: catalogName + in: path + description: The catalog for which we are retrieving roles + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogRoleName + in: path + description: The name of the role + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: getCatalogRole + description: Get the details of an existing role + responses: + 200: + description: The specified role details + content: + application/json: + schema: + $ref: "#/components/schemas/CatalogRole" + 403: + description: "The principal is not authorized to read role data" + 404: + description: "The catalog or the role does not exist" + + put: + operationId: updateCatalogRole + description: Update an existing role in the catalog + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/UpdateCatalogRoleRequest" + responses: + 200: + description: The specified role details + content: + application/json: + schema: + $ref: "#/components/schemas/CatalogRole" + 403: + description: "The principal is not authorized to update roles" + 404: + description: "The catalog or the role does not exist" + 409: + description: "The entity version doesn't match the currentEntityVersion; retry after fetching latest version" + + delete: + operationId: deleteCatalogRole + description: Delete an existing role from the catalog. All associated grants will also be deleted + responses: + 204: + description: "Success, no content" + 403: + description: "The principal is not authorized to delete roles" + 404: + description: "The catalog or the role does not exist" + + /catalogs/{catalogName}/catalog-roles/{catalogRoleName}/principal-roles: + parameters: + - name: catalogName + in: path + required: true + description: The name of the catalog where the catalog role resides + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogRoleName + in: path + required: true + description: The name of the catalog role + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listAssigneePrincipalRolesForCatalogRole + description: List the PrincipalRoles to which the target catalog role has been assigned + responses: + 200: + description: List the PrincipalRoles to which the target catalog role has been assigned + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRoles" + 403: + description: "The caller does not have permission to list principal roles" + 404: + description: "The catalog or catalog role does not exist" + + /catalogs/{catalogName}/catalog-roles/{catalogRoleName}/grants: + parameters: + - name: catalogName + in: path + required: true + description: The name of the catalog where the role will receive the grant + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogRoleName + in: path + required: true + description: The name of the role receiving the grant (must exist) + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listGrantsForCatalogRole + description: List the grants the catalog role holds + responses: + 200: + description: List of all grants given to the role in this catalog + content: + application/json: + schema: + $ref: "#/components/schemas/GrantResources" + put: + operationId: addGrantToCatalogRole + description: Add a new grant to the catalog role + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/AddGrantRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The principal is not authorized to create grants" + 404: + description: "The catalog or the role does not exist" + post: + operationId: revokeGrantFromCatalogRole + description: + Delete a specific grant from the role. This may be a subset or a superset of the grants the role has. In case of + a subset, the role will retain the grants not specified. If the `cascade` parameter is true, grant revocation + will have a cascading effect - that is, if a principal has specific grants on a subresource, and grants are revoked + on a parent resource, the grants present on the subresource will be revoked as well. By default, this behavior + is disabled and grant revocation only affects the specified resource. + parameters: + - name: cascade + in: query + schema: + type: boolean + default: false + description: If true, the grant revocation cascades to all subresources. + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/RevokeGrantRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The principal is not authorized to create grants" + 404: + description: "The catalog or the role does not exist" + +components: + securitySchemes: + OAuth2: + type: oauth2 + description: Uses OAuth 2 with client credentials flow + flows: + implicit: + authorizationUrl: "{scheme}://{host}/api/v1/oauth/tokens" + scopes: {} + + schemas: + Catalogs: + type: object + description: A list of Catalog objects + properties: + catalogs: + type: array + items: + $ref: "#/components/schemas/Catalog" + required: + - catalogs + + CreateCatalogRequest: + type: object + description: Request to create a new catalog + properties: + catalog: + $ref: "#/components/schemas/Catalog" + required: + - catalog + + Catalog: + type: object + description: A catalog object. A catalog may be internal or external. External catalogs are managed entirely by + an external catalog interface. Third party catalogs may be other Iceberg REST implementations or other services + with their own proprietary APIs + properties: + type: + type: string + enum: + - INTERNAL + - EXTERNAL + description: the type of catalog - internal or external + default: INTERNAL + name: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + description: The name of the catalog + properties: + type: object + properties: + default-base-location: + type: string + additionalProperties: + type: string + required: + - default-base-location + createTimestamp: + type: integer + format: "int64" + description: The creation time represented as unix epoch timestamp in milliseconds + lastUpdateTimestamp: + type: integer + format: "int64" + description: The last update time represented as unix epoch timestamp in milliseconds + entityVersion: + type: integer + description: The version of the catalog object used to determine if the catalog metadata has changed + storageConfigInfo: + $ref: "#/components/schemas/StorageConfigInfo" + required: + - name + - type + - storageConfigInfo + - properties + discriminator: + propertyName: type + mapping: + INTERNAL: "#/components/schemas/PolarisCatalog" + EXTERNAL: "#/components/schemas/ExternalCatalog" + + + PolarisCatalog: + type: object + allOf: + - $ref: "#/components/schemas/Catalog" + description: The base catalog type - this contains all the fields necessary to construct an INTERNAL catalog + + ExternalCatalog: + description: An externally managed catalog + type: object + allOf: + - $ref: "#/components/schemas/Catalog" + - type: object + properties: + remoteUrl: + type: string + description: URL to the remote catalog API + + StorageConfigInfo: + type: object + description: A storage configuration used by catalogs + properties: + storageType: + type: string + enum: + - S3 + - GCS + - AZURE + - FILE + description: The cloud provider type this storage is built on. FILE is supported for testing purposes only + allowedLocations: + type: array + items: + type: string + example: "For AWS [s3://bucketname/prefix/], for AZURE [abfss://container@storageaccount.blob.core.windows.net/prefix/], for GCP [gs://bucketname/prefix/]" + required: + - storageType + discriminator: + propertyName: storageType + mapping: + S3: "#/components/schemas/AwsStorageConfigInfo" + AZURE: "#/components/schemas/AzureStorageConfigInfo" + GCS: "#/components/schemas/GcpStorageConfigInfo" + FILE: "#/components/schemas/FileStorageConfigInfo" + + AwsStorageConfigInfo: + type: object + description: aws storage configuration info + allOf: + - $ref: '#/components/schemas/StorageConfigInfo' + properties: + roleArn: + type: string + description: the aws role arn that grants privileges on the S3 buckets + example: "arn:aws:iam::123456789001:principal/abc1-b-self1234" + externalId: + type: string + description: an optional external id used to establish a trust relationship with AWS in the trust policy + userArn: + type: string + description: the aws user arn used to assume the aws role + example: "arn:aws:iam::123456789001:user/abc1-b-self1234" + required: + - roleArn + + AzureStorageConfigInfo: + type: object + description: azure storage configuration info + allOf: + - $ref: '#/components/schemas/StorageConfigInfo' + properties: + tenantId: + type: string + description: the tenant id that the storage accounts belong to + multiTenantAppName: + type: string + description: the name of the azure client application + consentUrl: + type: string + description: URL to the Azure permissions request page + required: + - tenantId + + GcpStorageConfigInfo: + type: object + description: gcp storage configuration info + allOf: + - $ref: '#/components/schemas/StorageConfigInfo' + properties: + gcsServiceAccount: + type: string + description: a Google cloud storage service account + + FileStorageConfigInfo: + type: object + description: gcp storage configuration info + allOf: + - $ref: '#/components/schemas/StorageConfigInfo' + + UpdateCatalogRequest: + description: Updates to apply to a Catalog + type: object + properties: + currentEntityVersion: + type: integer + description: The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version. + properties: + type: object + additionalProperties: + type: string + storageConfigInfo: + $ref: "#/components/schemas/StorageConfigInfo" + + Principals: + description: A list of Principals + type: object + properties: + principals: + type: array + items: + $ref: "#/components/schemas/Principal" + required: + - principals + + PrincipalWithCredentials: + description: A user with its client id and secret. This type is returned when a new principal is created or when its + credentials are rotated + type: object + properties: + principal: + $ref: "#/components/schemas/Principal" + credentials: + type: object + properties: + clientId: + type: string + clientSecret: + type: string + format: password + required: + - principal + - credentials + + CreatePrincipalRequest: + type: object + properties: + principal: + $ref: '#/components/schemas/Principal' + credentialRotationRequired: + type: boolean + description: If true, the initial credentials can only be used to call rotateCredentials + + Principal: + description: A Polaris principal. + type: object + properties: + name: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + clientId: + type: string + description: The output-only OAuth clientId associated with this principal if applicable + properties: + type: object + additionalProperties: + type: string + createTimestamp: + type: integer + format: "int64" + lastUpdateTimestamp: + type: integer + format: "int64" + entityVersion: + type: integer + description: The version of the principal object used to determine if the principal metadata has changed + required: + - name + + UpdatePrincipalRequest: + description: Updates to apply to a Principal + type: object + properties: + currentEntityVersion: + type: integer + description: The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version. + properties: + type: object + additionalProperties: + type: string + required: + - currentEntityVersion + - properties + + PrincipalRoles: + type: object + properties: + roles: + type: array + items: + $ref: "#/components/schemas/PrincipalRole" + required: + - roles + + GrantPrincipalRoleRequest: + type: object + properties: + principalRole: + $ref: '#/components/schemas/PrincipalRole' + + CreatePrincipalRoleRequest: + type: object + properties: + principalRole: + $ref: '#/components/schemas/PrincipalRole' + + PrincipalRole: + type: object + properties: + name: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + description: The name of the role + properties: + type: object + additionalProperties: + type: string + createTimestamp: + type: integer + format: "int64" + lastUpdateTimestamp: + type: integer + format: "int64" + entityVersion: + type: integer + description: The version of the principal role object used to determine if the principal role metadata has changed + required: + - name + + UpdatePrincipalRoleRequest: + description: Updates to apply to a Principal Role + type: object + properties: + currentEntityVersion: + type: integer + description: The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version. + properties: + type: object + additionalProperties: + type: string + required: + - currentEntityVersion + - properties + + CatalogRoles: + type: object + properties: + roles: + type: array + items: + $ref: "#/components/schemas/CatalogRole" + description: The list of catalog roles + required: + - roles + + GrantCatalogRoleRequest: + type: object + properties: + catalogRole: + $ref: '#/components/schemas/CatalogRole' + + CreateCatalogRoleRequest: + type: object + properties: + catalogRole: + $ref: '#/components/schemas/CatalogRole' + + CatalogRole: + type: object + properties: + name: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + description: The name of the role + properties: + type: object + additionalProperties: + type: string + createTimestamp: + type: integer + format: "int64" + lastUpdateTimestamp: + type: integer + format: "int64" + entityVersion: + type: integer + description: The version of the catalog role object used to determine if the catalog role metadata has changed + required: + - name + + UpdateCatalogRoleRequest: + description: Updates to apply to a Catalog Role + type: object + properties: + currentEntityVersion: + type: integer + description: The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version. + properties: + type: object + additionalProperties: + type: string + required: + - currentEntityVersion + - properties + + ViewPrivilege: + type: string + enum: + - CATALOG_MANAGE_ACCESS + - VIEW_CREATE + - VIEW_DROP + - VIEW_LIST + - VIEW_READ_PROPERTIES + - VIEW_WRITE_PROPERTIES + - VIEW_FULL_METADATA + + TablePrivilege: + type: string + enum: + - CATALOG_MANAGE_ACCESS + - TABLE_DROP + - TABLE_LIST + - TABLE_READ_PROPERTIES + - VIEW_READ_PROPERTIES + - TABLE_WRITE_PROPERTIES + - TABLE_READ_DATA + - TABLE_WRITE_DATA + - TABLE_FULL_METADATA + + NamespacePrivilege: + type: string + enum: + - CATALOG_MANAGE_ACCESS + - CATALOG_MANAGE_CONTENT + - CATALOG_MANAGE_METADATA + - NAMESPACE_CREATE + - TABLE_CREATE + - VIEW_CREATE + - NAMESPACE_DROP + - TABLE_DROP + - VIEW_DROP + - NAMESPACE_LIST + - TABLE_LIST + - VIEW_LIST + - NAMESPACE_READ_PROPERTIES + - TABLE_READ_PROPERTIES + - VIEW_READ_PROPERTIES + - NAMESPACE_WRITE_PROPERTIES + - TABLE_WRITE_PROPERTIES + - VIEW_WRITE_PROPERTIES + - TABLE_READ_DATA + - TABLE_WRITE_DATA + - NAMESPACE_FULL_METADATA + - TABLE_FULL_METADATA + - VIEW_FULL_METADATA + + CatalogPrivilege: + type: string + enum: + - CATALOG_MANAGE_ACCESS + - CATALOG_MANAGE_CONTENT + - CATALOG_MANAGE_METADATA + - CATALOG_READ_PROPERTIES + - CATALOG_WRITE_PROPERTIES + - NAMESPACE_CREATE + - TABLE_CREATE + - VIEW_CREATE + - NAMESPACE_DROP + - TABLE_DROP + - VIEW_DROP + - NAMESPACE_LIST + - TABLE_LIST + - VIEW_LIST + - NAMESPACE_READ_PROPERTIES + - TABLE_READ_PROPERTIES + - VIEW_READ_PROPERTIES + - NAMESPACE_WRITE_PROPERTIES + - TABLE_WRITE_PROPERTIES + - VIEW_WRITE_PROPERTIES + - TABLE_READ_DATA + - TABLE_WRITE_DATA + - NAMESPACE_FULL_METADATA + - TABLE_FULL_METADATA + - VIEW_FULL_METADATA + + AddGrantRequest: + type: object + properties: + grant: + $ref: '#/components/schemas/GrantResource' + + RevokeGrantRequest: + type: object + properties: + grant: + $ref: '#/components/schemas/GrantResource' + + ViewGrant: + allOf: + - $ref: '#/components/schemas/GrantResource' + - type: object + properties: + namespace: + type: array + items: + type: string + viewName: + type: string + minLength: 1 + maxLength: 256 + privilege: + $ref: '#/components/schemas/ViewPrivilege' + required: + - namespace + - viewName + - privilege + + TableGrant: + allOf: + - $ref: '#/components/schemas/GrantResource' + - type: object + properties: + namespace: + type: array + items: + type: string + tableName: + type: string + minLength: 1 + maxLength: 256 + privilege: + $ref: '#/components/schemas/TablePrivilege' + required: + - namespace + - tableName + - privilege + + NamespaceGrant: + allOf: + - $ref: '#/components/schemas/GrantResource' + - type: object + properties: + namespace: + type: array + items: + type: string + privilege: + $ref: '#/components/schemas/NamespacePrivilege' + required: + - namespace + - privilege + + + CatalogGrant: + allOf: + - $ref: '#/components/schemas/GrantResource' + - type: object + properties: + privilege: + $ref: '#/components/schemas/CatalogPrivilege' + required: + - privilege + + GrantResource: + type: object + discriminator: + propertyName: type + mapping: + catalog: '#/components/schemas/CatalogGrant' + namespace: '#/components/schemas/NamespaceGrant' + table: '#/components/schemas/TableGrant' + view: '#/components/schemas/ViewGrant' + properties: + type: + type: string + enum: + - catalog + - namespace + - table + - view + required: + - type + + GrantResources: + type: object + properties: + grants: + type: array + items: + $ref: "#/components/schemas/GrantResource" + required: + - grants diff --git a/site/content/in-dev/unreleased/openapi/rest-catalog-open-api.yaml b/site/content/in-dev/unreleased/openapi/rest-catalog-open-api.yaml new file mode 100644 index 000000000..7cd966b91 --- /dev/null +++ b/site/content/in-dev/unreleased/openapi/rest-catalog-open-api.yaml @@ -0,0 +1,4085 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- +openapi: 3.0.3 +info: + title: Apache Iceberg REST Catalog API + license: + name: Apache 2.0 + url: https://www.apache.org/licenses/LICENSE-2.0.html + version: 0.0.1 + description: + Defines the specification for the first version of the REST Catalog API. + Implementations should ideally support both Iceberg table specs v1 and v2, with priority given to v2. +servers: + - url: "{scheme}://{host}/{basePath}" + description: Server URL when the port can be inferred from the scheme + variables: + scheme: + description: The scheme of the URI, either http or https. + default: https + host: + description: The host address for the specified server + default: localhost + basePath: + description: Optional prefix to be appended to all routes + default: "" + - url: "{scheme}://{host}:{port}/{basePath}" + description: Generic base server URL, with all parts configurable + variables: + scheme: + description: The scheme of the URI, either http or https. + default: https + host: + description: The host address for the specified server + default: localhost + port: + description: The port used when addressing the host + default: "443" + basePath: + description: Optional prefix to be appended to all routes + default: "" +# All routes are currently configured using an Authorization header. +security: + - OAuth2: [catalog] + - BearerAuth: [] + +paths: + /v1/config: + + get: + tags: + - Configuration API + summary: List all catalog configuration settings + operationId: getConfig + parameters: + - name: warehouse + in: query + required: false + schema: + type: string + description: Warehouse location or identifier to request from the service + description: + " + All REST clients should first call this route to get catalog configuration + properties from the server to configure the catalog and its HTTP client. + Configuration from the server consists of two sets of key/value pairs. + + - defaults - properties that should be used as default configuration; applied before client configuration + + - overrides - properties that should be used to override client configuration; applied after defaults and client configuration + + + Catalog configuration is constructed by setting the defaults, then client- + provided configuration, and finally overrides. The final property set is then + used to configure the catalog. + + + For example, a default configuration property might set the size of the + client pool, which can be replaced with a client-specific setting. An + override might be used to set the warehouse location, which is stored + on the server rather than in client configuration. + + + Common catalog configuration settings are documented at + https://iceberg.apache.org/docs/latest/configuration/#catalog-properties + " + responses: + 200: + description: Server specified configuration values. + content: + application/json: + schema: + $ref: '#/components/schemas/CatalogConfig' + example: { + "overrides": { + "warehouse": "s3://bucket/warehouse/" + }, + "defaults": { + "clients": "4" + } + } + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/oauth/tokens: + + post: + tags: + - OAuth2 API + summary: Get a token using an OAuth2 flow (DEPRECATED for REMOVAL) + deprecated: true + operationId: getToken + description: + The `oauth/tokens` endpoint is **DEPRECATED for REMOVAL**. It is _not_ recommended to + implement this endpoint, unless you are fully aware of the potential security implications. + + All clients are encouraged to explicitly set the configuration property `oauth2-server-uri` + to the correct OAuth endpoint. + + Deprecated since Iceberg (Java) 1.6.0. The endpoint and related types will be removed from + this spec in Iceberg (Java) 2.0. + + See [Security improvements in the Iceberg REST specification](https://github.com/apache/iceberg/issues/10537) + + + Exchange credentials for a token using the OAuth2 client credentials flow or token exchange. + + + This endpoint is used for three purposes - + + 1. To exchange client credentials (client ID and secret) for an access token + This uses the client credentials flow. + + 2. To exchange a client token and an identity token for a more specific access token + This uses the token exchange flow. + + 3. To exchange an access token for one with the same claims and a refreshed expiration period + This uses the token exchange flow. + + + For example, a catalog client may be configured with client credentials from the OAuth2 + Authorization flow. This client would exchange its client ID and secret for an access token + using the client credentials request with this endpoint (1). Subsequent requests would then + use that access token. + + + Some clients may also handle sessions that have additional user context. These clients would + use the token exchange flow to exchange a user token (the "subject" token) from the session + for a more specific access token for that user, using the catalog's access token as the + "actor" token (2). The user ID token is the "subject" token and can be any token type + allowed by the OAuth2 token exchange flow, including a unsecured JWT token with a sub claim. + This request should use the catalog's bearer token in the "Authorization" header. + + + Clients may also use the token exchange flow to refresh a token that is about to expire by + sending a token exchange request (3). The request's "subject" token should be the expiring + token. This request should use the subject token in the "Authorization" header. + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/OAuthTokenRequest' + responses: + 200: + $ref: '#/components/responses/OAuthTokenResponse' + 400: + $ref: '#/components/responses/OAuthErrorResponse' + 401: + $ref: '#/components/responses/OAuthErrorResponse' + 5XX: + $ref: '#/components/responses/OAuthErrorResponse' + + /v1/{prefix}/namespaces: + parameters: + - $ref: '#/components/parameters/prefix' + + get: + tags: + - Catalog API + summary: List namespaces, optionally providing a parent namespace to list underneath + description: + List all namespaces at a certain level, optionally starting from a given parent namespace. + If table accounting.tax.paid.info exists, using 'SELECT NAMESPACE IN accounting' would + translate into `GET /namespaces?parent=accounting` and must return a namespace, ["accounting", "tax"] only. + Using 'SELECT NAMESPACE IN accounting.tax' would + translate into `GET /namespaces?parent=accounting%1Ftax` and must return a namespace, ["accounting", "tax", "paid"]. + If `parent` is not provided, all top-level namespaces should be listed. + operationId: listNamespaces + parameters: + - $ref: '#/components/parameters/page-token' + - $ref: '#/components/parameters/page-size' + - name: parent + in: query + description: + An optional namespace, underneath which to list namespaces. + If not provided or empty, all top-level namespaces should be listed. + If parent is a multipart namespace, the parts must be separated by the unit separator (`0x1F`) byte. + required: false + allowEmptyValue: true + schema: + type: string + example: "accounting%1Ftax" + responses: + 200: + $ref: '#/components/responses/ListNamespacesResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - Namespace provided in the `parent` query parameter is not found. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NoSuchNamespaceExample: + $ref: '#/components/examples/NoSuchNamespaceError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + post: + tags: + - Catalog API + summary: Create a namespace + description: + Create a namespace, with an optional set of properties. + The server might also add properties, such as `last_modified_time` etc. + operationId: createNamespace + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CreateNamespaceRequest' + responses: + 200: + $ref: '#/components/responses/CreateNamespaceResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 406: + $ref: '#/components/responses/UnsupportedOperationResponse' + 409: + description: Conflict - The namespace already exists + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NamespaceAlreadyExists: + $ref: '#/components/examples/NamespaceAlreadyExistsError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/namespaces/{namespace}: + parameters: + - $ref: '#/components/parameters/prefix' + - $ref: '#/components/parameters/namespace' + + get: + tags: + - Catalog API + summary: Load the metadata properties for a namespace + operationId: loadNamespaceMetadata + description: Return all stored metadata properties for a given namespace + responses: + 200: + $ref: '#/components/responses/GetNamespaceResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - Namespace not found + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NoSuchNamespaceExample: + $ref: '#/components/examples/NoSuchNamespaceError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + head: + tags: + - Catalog API + summary: Check if a namespace exists + operationId: namespaceExists + description: + Check if a namespace exists. The response does not contain a body. + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - Namespace not found + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NoSuchNamespaceExample: + $ref: '#/components/examples/NoSuchNamespaceError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + delete: + tags: + - Catalog API + summary: Drop a namespace from the catalog. Namespace must be empty. + operationId: dropNamespace + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - Namespace to delete does not exist. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NoSuchNamespaceExample: + $ref: '#/components/examples/NoSuchNamespaceError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/namespaces/{namespace}/properties: + parameters: + - $ref: '#/components/parameters/prefix' + - $ref: '#/components/parameters/namespace' + + post: + tags: + - Catalog API + summary: Set or remove properties on a namespace + operationId: updateProperties + description: + Set and/or remove properties on a namespace. + The request body specifies a list of properties to remove and a map + of key value pairs to update. + + Properties that are not in the request are not modified or removed by this call. + + Server implementations are not required to support namespace properties. + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateNamespacePropertiesRequest' + examples: + UpdateAndRemoveProperties: + $ref: '#/components/examples/UpdateAndRemoveNamespacePropertiesRequest' + responses: + 200: + $ref: '#/components/responses/UpdateNamespacePropertiesResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - Namespace not found + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NamespaceNotFound: + $ref: '#/components/examples/NoSuchNamespaceError' + 406: + $ref: '#/components/responses/UnsupportedOperationResponse' + 422: + description: Unprocessable Entity - A property key was included in both `removals` and `updates` + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + UnprocessableEntityDuplicateKey: + $ref: '#/components/examples/UnprocessableEntityDuplicateKey' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/namespaces/{namespace}/tables: + parameters: + - $ref: '#/components/parameters/prefix' + - $ref: '#/components/parameters/namespace' + + get: + tags: + - Catalog API + summary: List all table identifiers underneath a given namespace + description: Return all table identifiers under this namespace + operationId: listTables + parameters: + - $ref: '#/components/parameters/page-token' + - $ref: '#/components/parameters/page-size' + responses: + 200: + $ref: '#/components/responses/ListTablesResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - The namespace specified does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NamespaceNotFound: + $ref: '#/components/examples/NoSuchNamespaceError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + post: + tags: + - Catalog API + summary: Create a table in the given namespace + description: + Create a table or start a create transaction, like atomic CTAS. + + + If `stage-create` is false, the table is created immediately. + + + If `stage-create` is true, the table is not created, but table metadata is initialized and returned. + The service should prepare as needed for a commit to the table commit endpoint to complete the create + transaction. The client uses the returned metadata to begin a transaction. To commit the transaction, + the client sends all create and subsequent changes to the table commit route. Changes from the table + create operation include changes like AddSchemaUpdate and SetCurrentSchemaUpdate that set the initial + table state. + operationId: createTable + parameters: + - $ref: '#/components/parameters/data-access' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CreateTableRequest' + responses: + 200: + $ref: '#/components/responses/CreateTableResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - The namespace specified does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NamespaceNotFound: + $ref: '#/components/examples/NoSuchNamespaceError' + 409: + description: Conflict - The table already exists + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NamespaceAlreadyExists: + $ref: '#/components/examples/TableAlreadyExistsError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/namespaces/{namespace}/register: + parameters: + - $ref: '#/components/parameters/prefix' + - $ref: '#/components/parameters/namespace' + + post: + tags: + - Catalog API + summary: Register a table in the given namespace using given metadata file location + description: + Register a table using given metadata file location. + + operationId: registerTable + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/RegisterTableRequest' + responses: + 200: + $ref: '#/components/responses/LoadTableResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - The namespace specified does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NamespaceNotFound: + $ref: '#/components/examples/NoSuchNamespaceError' + 409: + description: Conflict - The table already exists + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + NamespaceAlreadyExists: + $ref: '#/components/examples/TableAlreadyExistsError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/namespaces/{namespace}/tables/{table}: + parameters: + - $ref: '#/components/parameters/prefix' + - $ref: '#/components/parameters/namespace' + - $ref: '#/components/parameters/table' + + get: + tags: + - Catalog API + summary: Load a table from the catalog + operationId: loadTable + description: + Load a table from the catalog. + + + The response contains both configuration and table metadata. The configuration, if non-empty is used + as additional configuration for the table that overrides catalog configuration. For example, this + configuration may change the FileIO implementation to be used for the table. + + + The response also contains the table's full metadata, matching the table metadata JSON file. + + + The catalog configuration may contain credentials that should be used for subsequent requests for the + table. The configuration key "token" is used to pass an access token to be used as a bearer token + for table requests. Otherwise, a token may be passed using a RFC 8693 token type as a configuration + key. For example, "urn:ietf:params:oauth:token-type:jwt=". + parameters: + - $ref: '#/components/parameters/data-access' + - in: query + name: snapshots + description: + The snapshots to return in the body of the metadata. Setting the value to `all` would + return the full set of snapshots currently valid for the table. Setting the value to + `refs` would load all snapshots referenced by branches or tags. + + Default if no param is provided is `all`. + required: false + schema: + type: string + enum: [ all, refs ] + responses: + 200: + $ref: '#/components/responses/LoadTableResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchTableException, table to load does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + TableToLoadDoesNotExist: + $ref: '#/components/examples/NoSuchTableError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + post: + tags: + - Catalog API + summary: Commit updates to a table + operationId: updateTable + description: + Commit updates to a table. + + + Commits have two parts, requirements and updates. Requirements are assertions that will be validated + before attempting to make and commit changes. For example, `assert-ref-snapshot-id` will check that a + named ref's snapshot ID has a certain value. + + + Updates are changes to make to table metadata. For example, after asserting that the current main ref + is at the expected snapshot, a commit may add a new child snapshot and set the ref to the new + snapshot id. + + + Create table transactions that are started by createTable with `stage-create` set to true are + committed using this route. Transactions should include all changes to the table, including table + initialization, like AddSchemaUpdate and SetCurrentSchemaUpdate. The `assert-create` requirement is + used to ensure that the table was not created concurrently. + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CommitTableRequest' + responses: + 200: + $ref: '#/components/responses/CommitTableResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchTableException, table to load does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + TableToUpdateDoesNotExist: + $ref: '#/components/examples/NoSuchTableError' + 409: + description: + Conflict - CommitFailedException, one or more requirements failed. The client may retry. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 500: + description: + An unknown server-side problem occurred; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Internal Server Error", + "type": "CommitStateUnknownException", + "code": 500 + } + } + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 502: + description: + A gateway or proxy received an invalid response from the upstream server; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Invalid response from the upstream server", + "type": "CommitStateUnknownException", + "code": 502 + } + } + 504: + description: + A server-side gateway timeout occurred; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Gateway timed out during commit", + "type": "CommitStateUnknownException", + "code": 504 + } + } + 5XX: + description: + A server-side problem that might not be addressable on the client. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Bad Gateway", + "type": "InternalServerError", + "code": 502 + } + } + + delete: + tags: + - Catalog API + summary: Drop a table from the catalog + operationId: dropTable + description: Remove a table from the catalog + parameters: + - name: purgeRequested + in: query + required: false + description: Whether the user requested to purge the underlying table's data and metadata + schema: + type: boolean + default: false + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchTableException, Table to drop does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + TableToDeleteDoesNotExist: + $ref: '#/components/examples/NoSuchTableError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + head: + tags: + - Catalog API + summary: Check if a table exists + operationId: tableExists + description: + Check if a table exists within a given namespace. The response does not contain a body. + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchTableException, Table not found + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + TableToLoadDoesNotExist: + $ref: '#/components/examples/NoSuchTableError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/tables/rename: + parameters: + - $ref: '#/components/parameters/prefix' + + post: + tags: + - Catalog API + summary: Rename a table from its current name to a new name + description: + Rename a table from one identifier to another. It's valid to move a table + across namespaces, but the server implementation is not required to support it. + operationId: renameTable + requestBody: + description: Current table identifier to rename and new table identifier to rename to + content: + application/json: + schema: + $ref: '#/components/schemas/RenameTableRequest' + examples: + RenameTableSameNamespace: + $ref: '#/components/examples/RenameTableSameNamespace' + required: true + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found + - NoSuchTableException, Table to rename does not exist + - NoSuchNamespaceException, The target namespace of the new table identifier does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + TableToRenameDoesNotExist: + $ref: '#/components/examples/NoSuchTableError' + NamespaceToRenameToDoesNotExist: + $ref: '#/components/examples/NoSuchNamespaceError' + 406: + $ref: '#/components/responses/UnsupportedOperationResponse' + 409: + description: Conflict - The target identifier to rename to already exists as a table or view + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: + $ref: '#/components/examples/TableAlreadyExistsError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/namespaces/{namespace}/tables/{table}/metrics: + parameters: + - $ref: '#/components/parameters/prefix' + - $ref: '#/components/parameters/namespace' + - $ref: '#/components/parameters/table' + + post: + tags: + - Catalog API + summary: Send a metrics report to this endpoint to be processed by the backend + operationId: reportMetrics + requestBody: + description: The request containing the metrics report to be sent + content: + application/json: + schema: + $ref: '#/components/schemas/ReportMetricsRequest' + required: true + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchTableException, table to load does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + TableToLoadDoesNotExist: + $ref: '#/components/examples/NoSuchTableError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/transactions/commit: + parameters: + - $ref: '#/components/parameters/prefix' + + post: + tags: + - Catalog API + summary: Commit updates to multiple tables in an atomic operation + operationId: commitTransaction + requestBody: + description: + Commit updates to multiple tables in an atomic operation + + + A commit for a single table consists of a table identifier with requirements and updates. + Requirements are assertions that will be validated before attempting to make and commit changes. + For example, `assert-ref-snapshot-id` will check that a named ref's snapshot ID has a certain value. + + + Updates are changes to make to table metadata. For example, after asserting that the current main ref + is at the expected snapshot, a commit may add a new child snapshot and set the ref to the new + snapshot id. + content: + application/json: + schema: + $ref: '#/components/schemas/CommitTransactionRequest' + required: true + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchTableException, table to load does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + examples: + TableToUpdateDoesNotExist: + $ref: '#/components/examples/NoSuchTableError' + 409: + description: + Conflict - CommitFailedException, one or more requirements failed. The client may retry. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 500: + description: + An unknown server-side problem occurred; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Internal Server Error", + "type": "CommitStateUnknownException", + "code": 500 + } + } + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 502: + description: + A gateway or proxy received an invalid response from the upstream server; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Invalid response from the upstream server", + "type": "CommitStateUnknownException", + "code": 502 + } + } + 504: + description: + A server-side gateway timeout occurred; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Gateway timed out during commit", + "type": "CommitStateUnknownException", + "code": 504 + } + } + 5XX: + description: + A server-side problem that might not be addressable on the client. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Bad Gateway", + "type": "InternalServerError", + "code": 502 + } + } + + /v1/{prefix}/namespaces/{namespace}/views: + parameters: + - $ref: '#/components/parameters/prefix' + - $ref: '#/components/parameters/namespace' + + get: + tags: + - Catalog API + summary: List all view identifiers underneath a given namespace + description: Return all view identifiers under this namespace + operationId: listViews + parameters: + - $ref: '#/components/parameters/page-token' + - $ref: '#/components/parameters/page-size' + responses: + 200: + $ref: '#/components/responses/ListTablesResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - The namespace specified does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + examples: + NamespaceNotFound: + $ref: '#/components/examples/NoSuchNamespaceError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + post: + tags: + - Catalog API + summary: Create a view in the given namespace + description: + Create a view in the given namespace. + operationId: createView + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CreateViewRequest' + responses: + 200: + $ref: '#/components/responses/LoadViewResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: Not Found - The namespace specified does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + examples: + NamespaceNotFound: + $ref: '#/components/examples/NoSuchNamespaceError' + 409: + description: Conflict - The view already exists + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + examples: + NamespaceAlreadyExists: + $ref: '#/components/examples/ViewAlreadyExistsError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/namespaces/{namespace}/views/{view}: + parameters: + - $ref: '#/components/parameters/prefix' + - $ref: '#/components/parameters/namespace' + - $ref: '#/components/parameters/view' + + get: + tags: + - Catalog API + summary: Load a view from the catalog + operationId: loadView + description: + Load a view from the catalog. + + + The response contains both configuration and view metadata. The configuration, if non-empty is used + as additional configuration for the view that overrides catalog configuration. + + + The response also contains the view's full metadata, matching the view metadata JSON file. + + + The catalog configuration may contain credentials that should be used for subsequent requests for the + view. The configuration key "token" is used to pass an access token to be used as a bearer token + for view requests. Otherwise, a token may be passed using a RFC 8693 token type as a configuration + key. For example, "urn:ietf:params:oauth:token-type:jwt=". + responses: + 200: + $ref: '#/components/responses/LoadViewResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchViewException, view to load does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + examples: + ViewToLoadDoesNotExist: + $ref: '#/components/examples/NoSuchViewError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + post: + tags: + - Catalog API + summary: Replace a view + operationId: replaceView + description: + Commit updates to a view. + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CommitViewRequest' + responses: + 200: + $ref: '#/components/responses/LoadViewResponse' + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchViewException, view to load does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + examples: + ViewToUpdateDoesNotExist: + $ref: '#/components/examples/NoSuchViewError' + 409: + description: + Conflict - CommitFailedException. The client may retry. + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 500: + description: + An unknown server-side problem occurred; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + example: { + "error": { + "message": "Internal Server Error", + "type": "CommitStateUnknownException", + "code": 500 + } + } + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 502: + description: + A gateway or proxy received an invalid response from the upstream server; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + example: { + "error": { + "message": "Invalid response from the upstream server", + "type": "CommitStateUnknownException", + "code": 502 + } + } + 504: + description: + A server-side gateway timeout occurred; the commit state is unknown. + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + example: { + "error": { + "message": "Gateway timed out during commit", + "type": "CommitStateUnknownException", + "code": 504 + } + } + 5XX: + description: + A server-side problem that might not be addressable on the client. + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + example: { + "error": { + "message": "Bad Gateway", + "type": "InternalServerError", + "code": 502 + } + } + + delete: + tags: + - Catalog API + summary: Drop a view from the catalog + operationId: dropView + description: Remove a view from the catalog + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found - NoSuchViewException, view to drop does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + examples: + ViewToDeleteDoesNotExist: + $ref: '#/components/examples/NoSuchViewError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + head: + tags: + - Catalog API + summary: Check if a view exists + operationId: viewExists + description: + Check if a view exists within a given namespace. This request does not return a response body. + responses: + 204: + description: Success, no content + 400: + description: Bad Request + 401: + description: Unauthorized + 404: + description: Not Found + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + /v1/{prefix}/views/rename: + parameters: + - $ref: '#/components/parameters/prefix' + + post: + tags: + - Catalog API + summary: Rename a view from its current name to a new name + description: + Rename a view from one identifier to another. It's valid to move a view + across namespaces, but the server implementation is not required to support it. + operationId: renameView + requestBody: + description: Current view identifier to rename and new view identifier to rename to + content: + application/json: + schema: + $ref: '#/components/schemas/RenameTableRequest' + examples: + RenameViewSameNamespace: + $ref: '#/components/examples/RenameViewSameNamespace' + required: true + responses: + 204: + description: Success, no content + 400: + $ref: '#/components/responses/BadRequestErrorResponse' + 401: + $ref: '#/components/responses/UnauthorizedResponse' + 403: + $ref: '#/components/responses/ForbiddenResponse' + 404: + description: + Not Found + - NoSuchViewException, view to rename does not exist + - NoSuchNamespaceException, The target namespace of the new identifier does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + examples: + ViewToRenameDoesNotExist: + $ref: '#/components/examples/NoSuchViewError' + NamespaceToRenameToDoesNotExist: + $ref: '#/components/examples/NoSuchNamespaceError' + 406: + $ref: '#/components/responses/UnsupportedOperationResponse' + 409: + description: Conflict - The target identifier to rename to already exists as a table or view + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + example: + $ref: '#/components/examples/ViewAlreadyExistsError' + 419: + $ref: '#/components/responses/AuthenticationTimeoutResponse' + 503: + $ref: '#/components/responses/ServiceUnavailableResponse' + 5XX: + $ref: '#/components/responses/ServerErrorResponse' + + +components: + ####################################################### + # Common Parameter Definitions Used In Several Routes # + ####################################################### + parameters: + namespace: + name: namespace + in: path + required: true + description: + A namespace identifier as a single string. + Multipart namespace parts should be separated by the unit separator (`0x1F`) byte. + schema: + type: string + examples: + singlepart_namespace: + value: "accounting" + multipart_namespace: + value: "accounting%1Ftax" + + prefix: + name: prefix + in: path + schema: + type: string + required: true + description: An optional prefix in the path + + table: + name: table + in: path + description: A table name + required: true + schema: + type: string + example: "sales" + + view: + name: view + in: path + description: A view name + required: true + schema: + type: string + example: "sales" + + data-access: + name: X-Iceberg-Access-Delegation + in: header + description: > + Optional signal to the server that the client supports delegated access + via a comma-separated list of access mechanisms. The server may choose + to supply access via any or none of the requested mechanisms. + + + Specific properties and handling for `vended-credentials` is documented + in the `LoadTableResult` schema section of this spec document. + + + The protocol and specification for `remote-signing` is documented in + the `s3-signer-open-api.yaml` OpenApi spec in the `aws` module. + + required: false + schema: + type: string + enum: + - vended-credentials + - remote-signing + style: simple + explode: false + example: "vended-credentials,remote-signing" + + page-token: + name: pageToken + in: query + required: false + allowEmptyValue: true + schema: + $ref: '#/components/schemas/PageToken' + + page-size: + name: pageSize + in: query + description: + For servers that support pagination, this signals an upper bound of the number of results that a client will receive. + For servers that do not support pagination, clients may receive results larger than the indicated `pageSize`. + required: false + schema: + type: integer + minimum: 1 + + ############################## + # Application Schema Objects # + ############################## + schemas: + + ErrorModel: + type: object + description: JSON error payload returned in a response with further details on the error + required: + - message + - type + - code + properties: + message: + type: string + description: Human-readable error message + type: + type: string + description: Internal type definition of the error + example: NoSuchNamespaceException + code: + type: integer + minimum: 400 + maximum: 600 + description: HTTP response code + example: 404 + stack: + type: array + items: + type: string + + CatalogConfig: + type: object + description: Server-provided configuration for the catalog. + required: + - defaults + - overrides + properties: + overrides: + type: object + additionalProperties: + type: string + description: + Properties that should be used to override client configuration; applied after defaults and client configuration. + defaults: + type: object + additionalProperties: + type: string + description: + Properties that should be used as default configuration; applied before client configuration. + + CreateNamespaceRequest: + type: object + required: + - namespace + properties: + namespace: + $ref: '#/components/schemas/Namespace' + properties: + type: object + description: Configured string to string map of properties for the namespace + example: { "owner": "Hank Bendickson" } + default: { } + additionalProperties: + type: string + + UpdateNamespacePropertiesRequest: + type: object + properties: + removals: + type: array + uniqueItems: true + items: + type: string + example: [ "department", "access_group" ] + updates: + type: object + example: { "owner": "Hank Bendickson" } + additionalProperties: + type: string + + RenameTableRequest: + type: object + required: + - source + - destination + properties: + source: + $ref: '#/components/schemas/TableIdentifier' + destination: + $ref: '#/components/schemas/TableIdentifier' + + Namespace: + description: Reference to one or more levels of a namespace + type: array + items: + type: string + example: [ "accounting", "tax" ] + + PageToken: + description: + An opaque token that allows clients to make use of pagination for list APIs + (e.g. ListTables). Clients may initiate the first paginated request by sending an empty + query parameter `pageToken` to the server. + + Servers that support pagination should identify the `pageToken` parameter and return a + `next-page-token` in the response if there are more results available. After the initial + request, the value of `next-page-token` from each response must be used as the `pageToken` + parameter value for the next request. The server must return `null` value for the + `next-page-token` in the last response. + + Servers that support pagination must return all results in a single response with the value + of `next-page-token` set to `null` if the query parameter `pageToken` is not set in the + request. + + Servers that do not support pagination should ignore the `pageToken` parameter and return + all results in a single response. The `next-page-token` must be omitted from the response. + + Clients must interpret either `null` or missing response value of `next-page-token` as + the end of the listing results. + + type: string + nullable: true + + TableIdentifier: + type: object + required: + - namespace + - name + properties: + namespace: + $ref: '#/components/schemas/Namespace' + name: + type: string + nullable: false + + PrimitiveType: + type: string + example: + - "long" + - "string" + - "fixed[16]" + - "decimal(10,2)" + + StructField: + type: object + required: + - id + - name + - type + - required + properties: + id: + type: integer + name: + type: string + type: + $ref: '#/components/schemas/Type' + required: + type: boolean + doc: + type: string + + StructType: + type: object + required: + - type + - fields + properties: + type: + type: string + enum: ["struct"] + fields: + type: array + items: + $ref: '#/components/schemas/StructField' + + ListType: + type: object + required: + - type + - element-id + - element + - element-required + properties: + type: + type: string + enum: ["list"] + element-id: + type: integer + element: + $ref: '#/components/schemas/Type' + element-required: + type: boolean + + MapType: + type: object + required: + - type + - key-id + - key + - value-id + - value + - value-required + properties: + type: + type: string + enum: ["map"] + key-id: + type: integer + key: + $ref: '#/components/schemas/Type' + value-id: + type: integer + value: + $ref: '#/components/schemas/Type' + value-required: + type: boolean + + Type: + oneOf: + - $ref: '#/components/schemas/PrimitiveType' + - $ref: '#/components/schemas/StructType' + - $ref: '#/components/schemas/ListType' + - $ref: '#/components/schemas/MapType' + + Schema: + allOf: + - $ref: '#/components/schemas/StructType' + - type: object + properties: + schema-id: + type: integer + readOnly: true + identifier-field-ids: + type: array + items: + type: integer + + Expression: + oneOf: + - $ref: '#/components/schemas/AndOrExpression' + - $ref: '#/components/schemas/NotExpression' + - $ref: '#/components/schemas/SetExpression' + - $ref: '#/components/schemas/LiteralExpression' + - $ref: '#/components/schemas/UnaryExpression' + + ExpressionType: + type: string + example: + - "eq" + - "and" + - "or" + - "not" + - "in" + - "not-in" + - "lt" + - "lt-eq" + - "gt" + - "gt-eq" + - "not-eq" + - "starts-with" + - "not-starts-with" + - "is-null" + - "not-null" + - "is-nan" + - "not-nan" + + AndOrExpression: + type: object + required: + - type + - left + - right + properties: + type: + $ref: '#/components/schemas/ExpressionType' + enum: ["and", "or"] + left: + $ref: '#/components/schemas/Expression' + right: + $ref: '#/components/schemas/Expression' + + NotExpression: + type: object + required: + - type + - child + properties: + type: + $ref: '#/components/schemas/ExpressionType' + enum: ["not"] + child: + $ref: '#/components/schemas/Expression' + + UnaryExpression: + type: object + required: + - type + - term + - value + properties: + type: + $ref: '#/components/schemas/ExpressionType' + enum: ["is-null", "not-null", "is-nan", "not-nan"] + term: + $ref: '#/components/schemas/Term' + value: + type: object + + LiteralExpression: + type: object + required: + - type + - term + - value + properties: + type: + $ref: '#/components/schemas/ExpressionType' + enum: ["lt", "lt-eq", "gt", "gt-eq", "eq", "not-eq", "starts-with", "not-starts-with"] + term: + $ref: '#/components/schemas/Term' + value: + type: object + + SetExpression: + type: object + required: + - type + - term + - values + properties: + type: + $ref: '#/components/schemas/ExpressionType' + enum: ["in", "not-in"] + term: + $ref: '#/components/schemas/Term' + values: + type: array + items: + type: object + + Term: + oneOf: + - $ref: '#/components/schemas/Reference' + - $ref: '#/components/schemas/TransformTerm' + + Reference: + type: string + example: + - "column-name" + + TransformTerm: + type: object + required: + - type + - transform + - term + properties: + type: + type: string + enum: ["transform"] + transform: + $ref: '#/components/schemas/Transform' + term: + $ref: '#/components/schemas/Reference' + + Transform: + type: string + example: + - "identity" + - "year" + - "month" + - "day" + - "hour" + - "bucket[256]" + - "truncate[16]" + + PartitionField: + type: object + required: + - source-id + - transform + - name + properties: + field-id: + type: integer + source-id: + type: integer + name: + type: string + transform: + $ref: '#/components/schemas/Transform' + + PartitionSpec: + type: object + required: + - fields + properties: + spec-id: + type: integer + readOnly: true + fields: + type: array + items: + $ref: '#/components/schemas/PartitionField' + + SortDirection: + type: string + enum: ["asc", "desc"] + + NullOrder: + type: string + enum: ["nulls-first", "nulls-last"] + + SortField: + type: object + required: + - source-id + - transform + - direction + - null-order + properties: + source-id: + type: integer + transform: + $ref: '#/components/schemas/Transform' + direction: + $ref: '#/components/schemas/SortDirection' + null-order: + $ref: '#/components/schemas/NullOrder' + + SortOrder: + type: object + required: + - order-id + - fields + properties: + order-id: + type: integer + readOnly: true + fields: + type: array + items: + $ref: '#/components/schemas/SortField' + + Snapshot: + type: object + required: + - snapshot-id + - timestamp-ms + - manifest-list + - summary + properties: + snapshot-id: + type: integer + format: int64 + parent-snapshot-id: + type: integer + format: int64 + sequence-number: + type: integer + format: int64 + timestamp-ms: + type: integer + format: int64 + manifest-list: + type: string + description: Location of the snapshot's manifest list file + summary: + type: object + required: + - operation + properties: + operation: + type: string + enum: ["append", "replace", "overwrite", "delete"] + additionalProperties: + type: string + schema-id: + type: integer + + SnapshotReference: + type: object + required: + - type + - snapshot-id + properties: + type: + type: string + enum: ["tag", "branch"] + snapshot-id: + type: integer + format: int64 + max-ref-age-ms: + type: integer + format: int64 + max-snapshot-age-ms: + type: integer + format: int64 + min-snapshots-to-keep: + type: integer + + SnapshotReferences: + type: object + additionalProperties: + $ref: '#/components/schemas/SnapshotReference' + + SnapshotLog: + type: array + items: + type: object + required: + - snapshot-id + - timestamp-ms + properties: + snapshot-id: + type: integer + format: int64 + timestamp-ms: + type: integer + format: int64 + + MetadataLog: + type: array + items: + type: object + required: + - metadata-file + - timestamp-ms + properties: + metadata-file: + type: string + timestamp-ms: + type: integer + format: int64 + + TableMetadata: + type: object + required: + - format-version + - table-uuid + properties: + format-version: + type: integer + minimum: 1 + maximum: 2 + table-uuid: + type: string + location: + type: string + last-updated-ms: + type: integer + format: int64 + properties: + type: object + additionalProperties: + type: string + # schema tracking + schemas: + type: array + items: + $ref: '#/components/schemas/Schema' + current-schema-id: + type: integer + last-column-id: + type: integer + # partition spec tracking + partition-specs: + type: array + items: + $ref: '#/components/schemas/PartitionSpec' + default-spec-id: + type: integer + last-partition-id: + type: integer + # sort order tracking + sort-orders: + type: array + items: + $ref: '#/components/schemas/SortOrder' + default-sort-order-id: + type: integer + # snapshot tracking + snapshots: + type: array + items: + $ref: '#/components/schemas/Snapshot' + refs: + $ref: '#/components/schemas/SnapshotReferences' + current-snapshot-id: + type: integer + format: int64 + last-sequence-number: + type: integer + format: int64 + # logs + snapshot-log: + $ref: '#/components/schemas/SnapshotLog' + metadata-log: + $ref: '#/components/schemas/MetadataLog' + # statistics + statistics: + type: array + items: + $ref: '#/components/schemas/StatisticsFile' + partition-statistics: + type: array + items: + $ref: '#/components/schemas/PartitionStatisticsFile' + + SQLViewRepresentation: + type: object + required: + - type + - sql + - dialect + properties: + type: + type: string + sql: + type: string + dialect: + type: string + + ViewRepresentation: + oneOf: + - $ref: '#/components/schemas/SQLViewRepresentation' + + ViewHistoryEntry: + type: object + required: + - version-id + - timestamp-ms + properties: + version-id: + type: integer + timestamp-ms: + type: integer + format: int64 + + ViewVersion: + type: object + required: + - version-id + - timestamp-ms + - schema-id + - summary + - representations + - default-namespace + properties: + version-id: + type: integer + timestamp-ms: + type: integer + format: int64 + schema-id: + type: integer + description: Schema ID to set as current, or -1 to set last added schema + summary: + type: object + additionalProperties: + type: string + representations: + type: array + items: + $ref: '#/components/schemas/ViewRepresentation' + default-catalog: + type: string + default-namespace: + $ref: '#/components/schemas/Namespace' + + ViewMetadata: + type: object + required: + - view-uuid + - format-version + - location + - current-version-id + - versions + - version-log + - schemas + properties: + view-uuid: + type: string + format-version: + type: integer + minimum: 1 + maximum: 1 + location: + type: string + current-version-id: + type: integer + versions: + type: array + items: + $ref: '#/components/schemas/ViewVersion' + version-log: + type: array + items: + $ref: '#/components/schemas/ViewHistoryEntry' + schemas: + type: array + items: + $ref: '#/components/schemas/Schema' + properties: + type: object + additionalProperties: + type: string + + BaseUpdate: + discriminator: + propertyName: action + mapping: + assign-uuid: '#/components/schemas/AssignUUIDUpdate' + upgrade-format-version: '#/components/schemas/UpgradeFormatVersionUpdate' + add-schema: '#/components/schemas/AddSchemaUpdate' + set-current-schema: '#/components/schemas/SetCurrentSchemaUpdate' + add-spec: '#/components/schemas/AddPartitionSpecUpdate' + set-default-spec: '#/components/schemas/SetDefaultSpecUpdate' + add-sort-order: '#/components/schemas/AddSortOrderUpdate' + set-default-sort-order: '#/components/schemas/SetDefaultSortOrderUpdate' + add-snapshot: '#/components/schemas/AddSnapshotUpdate' + set-snapshot-ref: '#/components/schemas/SetSnapshotRefUpdate' + remove-snapshots: '#/components/schemas/RemoveSnapshotsUpdate' + remove-snapshot-ref: '#/components/schemas/RemoveSnapshotRefUpdate' + set-location: '#/components/schemas/SetLocationUpdate' + set-properties: '#/components/schemas/SetPropertiesUpdate' + remove-properties: '#/components/schemas/RemovePropertiesUpdate' + add-view-version: '#/components/schemas/AddViewVersionUpdate' + set-current-view-version: '#/components/schemas/SetCurrentViewVersionUpdate' + set-statistics: '#/components/schemas/SetStatisticsUpdate' + remove-statistics: '#/components/schemas/RemoveStatisticsUpdate' + set-partition-statistics: '#/components/schemas/SetPartitionStatisticsUpdate' + remove-partition-statistics: '#/components/schemas/RemovePartitionStatisticsUpdate' + type: object + required: + - action + properties: + action: + type: string + + AssignUUIDUpdate: + description: Assigning a UUID to a table/view should only be done when creating the table/view. It is not safe to re-assign the UUID if a table/view already has a UUID assigned + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - uuid + properties: + action: + type: string + enum: ["assign-uuid"] + uuid: + type: string + + UpgradeFormatVersionUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - format-version + properties: + action: + type: string + enum: ["upgrade-format-version"] + format-version: + type: integer + + AddSchemaUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - schema + properties: + action: + type: string + enum: ["add-schema"] + schema: + $ref: '#/components/schemas/Schema' + last-column-id: + type: integer + description: The highest assigned column ID for the table. This is used to ensure columns are always assigned an unused ID when evolving schemas. When omitted, it will be computed on the server side. + + SetCurrentSchemaUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - schema-id + properties: + action: + type: string + enum: ["set-current-schema"] + schema-id: + type: integer + description: Schema ID to set as current, or -1 to set last added schema + + AddPartitionSpecUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - spec + properties: + action: + type: string + enum: ["add-spec"] + spec: + $ref: '#/components/schemas/PartitionSpec' + + SetDefaultSpecUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - spec-id + properties: + action: + type: string + enum: [ "set-default-spec" ] + spec-id: + type: integer + description: Partition spec ID to set as the default, or -1 to set last added spec + + AddSortOrderUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - sort-order + properties: + action: + type: string + enum: [ "add-sort-order" ] + sort-order: + $ref: '#/components/schemas/SortOrder' + + SetDefaultSortOrderUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - sort-order-id + properties: + action: + type: string + enum: [ "set-default-sort-order" ] + sort-order-id: + type: integer + description: Sort order ID to set as the default, or -1 to set last added sort order + + AddSnapshotUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - snapshot + properties: + action: + type: string + enum: [ "add-snapshot" ] + snapshot: + $ref: '#/components/schemas/Snapshot' + + SetSnapshotRefUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + - $ref: '#/components/schemas/SnapshotReference' + required: + - action + - ref-name + properties: + action: + type: string + enum: [ "set-snapshot-ref" ] + ref-name: + type: string + + RemoveSnapshotsUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - snapshot-ids + properties: + action: + type: string + enum: [ "remove-snapshots" ] + snapshot-ids: + type: array + items: + type: integer + format: int64 + + RemoveSnapshotRefUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - ref-name + properties: + action: + type: string + enum: [ "remove-snapshot-ref" ] + ref-name: + type: string + + SetLocationUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - location + properties: + action: + type: string + enum: [ "set-location" ] + location: + type: string + + SetPropertiesUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - updates + properties: + action: + type: string + enum: [ "set-properties" ] + updates: + type: object + additionalProperties: + type: string + + RemovePropertiesUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - removals + properties: + action: + type: string + enum: [ "remove-properties" ] + removals: + type: array + items: + type: string + + AddViewVersionUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - view-version + properties: + action: + type: string + enum: [ "add-view-version" ] + view-version: + $ref: '#/components/schemas/ViewVersion' + + SetCurrentViewVersionUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - view-version-id + properties: + action: + type: string + enum: [ "set-current-view-version" ] + view-version-id: + type: integer + description: The view version id to set as current, or -1 to set last added view version id + + SetStatisticsUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - snapshot-id + - statistics + properties: + action: + type: string + enum: [ "set-statistics" ] + snapshot-id: + type: integer + format: int64 + statistics: + $ref: '#/components/schemas/StatisticsFile' + + RemoveStatisticsUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - snapshot-id + properties: + action: + type: string + enum: [ "remove-statistics" ] + snapshot-id: + type: integer + format: int64 + + SetPartitionStatisticsUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - partition-statistics + properties: + action: + type: string + enum: [ "set-partition-statistics" ] + partition-statistics: + $ref: '#/components/schemas/PartitionStatisticsFile' + + RemovePartitionStatisticsUpdate: + allOf: + - $ref: '#/components/schemas/BaseUpdate' + required: + - action + - snapshot-id + properties: + action: + type: string + enum: [ "remove-partition-statistics" ] + snapshot-id: + type: integer + format: int64 + + TableUpdate: + anyOf: + - $ref: '#/components/schemas/AssignUUIDUpdate' + - $ref: '#/components/schemas/UpgradeFormatVersionUpdate' + - $ref: '#/components/schemas/AddSchemaUpdate' + - $ref: '#/components/schemas/SetCurrentSchemaUpdate' + - $ref: '#/components/schemas/AddPartitionSpecUpdate' + - $ref: '#/components/schemas/SetDefaultSpecUpdate' + - $ref: '#/components/schemas/AddSortOrderUpdate' + - $ref: '#/components/schemas/SetDefaultSortOrderUpdate' + - $ref: '#/components/schemas/AddSnapshotUpdate' + - $ref: '#/components/schemas/SetSnapshotRefUpdate' + - $ref: '#/components/schemas/RemoveSnapshotsUpdate' + - $ref: '#/components/schemas/RemoveSnapshotRefUpdate' + - $ref: '#/components/schemas/SetLocationUpdate' + - $ref: '#/components/schemas/SetPropertiesUpdate' + - $ref: '#/components/schemas/RemovePropertiesUpdate' + - $ref: '#/components/schemas/SetStatisticsUpdate' + - $ref: '#/components/schemas/RemoveStatisticsUpdate' + + ViewUpdate: + anyOf: + - $ref: '#/components/schemas/AssignUUIDUpdate' + - $ref: '#/components/schemas/UpgradeFormatVersionUpdate' + - $ref: '#/components/schemas/AddSchemaUpdate' + - $ref: '#/components/schemas/SetLocationUpdate' + - $ref: '#/components/schemas/SetPropertiesUpdate' + - $ref: '#/components/schemas/RemovePropertiesUpdate' + - $ref: '#/components/schemas/AddViewVersionUpdate' + - $ref: '#/components/schemas/SetCurrentViewVersionUpdate' + + TableRequirement: + type: object + discriminator: + propertyName: type + mapping: + assert-create: '#/components/schemas/AssertCreate' + assert-table-uuid: '#/components/schemas/AssertTableUUID' + assert-ref-snapshot-id: '#/components/schemas/AssertRefSnapshotId' + assert-last-assigned-field-id: '#/components/schemas/AssertLastAssignedFieldId' + assert-current-schema-id: '#/components/schemas/AssertCurrentSchemaId' + assert-last-assigned-partition-id: '#/components/schemas/AssertLastAssignedPartitionId' + assert-default-spec-id: '#/components/schemas/AssertDefaultSpecId' + assert-default-sort-order-id: '#/components/schemas/AssertDefaultSortOrderId' + oneOf: + - $ref: '#/components/schemas/AssertCreate' + - $ref: '#/components/schemas/AssertTableUUID' + - $ref: '#/components/schemas/AssertRefSnapshotId' + - $ref: '#/components/schemas/AssertLastAssignedFieldId' + - $ref: '#/components/schemas/AssertCurrentSchemaId' + - $ref: '#/components/schemas/AssertLastAssignedPartitionId' + - $ref: '#/components/schemas/AssertDefaultSpecId' + - $ref: '#/components/schemas/AssertDefaultSortOrderId' + + AssertCreate: + type: object + description: The table must not already exist; used for create transactions + required: + - type + properties: + type: + type: string + enum: ["assert-create"] + + AssertTableUUID: + description: The table UUID must match the requirement's `uuid` + required: + - type + - uuid + properties: + type: + type: string + enum: ["assert-table-uuid"] + uuid: + type: string + + AssertRefSnapshotId: + description: + The table branch or tag identified by the requirement's `ref` must reference the requirement's `snapshot-id`; + if `snapshot-id` is `null` or missing, the ref must not already exist + required: + - type + - ref + - snapshot-id + properties: + type: + type: string + enum: [ "assert-ref-snapshot-id" ] + ref: + type: string + snapshot-id: + type: integer + format: int64 + + AssertLastAssignedFieldId: + description: + The table's last assigned column id must match the requirement's `last-assigned-field-id` + required: + - type + - last-assigned-field-id + properties: + type: + type: string + enum: [ "assert-last-assigned-field-id" ] + last-assigned-field-id: + type: integer + + AssertCurrentSchemaId: + description: + The table's current schema id must match the requirement's `current-schema-id` + required: + - type + - current-schema-id + properties: + type: + type: string + enum: [ "assert-current-schema-id" ] + current-schema-id: + type: integer + + AssertLastAssignedPartitionId: + description: + The table's last assigned partition id must match the requirement's `last-assigned-partition-id` + required: + - type + - last-assigned-partition-id + properties: + type: + type: string + enum: [ "assert-last-assigned-partition-id" ] + last-assigned-partition-id: + type: integer + + AssertDefaultSpecId: + description: + The table's default spec id must match the requirement's `default-spec-id` + required: + - type + - default-spec-id + properties: + type: + type: string + enum: [ "assert-default-spec-id" ] + default-spec-id: + type: integer + + AssertDefaultSortOrderId: + description: + The table's default sort order id must match the requirement's `default-sort-order-id` + required: + - type + - default-sort-order-id + properties: + type: + type: string + enum: [ "assert-default-sort-order-id" ] + default-sort-order-id: + type: integer + + ViewRequirement: + type: object + discriminator: + propertyName: type + mapping: + assert-view-uuid: '#/components/schemas/AssertViewUUID' + oneOf: + - $ref: '#/components/schemas/AssertViewUUID' + + AssertViewUUID: + description: The view UUID must match the requirement's `uuid` + required: + - type + - uuid + properties: + type: + type: string + enum: [ "assert-view-uuid" ] + uuid: + type: string + + LoadTableResult: + description: | + Result used when a table is successfully loaded. + + + The table metadata JSON is returned in the `metadata` field. The corresponding file location of table metadata should be returned in the `metadata-location` field, unless the metadata is not yet committed. For example, a create transaction may return metadata that is staged but not committed. + Clients can check whether metadata has changed by comparing metadata locations after the table has been created. + + + The `config` map returns table-specific configuration for the table's resources, including its HTTP client and FileIO. For example, config may contain a specific FileIO implementation class for the table depending on its underlying storage. + + + The following configurations should be respected by clients: + + ## General Configurations + + - `token`: Authorization bearer token to use for table requests if OAuth2 security is enabled + + ## AWS Configurations + + The following configurations should be respected when working with tables stored in AWS S3 + - `client.region`: region to configure client for making requests to AWS + - `s3.access-key-id`: id for for credentials that provide access to the data in S3 + - `s3.secret-access-key`: secret for credentials that provide access to data in S3 + - `s3.session-token`: if present, this value should be used for as the session token + - `s3.remote-signing-enabled`: if `true` remote signing should be performed as described in the `s3-signer-open-api.yaml` specification + type: object + required: + - metadata + properties: + metadata-location: + type: string + description: May be null if the table is staged as part of a transaction + metadata: + $ref: '#/components/schemas/TableMetadata' + config: + type: object + additionalProperties: + type: string + + CommitTableRequest: + type: object + required: + - requirements + - updates + properties: + identifier: + description: Table identifier to update; must be present for CommitTransactionRequest + $ref: '#/components/schemas/TableIdentifier' + requirements: + type: array + items: + $ref: '#/components/schemas/TableRequirement' + updates: + type: array + items: + $ref: '#/components/schemas/TableUpdate' + + CommitViewRequest: + type: object + required: + - updates + properties: + identifier: + description: View identifier to update + $ref: '#/components/schemas/TableIdentifier' + requirements: + type: array + items: + $ref: '#/components/schemas/ViewRequirement' + updates: + type: array + items: + $ref: '#/components/schemas/ViewUpdate' + + CommitTransactionRequest: + type: object + required: + - table-changes + properties: + table-changes: + type: array + items: + description: Table commit request; must provide an `identifier` + $ref: '#/components/schemas/CommitTableRequest' + + CreateTableRequest: + type: object + required: + - name + - schema + properties: + name: + type: string + location: + type: string + schema: + $ref: '#/components/schemas/Schema' + partition-spec: + $ref: '#/components/schemas/PartitionSpec' + write-order: + $ref: '#/components/schemas/SortOrder' + stage-create: + type: boolean + properties: + type: object + additionalProperties: + type: string + + RegisterTableRequest: + type: object + required: + - name + - metadata-location + properties: + name: + type: string + metadata-location: + type: string + + CreateViewRequest: + type: object + required: + - name + - schema + - view-version + - properties + properties: + name: + type: string + location: + type: string + schema: + $ref: '#/components/schemas/Schema' + view-version: + $ref: '#/components/schemas/ViewVersion' + description: The view version to create, will replace the schema-id sent within the view-version with the id assigned to the provided schema + properties: + type: object + additionalProperties: + type: string + + LoadViewResult: + description: | + Result used when a view is successfully loaded. + + + The view metadata JSON is returned in the `metadata` field. The corresponding file location of view metadata is returned in the `metadata-location` field. + Clients can check whether metadata has changed by comparing metadata locations after the view has been created. + + The `config` map returns view-specific configuration for the view's resources. + + The following configurations should be respected by clients: + + ## General Configurations + + - `token`: Authorization bearer token to use for view requests if OAuth2 security is enabled + + type: object + required: + - metadata-location + - metadata + properties: + metadata-location: + type: string + metadata: + $ref: '#/components/schemas/ViewMetadata' + config: + type: object + additionalProperties: + type: string + + TokenType: + type: string + enum: + - urn:ietf:params:oauth:token-type:access_token + - urn:ietf:params:oauth:token-type:refresh_token + - urn:ietf:params:oauth:token-type:id_token + - urn:ietf:params:oauth:token-type:saml1 + - urn:ietf:params:oauth:token-type:saml2 + - urn:ietf:params:oauth:token-type:jwt + description: + Token type identifier, from RFC 8693 Section 3 + + + See https://datatracker.ietf.org/doc/html/rfc8693#section-3 + + OAuthClientCredentialsRequest: + deprecated: true + description: + The `oauth/tokens` endpoint and related schemas are **DEPRECATED for REMOVAL** from this + spec, see description of the endpoint. + + + OAuth2 client credentials request + + + See https://datatracker.ietf.org/doc/html/rfc6749#section-4.4 + type: object + required: + - grant_type + - client_id + - client_secret + properties: + grant_type: + type: string + enum: + - client_credentials + scope: + type: string + client_id: + type: string + description: + Client ID + + + This can be sent in the request body, but OAuth2 recommends sending it in + a Basic Authorization header. + client_secret: + type: string + description: + Client secret + + + This can be sent in the request body, but OAuth2 recommends sending it in + a Basic Authorization header. + + OAuthTokenExchangeRequest: + deprecated: true + description: + The `oauth/tokens` endpoint and related schemas are **DEPRECATED for REMOVAL** from this + spec, see description of the endpoint. + + + OAuth2 token exchange request + + + See https://datatracker.ietf.org/doc/html/rfc8693 + type: object + required: + - grant_type + - subject_token + - subject_token_type + properties: + grant_type: + type: string + enum: + - urn:ietf:params:oauth:grant-type:token-exchange + scope: + type: string + requested_token_type: + $ref: '#/components/schemas/TokenType' + subject_token: + type: string + description: Subject token for token exchange request + subject_token_type: + $ref: '#/components/schemas/TokenType' + actor_token: + type: string + description: Actor token for token exchange request + actor_token_type: + $ref: '#/components/schemas/TokenType' + + OAuthTokenRequest: + deprecated: true + description: + The `oauth/tokens` endpoint and related schemas are **DEPRECATED for REMOVAL** from this + spec, see description of the endpoint. + anyOf: + - $ref: '#/components/schemas/OAuthClientCredentialsRequest' + - $ref: '#/components/schemas/OAuthTokenExchangeRequest' + + CounterResult: + type: object + required: + - unit + - value + properties: + unit: + type: string + value: + type: integer + format: int64 + + TimerResult: + type: object + required: + - time-unit + - count + - total-duration + properties: + time-unit: + type: string + count: + type: integer + format: int64 + total-duration: + type: integer + format: int64 + + MetricResult: + anyOf: + - $ref: '#/components/schemas/CounterResult' + - $ref: '#/components/schemas/TimerResult' + + Metrics: + type: object + additionalProperties: + $ref: '#/components/schemas/MetricResult' + example: + "metrics": { + "total-planning-duration": { + "count": 1, + "time-unit": "nanoseconds", + "total-duration": 2644235116 + }, + "result-data-files": { + "unit": "count", + "value": 1, + }, + "result-delete-files": { + "unit": "count", + "value": 0, + }, + "total-data-manifests": { + "unit": "count", + "value": 1, + }, + "total-delete-manifests": { + "unit": "count", + "value": 0, + }, + "scanned-data-manifests": { + "unit": "count", + "value": 1, + }, + "skipped-data-manifests": { + "unit": "count", + "value": 0, + }, + "total-file-size-bytes": { + "unit": "bytes", + "value": 10, + }, + "total-delete-file-size-bytes": { + "unit": "bytes", + "value": 0, + } + } + + ReportMetricsRequest: + anyOf: + - $ref: '#/components/schemas/ScanReport' + - $ref: '#/components/schemas/CommitReport' + required: + - report-type + properties: + report-type: + type: string + + ScanReport: + type: object + required: + - table-name + - snapshot-id + - filter + - schema-id + - projected-field-ids + - projected-field-names + - metrics + properties: + table-name: + type: string + snapshot-id: + type: integer + format: int64 + filter: + $ref: '#/components/schemas/Expression' + schema-id: + type: integer + projected-field-ids: + type: array + items: + type: integer + projected-field-names: + type: array + items: + type: string + metrics: + $ref: '#/components/schemas/Metrics' + metadata: + type: object + additionalProperties: + type: string + + CommitReport: + type: object + required: + - table-name + - snapshot-id + - sequence-number + - operation + - metrics + properties: + table-name: + type: string + snapshot-id: + type: integer + format: int64 + sequence-number: + type: integer + format: int64 + operation: + type: string + metrics: + $ref: '#/components/schemas/Metrics' + metadata: + type: object + additionalProperties: + type: string + + OAuthError: + deprecated: true + description: + The `oauth/tokens` endpoint and related schemas are **DEPRECATED for REMOVAL** from this + spec, see description of the endpoint. + type: object + required: + - error + properties: + error: + type: string + enum: + - invalid_request + - invalid_client + - invalid_grant + - unauthorized_client + - unsupported_grant_type + - invalid_scope + error_description: + type: string + error_uri: + type: string + + OAuthTokenResponse: + deprecated: true + description: + The `oauth/tokens` endpoint and related schemas are **DEPRECATED for REMOVAL** from this + spec, see description of the endpoint. + type: object + required: + - access_token + - token_type + properties: + access_token: + type: string + description: + The access token, for client credentials or token exchange + token_type: + type: string + enum: + - bearer + - mac + - N_A + description: + Access token type for client credentials or token exchange + + + See https://datatracker.ietf.org/doc/html/rfc6749#section-7.1 + expires_in: + type: integer + description: + Lifetime of the access token in seconds for client credentials or token exchange + issued_token_type: + $ref: '#/components/schemas/TokenType' + refresh_token: + type: string + description: Refresh token for client credentials or token exchange + scope: + type: string + description: Authorization scope for client credentials or token exchange + + IcebergErrorResponse: + description: JSON wrapper for all error responses (non-2xx) + type: object + required: + - error + properties: + error: + $ref: '#/components/schemas/ErrorModel' + additionalProperties: false + example: + { + "error": { + "message": "The server does not support this operation", + "type": "UnsupportedOperationException", + "code": 406 + } + } + + CreateNamespaceResponse: + type: object + required: + - namespace + properties: + namespace: + $ref: '#/components/schemas/Namespace' + properties: + type: object + additionalProperties: + type: string + description: + Properties stored on the namespace, if supported by the server. + example: { "owner": "Ralph", "created_at": "1452120468" } + default: { } + + GetNamespaceResponse: + type: object + required: + - namespace + properties: + namespace: + $ref: '#/components/schemas/Namespace' + properties: + type: object + description: + Properties stored on the namespace, if supported by the server. + If the server does not support namespace properties, it should return null for this field. + If namespace properties are supported, but none are set, it should return an empty object. + additionalProperties: + type: string + example: { "owner": "Ralph", 'transient_lastDdlTime': '1452120468' } + default: { } + nullable: true + + ListTablesResponse: + type: object + properties: + next-page-token: + $ref: '#/components/schemas/PageToken' + identifiers: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/TableIdentifier' + + ListNamespacesResponse: + type: object + properties: + next-page-token: + $ref: '#/components/schemas/PageToken' + namespaces: + type: array + uniqueItems: true + items: + $ref: '#/components/schemas/Namespace' + + UpdateNamespacePropertiesResponse: + type: object + required: + - updated + - removed + properties: + updated: + description: List of property keys that were added or updated + type: array + uniqueItems: true + items: + type: string + removed: + description: List of properties that were removed + type: array + items: + type: string + missing: + type: array + items: + type: string + description: + List of properties requested for removal that were not found + in the namespace's properties. Represents a partial success response. + Server's do not need to implement this. + nullable: true + + CommitTableResponse: + type: object + required: + - metadata-location + - metadata + properties: + metadata-location: + type: string + metadata: + $ref: '#/components/schemas/TableMetadata' + + StatisticsFile: + type: object + required: + - snapshot-id + - statistics-path + - file-size-in-bytes + - file-footer-size-in-bytes + - blob-metadata + properties: + snapshot-id: + type: integer + format: int64 + statistics-path: + type: string + file-size-in-bytes: + type: integer + format: int64 + file-footer-size-in-bytes: + type: integer + format: int64 + blob-metadata: + type: array + items: + $ref: '#/components/schemas/BlobMetadata' + + BlobMetadata: + type: object + required: + - type + - snapshot-id + - sequence-number + - fields + properties: + type: + type: string + snapshot-id: + type: integer + format: int64 + sequence-number: + type: integer + format: int64 + fields: + type: array + items: + type: integer + properties: + type: object + additionalProperties: + type: string + + PartitionStatisticsFile: + type: object + required: + - snapshot-id + - statistics-path + - file-size-in-bytes + properties: + snapshot-id: + type: integer + format: int64 + statistics-path: + type: string + file-size-in-bytes: + type: integer + format: int64 + + BooleanTypeValue: + type: boolean + example: true + + IntegerTypeValue: + type: integer + example: 42 + + LongTypeValue: + type: integer + format: int64 + example: 9223372036854775807 + + FloatTypeValue: + type: number + format: float + example: 3.14 + + DoubleTypeValue: + type: number + format: double + example: 123.456 + + DecimalTypeValue: + type: string + description: + "Decimal type values are serialized as strings. Decimals with a positive scale serialize as numeric plain + text, while decimals with a negative scale use scientific notation and the exponent will be equal to the + negated scale. For instance, a decimal with a positive scale is '123.4500', with zero scale is '2', + and with a negative scale is '2E+20'" + example: "123.4500" + + StringTypeValue: + type: string + example: "hello" + + UUIDTypeValue: + type: string + format: uuid + pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$' + maxLength: 36 + minLength: 36 + description: + "UUID type values are serialized as a 36-character lowercase string in standard UUID format as specified + by RFC-4122" + example: "eb26bdb1-a1d8-4aa6-990e-da940875492c" + + DateTypeValue: + type: string + format: date + description: + "Date type values follow the 'YYYY-MM-DD' ISO-8601 standard date format" + example: "2007-12-03" + + TimeTypeValue: + type: string + description: + "Time type values follow the 'HH:MM:SS.ssssss' ISO-8601 format with microsecond precision" + example: "22:31:08.123456" + + TimestampTypeValue: + type: string + description: + "Timestamp type values follow the 'YYYY-MM-DDTHH:MM:SS.ssssss' ISO-8601 format with microsecond precision" + example: "2007-12-03T10:15:30.123456" + + TimestampTzTypeValue: + type: string + description: + "TimestampTz type values follow the 'YYYY-MM-DDTHH:MM:SS.ssssss+00:00' ISO-8601 format with microsecond precision, + and a timezone offset (+00:00 for UTC)" + example: "2007-12-03T10:15:30.123456+00:00" + + TimestampNanoTypeValue: + type: string + description: + "Timestamp_ns type values follow the 'YYYY-MM-DDTHH:MM:SS.sssssssss' ISO-8601 format with nanosecond precision" + example: "2007-12-03T10:15:30.123456789" + + TimestampTzNanoTypeValue: + type: string + description: + "Timestamp_ns type values follow the 'YYYY-MM-DDTHH:MM:SS.sssssssss+00:00' ISO-8601 format with nanosecond + precision, and a timezone offset (+00:00 for UTC)" + example: "2007-12-03T10:15:30.123456789+00:00" + + FixedTypeValue: + type: string + description: + "Fixed length type values are stored and serialized as an uppercase hexadecimal string + preserving the fixed length" + example: "78797A" + + BinaryTypeValue: + type: string + description: + "Binary type values are stored and serialized as an uppercase hexadecimal string" + example: "78797A" + + CountMap: + type: object + properties: + keys: + type: array + items: + $ref: '#/components/schemas/IntegerTypeValue' + description: "List of integer column ids for each corresponding value" + values: + type: array + items: + $ref: '#/components/schemas/LongTypeValue' + description: "List of Long values, matched to 'keys' by index" + example: + { + "keys": [ 1, 2 ], + "values": [ 100,200 ] + } + + ValueMap: + type: object + properties: + keys: + type: array + items: + $ref: '#/components/schemas/IntegerTypeValue' + description: "List of integer column ids for each corresponding value" + values: + type: array + items: + $ref: '#/components/schemas/PrimitiveTypeValue' + description: "List of primitive type values, matched to 'keys' by index" + example: + { + "keys": [ 1, 2 ], + "values": [ 100, "test" ] + } + + PrimitiveTypeValue: + oneOf: + - $ref: '#/components/schemas/BooleanTypeValue' + - $ref: '#/components/schemas/IntegerTypeValue' + - $ref: '#/components/schemas/LongTypeValue' + - $ref: '#/components/schemas/FloatTypeValue' + - $ref: '#/components/schemas/DoubleTypeValue' + - $ref: '#/components/schemas/DecimalTypeValue' + - $ref: '#/components/schemas/StringTypeValue' + - $ref: '#/components/schemas/UUIDTypeValue' + - $ref: '#/components/schemas/DateTypeValue' + - $ref: '#/components/schemas/TimeTypeValue' + - $ref: '#/components/schemas/TimestampTypeValue' + - $ref: '#/components/schemas/TimestampTzTypeValue' + - $ref: '#/components/schemas/TimestampNanoTypeValue' + - $ref: '#/components/schemas/TimestampTzNanoTypeValue' + - $ref: '#/components/schemas/FixedTypeValue' + - $ref: '#/components/schemas/BinaryTypeValue' + + FileFormat: + type: string + enum: + - avro + - orc + - parquet + + ContentFile: + discriminator: + propertyName: content + mapping: + data: '#/components/schemas/DataFile' + position-deletes: '#/components/schemas/PositionDeleteFile' + equality-deletes: '#/components/schemas/EqualityDeleteFile' + type: object + required: + - spec-id + - content + - file-path + - file-format + - file-size-in-bytes + - record-count + properties: + content: + type: string + file-path: + type: string + file-format: + $ref: '#/components/schemas/FileFormat' + spec-id: + type: integer + partition: + type: array + items: + $ref: '#/components/schemas/PrimitiveTypeValue' + description: + "A list of partition field values ordered based on the fields of the partition spec specified by the + `spec-id`" + example: [1, "bar"] + file-size-in-bytes: + type: integer + format: int64 + description: "Total file size in bytes" + record-count: + type: integer + format: int64 + description: "Number of records in the file" + key-metadata: + allOf: + - $ref: '#/components/schemas/BinaryTypeValue' + description: "Encryption key metadata blob" + split-offsets: + type: array + items: + type: integer + format: int64 + description: "List of splittable offsets" + sort-order-id: + type: integer + + DataFile: + allOf: + - $ref: '#/components/schemas/ContentFile' + type: object + required: + - content + properties: + content: + type: string + enum: [ "data" ] + column-sizes: + allOf: + - $ref: '#/components/schemas/CountMap' + description: "Map of column id to total count, including null and NaN" + value-counts: + allOf: + - $ref: '#/components/schemas/CountMap' + description: "Map of column id to null value count" + null-value-counts: + allOf: + - $ref: '#/components/schemas/CountMap' + description: "Map of column id to null value count" + nan-value-counts: + allOf: + - $ref: '#/components/schemas/CountMap' + description: "Map of column id to number of NaN values in the column" + lower-bounds: + allOf: + - $ref: '#/components/schemas/ValueMap' + description: "Map of column id to lower bound primitive type values" + upper-bounds: + allOf: + - $ref: '#/components/schemas/ValueMap' + description: "Map of column id to upper bound primitive type values" + + PositionDeleteFile: + allOf: + - $ref: '#/components/schemas/ContentFile' + required: + - content + properties: + content: + type: string + enum: [ "position-deletes" ] + + EqualityDeleteFile: + allOf: + - $ref: '#/components/schemas/ContentFile' + required: + - content + properties: + content: + type: string + enum: [ "equality-deletes" ] + equality-ids: + type: array + items: + type: integer + description: "List of equality field IDs" + + ############################# + # Reusable Response Objects # + ############################# + responses: + + OAuthTokenResponse: + description: OAuth2 token response for client credentials or token exchange + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthTokenResponse' + + OAuthErrorResponse: + description: OAuth2 error response + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthError' + + BadRequestErrorResponse: + description: + Indicates a bad request error. It could be caused by an unexpected request + body format or other forms of request validation failure, such as invalid json. + Usually serves application/json content, although in some cases simple text/plain content might + be returned by the server's middleware. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Malformed request", + "type": "BadRequestException", + "code": 400 + } + } + + # Note that this is a representative example response for use as a shorthand in the spec. + # The fields `message` and `type` as indicated here are not presently prescriptive. + UnauthorizedResponse: + description: + Unauthorized. Authentication is required and has failed or has not yet been provided. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Not authorized to make this request", + "type": "NotAuthorizedException", + "code": 401 + } + } + + # Note that this is a representative example response for use as a shorthand in the spec. + # The fields `message` and `type` as indicated here are not presently prescriptive. + ForbiddenResponse: + description: Forbidden. Authenticated user does not have the necessary permissions. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Not authorized to make this request", + "type": "NotAuthorizedException", + "code": 403 + } + } + + # Note that this is a representative example response for use as a shorthand in the spec. + # The fields `message` and `type` as indicated here are not presently prescriptive. + UnsupportedOperationResponse: + description: Not Acceptable / Unsupported Operation. The server does not support this operation. + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorModel' + example: { + "error": { + "message": "The server does not support this operation", + "type": "UnsupportedOperationException", + "code": 406 + } + } + + IcebergErrorResponse: + description: JSON wrapper for all error responses (non-2xx) + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "The server does not support this operation", + "type": "UnsupportedOperationException", + "code": 406 + } } + + CreateNamespaceResponse: + description: + Represents a successful call to create a namespace. + Returns the namespace created, as well as any properties that were stored for the namespace, + including those the server might have added. Implementations are not required to support namespace + properties. + content: + application/json: + schema: + $ref: '#/components/schemas/CreateNamespaceResponse' + example: { + "namespace": ["accounting", "tax"], + "properties": { "owner": "Ralph", "created_at": "1452120468" } + } + + GetNamespaceResponse: + description: + Returns a namespace, as well as any properties stored on the namespace if namespace properties + are supported by the server. + content: + application/json: + schema: + $ref: '#/components/schemas/GetNamespaceResponse' + + ListTablesResponse: + description: A list of table identifiers + content: + application/json: + schema: + $ref: '#/components/schemas/ListTablesResponse' + examples: + ListTablesResponseNonEmpty: + $ref: '#/components/examples/ListTablesNonEmptyExample' + ListTablesResponseEmpty: + $ref: '#/components/examples/ListTablesEmptyExample' + + ListNamespacesResponse: + description: A list of namespaces + content: + application/json: + schema: + $ref: '#/components/schemas/ListNamespacesResponse' + examples: + NonEmptyResponse: + $ref: '#/components/examples/ListNamespacesNonEmptyExample' + EmptyResponse: + $ref: '#/components/examples/ListNamespacesEmptyExample' + + AuthenticationTimeoutResponse: + description: + Credentials have timed out. If possible, the client should refresh credentials and retry. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Credentials have timed out", + "type": "AuthenticationTimeoutException", + "code": 419 + } + } + + ServiceUnavailableResponse: + description: + The service is not ready to handle the request. The client should wait and retry. + + + The service may additionally send a Retry-After header to indicate when to retry. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Slow down", + "type": "SlowDownException", + "code": 503 + } + } + + ServerErrorResponse: + description: + A server-side problem that might not be addressable from the client + side. Used for server 5xx errors without more specific documentation in + individual routes. + content: + application/json: + schema: + $ref: '#/components/schemas/IcebergErrorResponse' + example: { + "error": { + "message": "Internal Server Error", + "type": "InternalServerError", + "code": 500 + } + } + + UpdateNamespacePropertiesResponse: + description: JSON data response for a synchronous update properties request. + content: + application/json: + schema: + $ref: '#/components/schemas/UpdateNamespacePropertiesResponse' + example: { + "updated": [ "owner" ], + "removed": [ "foo" ], + "missing": [ "bar" ] + } + + CreateTableResponse: + description: Table metadata result after creating a table + content: + application/json: + schema: + $ref: '#/components/schemas/LoadTableResult' + + LoadTableResponse: + description: Table metadata result when loading a table + content: + application/json: + schema: + $ref: '#/components/schemas/LoadTableResult' + + LoadViewResponse: + description: View metadata result when loading a view + content: + application/json: + schema: + $ref: '#/components/schemas/LoadViewResult' + + CommitTableResponse: + description: + Response used when a table is successfully updated. + + The table metadata JSON is returned in the metadata field. The corresponding file location of table metadata must be returned in the metadata-location field. Clients can check whether metadata has changed by comparing metadata locations. + content: + application/json: + schema: + $ref: '#/components/schemas/CommitTableResponse' + + ####################################### + # Common examples of different values # + ####################################### + examples: + + ListTablesEmptyExample: + summary: An empty list for a namespace with no tables + value: { + "identifiers": [ ] + } + + ListNamespacesEmptyExample: + summary: An empty list of namespaces + value: { + "namespaces": [ ] + } + + ListNamespacesNonEmptyExample: + summary: A non-empty list of namespaces + value: { + "namespaces": [ + ["accounting", "tax"], + ["accounting", "credits"] + ] + } + + ListTablesNonEmptyExample: + summary: A non-empty list of table identifiers + value: { + "identifiers": [ + { "namespace": ["accounting", "tax"], "name": "paid" }, + { "namespace": ["accounting", "tax"], "name": "owed" } + ] + } + + MultipartNamespaceAsPathVariable: + summary: A multi-part namespace, as represented in a path parameter + value: "accounting%1Ftax" + + NamespaceAsPathVariable: + summary: A single part namespace, as represented in a path paremeter + value: "accounting" + + NamespaceAlreadyExistsError: + summary: The requested namespace already exists + value: { + "error": { + "message": "The given namespace already exists", + "type": "AlreadyExistsException", + "code": 409 + } + } + + NoSuchTableError: + summary: The requested table does not exist + value: { + "error": { + "message": "The given table does not exist", + "type": "NoSuchTableException", + "code": 404 + } + } + + NoSuchViewError: + summary: The requested view does not exist + value: { + "error": { + "message": "The given view does not exist", + "type": "NoSuchViewException", + "code": 404 + } + } + + NoSuchNamespaceError: + summary: The requested namespace does not exist + value: { + "error": { + "message": "The given namespace does not exist", + "type": "NoSuchNamespaceException", + "code": 404 + } + } + + RenameTableSameNamespace: + summary: Rename a table in the same namespace + value: { + "source": { "namespace": ["accounting", "tax"], "name": "paid" }, + "destination": { "namespace": ["accounting", "tax"], "name": "owed" } + } + + RenameViewSameNamespace: + summary: Rename a view in the same namespace + value: { + "source": { "namespace": [ "accounting", "tax" ], "name": "paid-view" }, + "destination": { "namespace": [ "accounting", "tax" ], "name": "owed-view" } + } + + TableAlreadyExistsError: + summary: The requested table identifier already exists + value: { + "error": { + "message": "The given table already exists", + "type": "AlreadyExistsException", + "code": 409 + } + } + + ViewAlreadyExistsError: + summary: The requested view identifier already exists + value: { + "error": { + "message": "The given view already exists", + "type": "AlreadyExistsException", + "code": 409 + } + } + + # This is an example response and is not meant to be prescriptive regarding the message or type. + UnprocessableEntityDuplicateKey: + summary: + The request body either has the same key multiple times in what should be a map with unique keys + or the request body has keys in two or more fields which should be disjoint sets. + value: { + "error": { + "message": "The request cannot be processed as there is a key present multiple times", + "type": "UnprocessableEntityException", + "code": 422 + } + } + + UpdateAndRemoveNamespacePropertiesRequest: + summary: An update namespace properties request with both properties to remove and properties to upsert. + value: { + "removals": [ "foo", "bar" ], + "updates": { "owner": "Raoul" } + } + + securitySchemes: + OAuth2: + type: oauth2 + description: + This scheme is used for OAuth2 authorization. + + + For unauthorized requests, services should return an appropriate 401 or + 403 response. Implementations must not return altered success (200) + responses when a request is unauthenticated or unauthorized. + + If a separate authorization server is used, substitute the tokenUrl with + the full token path of the external authorization server, and use the + resulting token to access the resources defined in the spec. + flows: + clientCredentials: + tokenUrl: /v1/oauth/tokens + scopes: + catalog: Allows interacting with the Config and Catalog APIs + BearerAuth: + type: http + scheme: bearer \ No newline at end of file diff --git a/docs/overview.md b/site/content/in-dev/unreleased/overview.md similarity index 88% rename from docs/overview.md rename to site/content/in-dev/unreleased/overview.md index a8731488f..6728f5ed7 100644 --- a/docs/overview.md +++ b/site/content/in-dev/unreleased/overview.md @@ -1,27 +1,32 @@ - +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +Title: Overview +type: docs +weight: 200 +--- Apache Polaris (Incubating) is a catalog implementation for Apache Iceberg™ tables and is built on the open source Apache Iceberg™ REST protocol. With Polaris, you can provide centralized, secure read and write access to your Iceberg tables across different REST-compatible query engines. -![Conceptual diagram of Apache Polaris (Incubating).](img/overview.svg "Apache Polaris (Incubating) overview") +![Conceptual diagram of Apache Polaris (Incubating).](/img/overview.svg "Apache Polaris (Incubating) overview") ## Key concepts @@ -30,7 +35,7 @@ This section introduces key concepts associated with using Apache Polaris (Incub In the following diagram, a sample [Apache Polaris (Incubating) structure](overview.md#catalog) with nested [namespaces](overview.md#namespace) is shown for Catalog1. No tables or namespaces have been created yet for Catalog2 or Catalog3. -![Diagram that shows an example Apache Polaris (Incubating) structure.](img/sample-catalog-structure.svg "Sample Apache Polaris (Incubating) structure") +![Diagram that shows an example Apache Polaris (Incubating) structure.](/img/sample-catalog-structure.svg "Sample Apache Polaris (Incubating) structure") ### Catalog @@ -156,13 +161,14 @@ In the following example workflow, Bob creates an Apache Iceberg™ table na service connection with a service principal that has the privileges to perform these actions. -2. Alice uses Trino to read data from Table1. +2. Alice uses Snowflake to read data from Table1. Alice can read data from Table1 because she is using a service - connection with a service principal that has the privileges to - perform this action. + connection with a service principal with a catalog integration that + has the privileges to perform this action. Alice + creates an unmanaged table in Snowflake to read data from Table1. -![Diagram that shows an example workflow for Apache Polaris (Incubating)](img/example-workflow.svg "Example workflow for Apache Polaris (Incubating)") +![Diagram that shows an example workflow for Apache Polaris (Incubating)](/img/example-workflow.svg "Example workflow for Apache Polaris (Incubating)") ## Security and access control diff --git a/site/content/in-dev/unreleased/polaris-management-service.md b/site/content/in-dev/unreleased/polaris-management-service.md new file mode 100644 index 000000000..0b66b9daa --- /dev/null +++ b/site/content/in-dev/unreleased/polaris-management-service.md @@ -0,0 +1,27 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +title: 'Apache Polaris Management Service OpenAPI' +linkTitle: 'Management OpenAPI' +weight: 800 +params: + show_page_toc: false +--- + +{{< redoc-polaris "polaris-management-service.yml" >}} diff --git a/docs/quickstart.md b/site/content/in-dev/unreleased/quickstart.md similarity index 81% rename from docs/quickstart.md rename to site/content/in-dev/unreleased/quickstart.md index 28397418a..b14632405 100644 --- a/docs/quickstart.md +++ b/site/content/in-dev/unreleased/quickstart.md @@ -1,23 +1,26 @@ - - -# Quick Start +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +Title: Quick Start +type: docs +weight: 100 +--- This guide serves as a introduction to several key entities that can be managed with Apache Polaris (Incubating), describes how to build and deploy Polaris locally, and finally includes examples of how to use Polaris with Apache Spark™. @@ -121,7 +124,7 @@ At this point, Polaris is running. ## Bootstrapping Polaris -For this tutorial, we'll launch an instance of Polaris that stores entities only in-memory. This means that any entities that you define will be destroyed when Polaris is shut down. It also means that Polaris will automatically bootstrap itself with root credentials. For more information on how to configure Polaris for production usage, see the [docs](./configuring-polaris-for-production.md). +For this tutorial, we'll launch an instance of Polaris that stores entities only in-memory. This means that any entities that you define will be destroyed when Polaris is shut down. It also means that Polaris will automatically bootstrap itself with root credentials. For more information on how to configure Polaris for production usage, see the [docs](configuring-polaris-for-production.md). When Polaris is launched using in-memory mode the root principal credentials can be found in stdout on initial startup. For example: @@ -138,7 +141,7 @@ export CLIENT_SECRET= ## Defining a Catalog -In Polaris, the [catalog](./entities.md#catalog) is the top-level entity that objects like [tables](./entities.md#table) and [views](./entities.md#view) are organized under. With a Polaris service running, you can create a catalog like so: +In Polaris, the [catalog](entities.md#catalog) is the top-level entity that objects like [tables](entities.md#table) and [views](entities.md#view) are organized under. With a Polaris service running, you can create a catalog like so: ```shell cd ~/polaris @@ -158,14 +161,14 @@ This will create a new catalog called **quickstart_catalog**. The `DEFAULT_BASE_LOCATION` you provide will be the default location that objects in this catalog should be stored in, and the `ROLE_ARN` you provide should be a [Role ARN](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html) with access to read and write data in that location. These credentials will be provided to engines reading data from the catalog once they have authenticated with Polaris using credentials that have access to those resources. -If you’re using a storage type other than S3, such as Azure, you’ll provide a different type of credential than a Role ARN. For more details on supported storage types, see the [docs](./entities.md#storage-type). +If you’re using a storage type other than S3, such as Azure, you’ll provide a different type of credential than a Role ARN. For more details on supported storage types, see the [docs](entities.md#storage-type). -Additionally, if Polaris is running somewhere other than `localhost:8181`, you can specify the correct hostname and port by providing `--host` and `--port` flags. For the full set of options supported by the CLI, please refer to the [docs](./command-line-interface.md). +Additionally, if Polaris is running somewhere other than `localhost:8181`, you can specify the correct hostname and port by providing `--host` and `--port` flags. For the full set of options supported by the CLI, please refer to the [docs](command-line-interface.md). ### Creating a Principal and Assigning it Privileges -With a catalog created, we can create a [principal](./entities.md#principal) that has access to manage that catalog. For details on how to configure the Polaris CLI, see [the section above](#defining-a-catalog) or refer to the [docs](./command-line-interface.md). +With a catalog created, we can create a [principal](entities.md#principal) that has access to manage that catalog. For details on how to configure the Polaris CLI, see [the section above](#defining-a-catalog) or refer to the [docs](command-line-interface.md). ```shell ./polaris \ @@ -200,7 +203,7 @@ When the `principals create` command completes successfully, it will return the {"clientId": "XXXX", "clientSecret": "YYYY"} ``` -Now, we grant the principal the [principal role](./entities.md#principal-role) we created, and grant the [catalog role](./entities.md#catalog-role) the principal role we created. For more information on these entities, please refer to the linked documentation. +Now, we grant the principal the [principal role](entities.md#principal-role) we created, and grant the [catalog role](entities.md#catalog-role) the principal role we created. For more information on these entities, please refer to the linked documentation. ```shell ./polaris \ @@ -223,9 +226,9 @@ Now, we grant the principal the [principal role](./entities.md#principal-role) w Now, we’ve linked our principal to the catalog via roles like so: -![Principal to Catalog](./img/quickstart/privilege-illustration-1.png "Principal to Catalog") +![Principal to Catalog](/img/quickstart/privilege-illustration-1.png "Principal to Catalog") -In order to give this principal the ability to interact with the catalog, we must assign some [privileges](./entities.md#privilege). For the time being, we will give this principal the ability to fully manage content in our new catalog. We can do this with the CLI like so: +In order to give this principal the ability to interact with the catalog, we must assign some [privileges](entities.md#privilege). For the time being, we will give this principal the ability to fully manage content in our new catalog. We can do this with the CLI like so: ```shell ./polaris \ @@ -239,9 +242,9 @@ In order to give this principal the ability to interact with the catalog, we mus CATALOG_MANAGE_CONTENT ``` -This grants the [catalog privileges](./entities.md#privilege) `CATALOG_MANAGE_CONTENT` to our catalog role, linking everything together like so: +This grants the [catalog privileges](entities.md#privilege) `CATALOG_MANAGE_CONTENT` to our catalog role, linking everything together like so: -![Principal to Catalog with Catalog Role](./img/quickstart/privilege-illustration-2.png "Principal to Catalog with Catalog Role") +![Principal to Catalog with Catalog Role](/img/quickstart/privilege-illustration-2.png "Principal to Catalog with Catalog Role") `CATALOG_MANAGE_CONTENT` has create/list/read/write privileges on all entities within the catalog. The same privilege could be granted to a namespace, in which case the principal could create/list/read/write any entity under that namespace. diff --git a/site/content/in-dev/unreleased/rest-catalog-open-api.md b/site/content/in-dev/unreleased/rest-catalog-open-api.md new file mode 100644 index 000000000..ecb43a83f --- /dev/null +++ b/site/content/in-dev/unreleased/rest-catalog-open-api.md @@ -0,0 +1,27 @@ +--- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +title: 'Apache Iceberg OpenAPI' +linkTitle: 'Iceberg OpenAPI' +weight: 900 +params: + show_page_toc: false +--- + +{{< redoc-polaris "rest-catalog-open-api.yaml" >}} diff --git a/site/docker/Dockerfile b/site/docker/Dockerfile new file mode 100644 index 000000000..98a6aad1c --- /dev/null +++ b/site/docker/Dockerfile @@ -0,0 +1,41 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +FROM ubuntu:24.04 AS hugo + +RUN apt-get update +RUN apt-get install --yes golang hugo asciidoctor npm curl +RUN apt-get clean +# http-server is used when building the static site to manually check it locally +# (via `site/bin/create-static-site.sh --local` at http://localhost:8080/) +RUN npm install --global http-server + +# these dependencies are needed to build the static site +#RUN npm install --global autoprefixer postcss postcss-cli http-server + +RUN mkdir /polaris +RUN mkdir /polaris/site +RUN mkdir /polaris/site/resources + +COPY _run_in_docker.sh /hugo/run + +EXPOSE 1313 +EXPOSE 8080 + +ENTRYPOINT ["/hugo/run"] diff --git a/site/docker/_run_in_docker.sh b/site/docker/_run_in_docker.sh new file mode 100755 index 000000000..e32a15310 --- /dev/null +++ b/site/docker/_run_in_docker.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# THIS SCRIPT IS ONLY INTENDED TO BE USED INSIDE THE HUGO DOCKER CONTAINER ! + +set -e + +HUGO_ARGS=() +CREATE_SITE=0 +RUN_HTTPD=0 +DEST_DIR="" + +while [[ $# -gt 0 ]]; do + case $1 in + create-site-publication) + CREATE_SITE=1 + DEST_DIR="/polaris/site/build/apache-site" + shift + ;; + create-local-site-publication) + CREATE_SITE=1 + RUN_HTTPD=1 + DEST_DIR="/polaris/site/build/localhost-site" + shift + ;; + *) + HUGO_ARGS+=("$1") + shift + ;; + esac +done + +cd /polaris + +if [[ ${CREATE_SITE} == 1 ]]; then + npm install --save-dev autoprefixer postcss postcss-cli + + hugo \ + --source /polaris/site \ + --cacheDir /hugo/cache \ + --noBuildLock \ + --cleanDestinationDir \ + --printPathWarnings \ + --printMemoryUsage \ + --printI18nWarnings \ + --destination ${DEST_DIR} \ + --minify \ + "${HUGO_ARGS[@]}" + + if [[ ${RUN_HTTPD} == 1 ]]; then + cd ${DEST_DIR} + exec http-server -p 8080 --cors + fi +else + exec hugo serve \ + --source /polaris/site \ + --cacheDir /hugo/cache \ + --noBuildLock \ + --buildDrafts \ + --cleanDestinationDir \ + --printPathWarnings \ + --printMemoryUsage \ + --printI18nWarnings \ + --renderToMemory \ + --bind 0.0.0.0 \ + "${HUGO_ARGS[@]}" +fi diff --git a/site/docker/docker-compose-hugo.yml b/site/docker/docker-compose-hugo.yml new file mode 100644 index 000000000..af2737d1d --- /dev/null +++ b/site/docker/docker-compose-hugo.yml @@ -0,0 +1,60 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +services: + hugo: + build: + context: . + user: $UID_GID + ports: + - "1313:1313" + healthcheck: + test: ["CMD", "curl", "http://localhost:1313/"] + interval: 10s + timeout: 10s + retries: 5 + volumes: + - workspace:/polaris + - resources:/polaris/site/resources + - hugo_cache:/hugo/cache + +volumes: + workspace: + # This is the polaris source tree + driver: local + driver_opts: + # set UID+GID so podman doesn't "chown" the Polaris workspace to an ephemeral UID (Linux only) + o: $MOUNT_OPTS_WORKSPACE + type: none + device: $WORKSPACE + hugo_cache: + # 'hugo_cache' is the Go modules cache - just keep it across restarts + driver: local + driver_opts: + # set UID+GID so podman doesn't "chown" the Polaris workspace to an ephemeral UID (Linux only) + o: $MOUNT_OPTS_WORKSPACE + type: none + device: $WORKSPACE/site/build/hugo-cache + resources: + # mount for the generated `resources/_gen` dir (no way to move that elsewhere :( ) + driver: local + driver_opts: + type: tmpfs + device: tmpfs + o: $MOUNT_OPTS_RESOURCES diff --git a/site/docker/docker-compose-publish.yml b/site/docker/docker-compose-publish.yml new file mode 100644 index 000000000..c377e93fe --- /dev/null +++ b/site/docker/docker-compose-publish.yml @@ -0,0 +1,74 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +services: + hugo_publish_apache: + profiles: + - publish + build: + context: . + user: $UID_GID + volumes: + - workspace:/polaris + - resources:/polaris/site/resources + - hugo_cache:/hugo/cache + command: + - create-site-publication + + hugo_publish_localhost8080: + profiles: + - publish + build: + context: . + ports: + - "8080:8080" + user: $UID_GID + volumes: + - workspace:/polaris + - resources:/polaris/site/resources + - hugo_cache:/hugo/cache + command: + - create-local-site-publication + - --baseURL + - http://localhost:8080/ + +volumes: + workspace: + # This is the polaris source tree + driver: local + driver_opts: + # set UID+GID so podman doesn't "chown" the Polaris workspace to an ephemeral UID (Linux only) + o: $MOUNT_OPTS_WORKSPACE + type: none + device: $WORKSPACE + hugo_cache: + # 'hugo_cache' is the Go modules cache - just keep it across restarts + driver: local + driver_opts: + # set UID+GID so podman doesn't "chown" the Polaris workspace to an ephemeral UID (Linux only) + o: $MOUNT_OPTS_WORKSPACE + type: none + device: $WORKSPACE/site/build/hugo-cache + resources: + # mount for the generated `resources/_gen` dir (no way to move that elsewhere :( ) + driver: local + driver_opts: + type: tmpfs + device: tmpfs + o: $MOUNT_OPTS_RESOURCES diff --git a/site/go.mod b/site/go.mod new file mode 100644 index 000000000..b3fd51372 --- /dev/null +++ b/site/go.mod @@ -0,0 +1,26 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +module github.com/apache/polaris + +go 1.22.2 + +require ( + github.com/google/docsy v0.10.0 // indirect +) diff --git a/site/go.sum b/site/go.sum new file mode 100644 index 000000000..78bc9349c --- /dev/null +++ b/site/go.sum @@ -0,0 +1,4 @@ +github.com/FortAwesome/Font-Awesome v0.0.0-20240402185447-c0f460dca7f7/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo= +github.com/google/docsy v0.10.0 h1:6tMDacPwAyRWNCfvsn/9qGOZDQ8b0aRzjRZvnZPY5dg= +github.com/google/docsy v0.10.0/go.mod h1:c0nIAqmRTOuJ01F85U/wJPQtc3Zj9N58Kea9bOT2AJc= +github.com/twbs/bootstrap v5.3.3+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0= diff --git a/site/hugo.yaml b/site/hugo.yaml new file mode 100644 index 000000000..576a58618 --- /dev/null +++ b/site/hugo.yaml @@ -0,0 +1,238 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +baseURL: 'https://polaris.apache.org/' +languageCode: 'en-us' +title: 'Apache Polaris' +sectionPagesMenu: 'main' +enableRobotsTXT: true + +permalinks: + blog: "/:section/:year/:month/:day/:slug/" + +params: + author.name: 'Apache Polaris contributors' + offlineSearch: true + github_repo: https://github.com/apache/polaris + github_project_repo: https://github.com/apache/polaris + github_branch: main + github_subdir: site + privacy_policy: https://privacy.apache.org/policies/privacy-policy-public.html + + links: + # End user relevant links. These will show up on left side of footer and in the community page if you have one. + user: + - name: Zulip + url: https://polaris-catalog.zulipchat.com/ + icon: fa-regular fa-comment-dots + desc: Chat with other project developers + - name: Community Meetings + url: /community/meetings/ + icon: fa-brands fa-square-youtube + desc: Upcoming, live and recorded Community Meetings + developer: + - name: Dev mailing list + url: https://lists.apache.org/list.html?dev@polaris.apache.org + icon: fa fa-envelope + desc: Discussion and help from your fellow users + - name: GitHub + url: https://github.com/apache/polaris + icon: fab fa-github + desc: Development takes place here! + + # Not using Docsy's mechanism to show a "Releases" menu, because we want to differentiate between "active" and + # "EOL" releases and only show the "active" ones in the top navbar - and have the `Releases` menu not appear + # at the very right in the navbar. + active_releases: + # Mention all active releases here, in semver descending order + - "1.0.0" + - "0.1.0" + + ui: + ul_show: 1 + sidebar_menu_compact: true + sidebar_menu_foldable: true + sidebar_cache_limit: 1000 + # Dark doesn't look great for example with the `redoc` shortcode :( + #showLightDarkModeMenu: true + sidebar_search_disable: true + + plantuml: + enable: true + markmap: + enable: true + +imaging: + resampleFilter: "CatmullRom" + quality: 75 + anchor: "smart" + +menu: + main: + - name: "Docs & Releases" + identifier: "releases" + weight: 800 + params: + orderby: weight.desc + - name: "All Releases" + identifier: "all-releases-page" + url: "/releases/" + parent: "releases" + - name: "In Development" + url: "/in-dev/unreleased/" + parent: "releases" + + - name: "Community" + identifier: "community" + weight: 300 + - name: "Community Page" + parent: "community" + url: "/community/" + weight: 10 + - name: "Meetings" + parent: "community" + url: "/community/meetings" + weight: 20 + - name: "Proposals" + parent: "community" + url: "/community/proposals" + weight: 30 + - name: "Code Of Conduct" + parent: "community" + url: "/community/code-of-conduct" + weight: 40 + - name: "Chat Bylaws" + parent: "community" + url: "/community/chat-bylaws" + weight: 50 + - name: "Contributing Guidelines" + parent: "community" + url: "/community/contributing-guidelines" + weight: 60 + + - name: "ASF" + pre: "" + identifier: "asf" + weight: 900 + params: + rel: "external" + external: true + - name: "Foundation" + parent: "asf" + url: "https://www.apache.org/" + weight: 41 + params: + rel: "external" + external: true + - name: "License" + parent: "asf" + url: "https://www.apache.org/licenses/" + weight: 42 + params: + rel: "external" + external: true + - name: "Events" + parent: "asf" + url: "https://www.apache.org/events/current-event.html" + weight: 43 + params: + rel: "external" + external: true + - name: "Privacy" + parent: "asf" + url: "https://privacy.apache.org/policies/privacy-policy-public.html" + weight: 44 + params: + rel: "external" + external: true + - name: "Security" + parent: "asf" + url: "https://github.com/apache/polaris/blob/main/SECURITY.md" + weight: 45 + params: + rel: "external" + external: true + - name: "Sponsorship" + parent: "asf" + url: "https://www.apache.org/foundation/sponsorship.html" + weight: 46 + params: + rel: "external" + external: true + - name: "Thanks" + parent: "asf" + url: "https://www.apache.org/foundation/thanks.html" + weight: 47 + params: + rel: "external" + external: true + +module: + hugoVersion: + extended: true + # The Hugo versions (as of 2024/09/04): + # in latest Ubuntu 24.04: 0.123.7 + # in brew: 0.134.0 + min: 0.123.7 + imports: + - path: github.com/google/docsy + # Pin to this release, newer releases _might_ break the customized layouts + version: v0.10.0 + +outputs: + section: + - HTML + - RSS + # Print support disabled until the `releases` layout supports it + #- print + +markup: + highlight: + anchorLineNos: false + codeFences: true + guessSyntax: false + hl_Lines: "" + hl_inline: false + lineAnchors: '' + lineNoStart: 1 + lineNos: false + lineNumbersInTable: true + noClasses: true + noHl: false + style: 'monokai' + tabWidth: 4 + +security: + exec: + # Add `asciidoctor` as an allowed executable + allow: [ '^(dart-)?sass(-embedded)?$', '^go$', '^npx$', '^postcss$', '^asciidoctor$' ] + +privacy: + googleAnalytics: + respectDoNotTrack: true + instagram: + simple: true + twitter: + enableDNT: false + simple: true + vimeo: + enableDNT: true + simple: true + youtube: + privacyEnhanced: true diff --git a/site/layouts/blog/baseof.html b/site/layouts/blog/baseof.html new file mode 100644 index 000000000..aba07493f --- /dev/null +++ b/site/layouts/blog/baseof.html @@ -0,0 +1,50 @@ + + + + {{ partial "head.html" . }} + + +
+ {{ partial "navbar.html" . }} +
+
+
+
+ +
+ {{ with .CurrentSection.OutputFormats.Get "rss" -}} + + + + {{ end -}} + {{ block "main" . }}{{ end }} +
+
+
+ {{ partial "footer.html" . }} +
+ {{ partial "scripts.html" . }} + + \ No newline at end of file diff --git a/site/layouts/community/list.html b/site/layouts/community/list.html new file mode 100644 index 000000000..ab83b54eb --- /dev/null +++ b/site/layouts/community/list.html @@ -0,0 +1,41 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} +{{ define "main" -}} + +
+
+
+
+ +

{{ T "community_join" . }}

+

{{ T "community_introduce" . }}

+ +
+
+
+ +{{ with .Content -}} +
+ {{ . }} +
+{{- end -}} + +{{ end }} \ No newline at end of file diff --git a/site/layouts/docs/baseof.html b/site/layouts/docs/baseof.html new file mode 100644 index 000000000..d6b77d8c8 --- /dev/null +++ b/site/layouts/docs/baseof.html @@ -0,0 +1,54 @@ + + + + + {{ partial "head.html" . }} + + +
+ {{ partial "navbar.html" . }} +
+
+
+
+ + + {{ if .Params.show_page_toc -}} + + {{ end -}} +
+ {{ partial "version-banner.html" . }} + {{ if not .Site.Params.ui.breadcrumb_disable }}{{ partial "breadcrumb.html" . }}{{ end }} + {{ block "main" . }}{{ end }} +
+
+
+ {{ partial "footer.html" . }} +
+ {{ partial "scripts.html" . }} + + \ No newline at end of file diff --git a/site/layouts/home/baseof.html b/site/layouts/home/baseof.html new file mode 100644 index 000000000..e3a74bf58 --- /dev/null +++ b/site/layouts/home/baseof.html @@ -0,0 +1,39 @@ + + + + {{ partial "head.html" . }} + + +
+ {{ partial "navbar.html" . }} +
+ +
+
+ {{ block "main" . }}{{ end }} +
+ {{ partial "footer.html" . }} +
+ {{ partial "scripts.html" . }} + + \ No newline at end of file diff --git a/site/layouts/home/list.html b/site/layouts/home/list.html new file mode 100644 index 000000000..12a0be9c8 --- /dev/null +++ b/site/layouts/home/list.html @@ -0,0 +1,23 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} +{{ define "main" -}} +
+ {{ .Content }} +
+{{ end }} \ No newline at end of file diff --git a/site/layouts/partials/community_links.html b/site/layouts/partials/community_links.html new file mode 100644 index 000000000..89dc764d0 --- /dev/null +++ b/site/layouts/partials/community_links.html @@ -0,0 +1,52 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} +{{ $links := .Site.Params.links -}} +{{ $contribUrl := .Params.contributingUrl | default "docs/contribution-guidelines" -}} + +
+
+

{{ T "community_learn" }}

+

{{ T "community_using" . }}

+ {{ with index $links "user" -}} + {{ template "community-links-list" . -}} + {{ end }} +
+
+

{{ T "community_develop" }}

+

{{ T "community_contribute" . }}

+ {{ with index $links "developer" -}} + {{ template "community-links-list" . -}} + {{ end }} +

+ {{ T "community_how_to" . }} + {{ T "community_guideline" }}. +

+
+
+ +{{ define "community-links-list" -}} +
    + {{ range . -}} +
  • + {{ .name }}: + {{ .desc }} +
    • + {{ end }} +
+{{- end }} \ No newline at end of file diff --git a/site/layouts/partials/navbar.html b/site/layouts/partials/navbar.html new file mode 100644 index 000000000..c28edbee1 --- /dev/null +++ b/site/layouts/partials/navbar.html @@ -0,0 +1,122 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{ $cover := and + (.HasShortcode "blocks/cover") + (not .Site.Params.ui.navbar_translucent_over_cover_disable) +-}} +{{ $baseURL := urls.Parse $.Site.Params.Baseurl -}} + + \ No newline at end of file diff --git a/site/layouts/partials/openapiUrl.html b/site/layouts/partials/openapiUrl.html new file mode 100644 index 000000000..12ab54f6d --- /dev/null +++ b/site/layouts/partials/openapiUrl.html @@ -0,0 +1,27 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{- $ver := partial "releaseVersion.html" . -}} +{{- $spec := ( .Get 0 ) -}} +{{- $url := "" -}} +{{- if eq $ver "[unreleased]" -}} +{{- $url = printf "https://github.com/apache/polaris/raw/refs/heads/main/spec/%s" $spec }} +{{- else -}} +{{- $url = printf "https://github.com/apache/polaris/raw/refs/tags/polaris-%s/spec/%s" $ver $spec }} +{{- end -}} +{{- return $url -}} \ No newline at end of file diff --git a/site/layouts/partials/padZeroPrefix.html b/site/layouts/partials/padZeroPrefix.html new file mode 100644 index 000000000..2ef9be6f0 --- /dev/null +++ b/site/layouts/partials/padZeroPrefix.html @@ -0,0 +1,22 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{- $padSize := 6 }} +{{- $paddedString := replaceRE "(\\d+)" (print (strings.Repeat (sub $padSize 1) "0") "$1") . }} +{{- $trimmedString := replaceRE (print "0+(\\d{" $padSize "})") "$1" $paddedString }} +{{- return $trimmedString }} \ No newline at end of file diff --git a/site/layouts/partials/releasePages.html b/site/layouts/partials/releasePages.html new file mode 100644 index 000000000..cef090859 --- /dev/null +++ b/site/layouts/partials/releasePages.html @@ -0,0 +1,45 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{ $s := .site -}} + +{{ $releasesRootBy := $s.Pages.ByParam "all_releases_root" -}} +{{ $activeReleasePages := slice -}} +{{ $eolReleasePages := slice -}} + +{{ with $releasesRootBy -}} + {{ $releasesRootPage := index . 0 -}} + {{ if eq $releasesRootPage.Params.all_releases_root true }} + {{ $sortedVersions := partial "versions-sorted.html" (dict "site" $s "onlyActive" false) -}} + {{ $activeReleases := $s.Params.active_releases }} + + {{ $pagesByVersion := $releasesRootPage.Pages.GroupByParam "release_version" -}} + {{ range $sortedVersions -}} + {{ $version := . -}} + {{ $versionPages := where $pagesByVersion "Key" $version -}} + {{ $versionPage := index ((index $versionPages 0).Pages) 0 }} + {{ if in $activeReleases $version -}} + {{ $activeReleasePages = $activeReleasePages | append $versionPage }} + {{ else -}} + {{ $eolReleasePages = $eolReleasePages | append $versionPage }} + {{ end -}} + {{ end -}} + {{ end -}} +{{ end -}} + +{{ return (dict "active" $activeReleasePages "eol" $eolReleasePages) }} \ No newline at end of file diff --git a/site/layouts/partials/releaseVersion.html b/site/layouts/partials/releaseVersion.html new file mode 100644 index 000000000..482518edd --- /dev/null +++ b/site/layouts/partials/releaseVersion.html @@ -0,0 +1,29 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{- $releaseVersion := "[unreleased]" -}} +{{- with .Page.Params.release_version -}} +{{- $releaseVersion = . -}} +{{- else -}} +{{- range .Page.Ancestors -}} +{{- with .Params.release_version -}} +{{- $releaseVersion = . -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- return $releaseVersion -}} \ No newline at end of file diff --git a/site/layouts/partials/sidebar-releases-tree.html b/site/layouts/partials/sidebar-releases-tree.html new file mode 100644 index 000000000..8e478a823 --- /dev/null +++ b/site/layouts/partials/sidebar-releases-tree.html @@ -0,0 +1,120 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{/* We cache this partial for bigger sites and set the active class client side. */ -}} +{{ $sidebarCacheLimit := .Site.Params.ui.sidebar_cache_limit | default 2000 -}} +{{ $shouldDelayActive := ge (len .Site.Pages) $sidebarCacheLimit -}} + +
+ {{ if not .Site.Params.ui.sidebar_search_disable -}} +
+ {{ partial "search-input.html" . }} + +
+ {{ else -}} +
+
+ {{ partial "search-input.html" . }} + +
+
+
+ {{ end -}} + +
+{{/* "outer" tree, starting with the releases pages */}} +{{ define "releases-section-versions-nav-section" -}} +{{ $s := .section -}} +{{ $p := .page -}} +{{ $shouldDelayActive := .shouldDelayActive -}} +{{ $sidebarMenuTruncate := .sidebarMenuTruncate -}} +{{ $ulNr := .ulNr -}} +{{ $ulShow := .ulShow -}} +{{ $pages := .pages -}} +{{ template "releases-section-x-nav-section" (dict "page" $p "section" $s "shouldDelayActive" $shouldDelayActive "sidebarMenuTruncate" $sidebarMenuTruncate "ulNr" $ulNr "ulShow" $ulShow "sectionLinkTitle" .sectionLinkTitle "pages_input" $pages) }} +{{- end -}} + +{{ define "releases-section-x-nav-section" -}} +{{ $s := .section -}} +{{ $p := .page -}} +{{ $shouldDelayActive := .shouldDelayActive -}} +{{ $sidebarMenuTruncate := .sidebarMenuTruncate -}} +{{ $treeRoot := cond (eq .ulNr 0) true false -}} +{{ $ulNr := .ulNr -}} +{{ $ulShow := .ulShow -}} +{{ $active := and (not $shouldDelayActive) (eq $s $p) -}} +{{ $activePath := and (not $shouldDelayActive) (or (eq $p $s) ($p.IsDescendant $s)) -}} +{{ $show := cond (or (lt $ulNr $ulShow) $activePath (and (not $shouldDelayActive) (eq $s.Parent $p.Parent)) (and (not $shouldDelayActive) (eq $s.Parent $p)) (not $p.Site.Params.ui.sidebar_menu_compact) (and (not $shouldDelayActive) ($p.IsDescendant $s.Parent))) true false -}} +{{ $mid := printf "m-%s" ($s.RelPermalink | anchorize) -}} +{{ $pages_input := .pages_input -}} +{{ $pages := $pages_input | first $sidebarMenuTruncate -}} +{{ $truncatedEntryCount := sub (len $pages_input) $sidebarMenuTruncate -}} +{{ if gt $truncatedEntryCount 0 -}} + {{ warnf "WARNING: %d sidebar entries have been truncated. To avoid this, increase `params.ui.sidebar_menu_truncate` to at least %d (from %d) in your config file. Section: %s" + $truncatedEntryCount (len $pages_input) $sidebarMenuTruncate $s.Path -}} +{{ end -}} +{{ $withChild := gt (len $pages) 0 -}} +{{ $manualLink := cond (isset $s.Params "manuallink") $s.Params.manualLink ( cond (isset $s.Params "manuallinkrelref") (relref $s $s.Params.manualLinkRelref) $s.RelPermalink) -}} +{{ $manualLinkTitle := cond (isset $s.Params "manuallinktitle") $s.Params.manualLinkTitle $s.Title -}} +{{ $sectionLinkTitle := .sectionLinkTitle | default $s.LinkTitle }} +
  • + {{ if (and $p.Site.Params.ui.sidebar_menu_foldable (ge $ulNr 1)) -}} + + + {{ else -}} + {{ with $s.Params.Icon}}{{ end }}{{ $sectionLinkTitle }} + {{- end }} + {{- if $withChild }} + {{- $ulNr := add $ulNr 1 }} +
      + {{ range $pages -}} + {{ if (not (and (eq $s $p.Site.Home) (eq .Params.toc_root true))) -}} + {{ $subPages := where .Pages.ByWeight ".Params.toc_hide" "!=" true }} + {{ template "releases-section-x-nav-section" (dict "page" $p "section" . "shouldDelayActive" $shouldDelayActive "sidebarMenuTruncate" $sidebarMenuTruncate "ulNr" $ulNr "ulShow" $ulShow "pages_input" $subPages) }} + {{- end }} + {{- end }} +
    + {{- end }} +
    • +{{- end -}} diff --git a/site/layouts/partials/sidebar-releases.html b/site/layouts/partials/sidebar-releases.html new file mode 100644 index 000000000..7ba8daaf4 --- /dev/null +++ b/site/layouts/partials/sidebar-releases.html @@ -0,0 +1,41 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{/* The "active" toggle here may delay rendering, so we only cache this side bar menu for bigger sites. */ -}} +{{ $sidebarCacheLimit := .Site.Params.ui.sidebar_cache_limit | default 2000 -}} +{{ $shouldCache := ge (len .Site.Pages) $sidebarCacheLimit -}} +{{ $sidebarCacheTypeRoot := .Site.Params.ui.sidebar_cache_type_root | default false -}} +{{ if $shouldCache -}} + {{ $mid := printf "m-%s" (.RelPermalink | anchorize) }} + + {{ partialCached "sidebar-releases-tree.html" . .FirstSection.RelPermalink }} +{{ else -}} + {{ partial "sidebar-releases-tree.html" . }} +{{- end }} \ No newline at end of file diff --git a/site/layouts/partials/trimZeroPrefix.html b/site/layouts/partials/trimZeroPrefix.html new file mode 100644 index 000000000..7039c2200 --- /dev/null +++ b/site/layouts/partials/trimZeroPrefix.html @@ -0,0 +1,19 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{- return replaceRE "0+(\\d+)" "$1" . }} \ No newline at end of file diff --git a/site/layouts/partials/versions-sorted.html b/site/layouts/partials/versions-sorted.html new file mode 100644 index 000000000..f97596014 --- /dev/null +++ b/site/layouts/partials/versions-sorted.html @@ -0,0 +1,38 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} +{{ $site := .site }} +{{ $onlyActive := .onlyActive }} + +{{ $allVersions := slice }} +{{ if not $onlyActive }} +{{ $releases := where $site.Pages ".Params.release_version" "!=" nil -}} +{{ range $releases -}} +{{ $allVersions = $allVersions | append .Params.release_version }} +{{- end }} +{{ else }} +{{ $allVersions = $site.Params.active_releases }} +{{ end }} + +{{/*- $versions := slice "17.9.200" "17.1.52" "16.8.100" "3.2.3" "3.1.2" "3.10.0" "17.8.20" "3.9.10" "16.8.93" "16.8.201" "17.8.10" "16.8.25-rc.0" "2.8.2" "16.8.21" "16.8.25-rc.2" "16.8.2" "17.21.46" "17.11.42" "20.8.2" "17.9.26" */}} + +{{- $paddedVersions := apply $allVersions "partial" "padZeroPrefix" "." }} +{{- $sortedVersions := (sort $paddedVersions "value" "desc") }} +{{- $sortedVersions = apply $sortedVersions "partial" "trimZeroPrefix" "." }} + +{{- return $sortedVersions }} diff --git a/site/layouts/releases/baseof.html b/site/layouts/releases/baseof.html new file mode 100644 index 000000000..1fc3c131f --- /dev/null +++ b/site/layouts/releases/baseof.html @@ -0,0 +1,48 @@ + + + + {{ partial "head.html" . }} + + +
    + {{ partial "navbar.html" . }} +
    +
    +
    +
    + + {{/* No right sidebar */}} +
    + {{ partial "version-banner.html" . }} + {{ if not .Site.Params.ui.breadcrumb_disable }}{{ partial "breadcrumb.html" . }}{{ end }} + {{ block "main" . }}{{ end }} +
    +
    +
    + {{ partial "footer.html" . }} +
    + {{ partial "scripts.html" . }} + + \ No newline at end of file diff --git a/site/layouts/releases/list.html b/site/layouts/releases/list.html new file mode 100644 index 000000000..6df355c07 --- /dev/null +++ b/site/layouts/releases/list.html @@ -0,0 +1,23 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} +{{ define "main" -}} +
    + {{ .Content }} +
    +{{ end }} \ No newline at end of file diff --git a/site/layouts/robots.txt b/site/layouts/robots.txt new file mode 100644 index 000000000..7a6aa7d3a --- /dev/null +++ b/site/layouts/robots.txt @@ -0,0 +1,11 @@ +User-agent: * +{{- $byReleaseVersion := where (.Pages.ByParam "release_version") "ne" nil -}} +{{ $latestRelease := index .Site.Params.active_releases 0 -}} +{{ range $byReleaseVersion -}} + {{ $page := . -}} + {{ with $page.Params.release_version -}} + {{ if ne . $latestRelease }} +Disallow: {{ $page.RelPermalink -}} + {{ end -}} + {{- end -}} +{{- end }} diff --git a/site/layouts/shortcodes/redoc-polaris.html b/site/layouts/shortcodes/redoc-polaris.html new file mode 100644 index 000000000..4db3e5caf --- /dev/null +++ b/site/layouts/shortcodes/redoc-polaris.html @@ -0,0 +1,118 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} + +{{/* + +Apache Polaris custom redoc shortcode that takes just the file of the OpenAPI spec YAML and loads +either the in-development version from the `main` branch or a released version from the corresponding +Git tag. + +This is a copy of the original Docsy redoc shortcode, except the part to calculate the URL is adopted +for Polaris in-dev/releases docs. + +*/}} + +{{- $spec := .Get 0 -}} +{{- $otheroptions := .Get 1 -}} +{{- $url := "" -}} + +{{- $ver := partial "releaseVersion.html" . -}} +{{- $spec := ( .Get 0 ) -}} +{{- $url := "" -}} +{{- if eq $ver "[unreleased]" -}} +{{- $url = printf "https://raw.githubusercontent.com/apache/polaris/refs/heads/main/spec/%s" $spec }} +{{- else -}} +{{- $url = printf "https://raw.githubusercontent.com/apache/polaris/refs/tags/polaris-%s/spec/%s" $ver $spec }} +{{- end -}} + + + + + + + + + + + + + + +
    + +
    + + diff --git a/site/layouts/shortcodes/releaseVersion.html b/site/layouts/shortcodes/releaseVersion.html new file mode 100644 index 000000000..6f0f6dd03 --- /dev/null +++ b/site/layouts/shortcodes/releaseVersion.html @@ -0,0 +1,19 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/}} +{{- partial "releaseVersion.html" . -}} \ No newline at end of file diff --git a/site/postcss.config.js b/site/postcss.config.js new file mode 100644 index 000000000..418d886dd --- /dev/null +++ b/site/postcss.config.js @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +module.exports = { + plugins: [ + require('autoprefixer') + ] +}; diff --git a/site/resources/keep-me.txt b/site/resources/keep-me.txt new file mode 100644 index 000000000..eca3faf57 --- /dev/null +++ b/site/resources/keep-me.txt @@ -0,0 +1,23 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +Just keep this file. + +It's needed to have the site/resources/ directory present and not let podman/docker create it during a volume +mount using the root or another ephemeral user. diff --git a/site/static/favicons/favicon.png b/site/static/favicons/favicon.png new file mode 100644 index 000000000..0d93342a7 Binary files /dev/null and b/site/static/favicons/favicon.png differ diff --git a/docs/img/logos/Polaris-Catalog-BLOG-symmetrical-subhead.png b/site/static/images/Polaris-Catalog-BLOG-symmetrical-subhead.png similarity index 100% rename from docs/img/logos/Polaris-Catalog-BLOG-symmetrical-subhead.png rename to site/static/images/Polaris-Catalog-BLOG-symmetrical-subhead.png diff --git a/site/static/images/apache-incubator.svg b/site/static/images/apache-incubator.svg new file mode 100644 index 000000000..1b4c36433 --- /dev/null +++ b/site/static/images/apache-incubator.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/img/logos/polaris-brandmark.png b/site/static/images/polaris-brandmark.png similarity index 100% rename from docs/img/logos/polaris-brandmark.png rename to site/static/images/polaris-brandmark.png diff --git a/docs/img/example-workflow.svg b/site/static/img/example-workflow.svg similarity index 100% rename from docs/img/example-workflow.svg rename to site/static/img/example-workflow.svg diff --git a/site/static/img/logos/Polaris-Catalog-BLOG-symmetrical-subhead.png b/site/static/img/logos/Polaris-Catalog-BLOG-symmetrical-subhead.png new file mode 100644 index 000000000..eb941b89e Binary files /dev/null and b/site/static/img/logos/Polaris-Catalog-BLOG-symmetrical-subhead.png differ diff --git a/site/static/img/logos/polaris-brandmark.png b/site/static/img/logos/polaris-brandmark.png new file mode 100644 index 000000000..6573f7a61 Binary files /dev/null and b/site/static/img/logos/polaris-brandmark.png differ diff --git a/docs/img/logos/polaris-catalog-stacked-logo.svg b/site/static/img/logos/polaris-catalog-stacked-logo.svg similarity index 100% rename from docs/img/logos/polaris-catalog-stacked-logo.svg rename to site/static/img/logos/polaris-catalog-stacked-logo.svg diff --git a/docs/img/logos/polaris-favicon.png b/site/static/img/logos/polaris-favicon.png similarity index 100% rename from docs/img/logos/polaris-favicon.png rename to site/static/img/logos/polaris-favicon.png diff --git a/docs/img/overview.svg b/site/static/img/overview.svg similarity index 100% rename from docs/img/overview.svg rename to site/static/img/overview.svg diff --git a/docs/img/quickstart/privilege-illustration-1.png b/site/static/img/quickstart/privilege-illustration-1.png similarity index 100% rename from docs/img/quickstart/privilege-illustration-1.png rename to site/static/img/quickstart/privilege-illustration-1.png diff --git a/docs/img/quickstart/privilege-illustration-2.png b/site/static/img/quickstart/privilege-illustration-2.png similarity index 100% rename from docs/img/quickstart/privilege-illustration-2.png rename to site/static/img/quickstart/privilege-illustration-2.png diff --git a/docs/img/rbac-example.svg b/site/static/img/rbac-example.svg similarity index 100% rename from docs/img/rbac-example.svg rename to site/static/img/rbac-example.svg diff --git a/docs/img/rbac-model.svg b/site/static/img/rbac-model.svg similarity index 100% rename from docs/img/rbac-model.svg rename to site/static/img/rbac-model.svg diff --git a/docs/img/sample-catalog-structure.svg b/site/static/img/sample-catalog-structure.svg similarity index 100% rename from docs/img/sample-catalog-structure.svg rename to site/static/img/sample-catalog-structure.svg diff --git a/site/static/openapi/polaris-management-service.yml b/site/static/openapi/polaris-management-service.yml new file mode 100644 index 000000000..a11f9e04e --- /dev/null +++ b/site/static/openapi/polaris-management-service.yml @@ -0,0 +1,1346 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + + +openapi: 3.0.3 +info: + title: Polaris Management Service + version: 0.0.1 + description: + Defines the management APIs for using Polaris to create and manage Iceberg catalogs and their principals +servers: + - url: "{scheme}://{host}/api/management/v1" + description: Server URL when the port can be inferred from the scheme + variables: + scheme: + description: The scheme of the URI, either http or https. + default: https + host: + description: The host address for the specified server + default: localhost +# All routes are currently configured using an Authorization header. +security: + - OAuth2: [] + +paths: + /catalogs: + get: + operationId: listCatalogs + description: List all catalogs in this polaris service + responses: + 200: + description: List of catalogs in the polaris service + content: + application/json: + schema: + $ref: "#/components/schemas/Catalogs" + 403: + description: "The caller does not have permission to list catalog details" + post: + operationId: createCatalog + description: Add a new Catalog + requestBody: + description: The Catalog to create + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/CreateCatalogRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The caller does not have permission to create a catalog" + 404: + description: "The catalog does not exist" + 409: + description: "A catalog with the specified name already exists" + + /catalogs/{catalogName}: + parameters: + - name: catalogName + in: path + description: The name of the catalog + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: getCatalog + description: Get the details of a catalog + responses: + 200: + description: The catalog details + content: + application/json: + schema: + $ref: "#/components/schemas/Catalog" + 403: + description: "The caller does not have permission to read catalog details" + 404: + description: "The catalog does not exist" + + put: + operationId: updateCatalog + description: Update an existing catalog + requestBody: + description: The catalog details to use in the update + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdateCatalogRequest" + responses: + 200: + description: The catalog details + content: + application/json: + schema: + $ref: "#/components/schemas/Catalog" + 403: + description: "The caller does not have permission to update catalog details" + 404: + description: "The catalog does not exist" + 409: + description: "The entity version doesn't match the currentEntityVersion; retry after fetching latest version" + + delete: + operationId: deleteCatalog + description: Delete an existing catalog. This is a cascading operation that deletes all metadata, including principals, + roles and grants. If the catalog is an internal catalog, all tables and namespaces are dropped without purge. + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to delete a catalog" + 404: + description: "The catalog does not exist" + + /principals: + get: + operationId: listPrincipals + description: List the principals for the current catalog + responses: + 200: + description: List of principals for this catalog + content: + application/json: + schema: + $ref: "#/components/schemas/Principals" + 403: + description: "The caller does not have permission to list catalog admins" + 404: + description: "The catalog does not exist" + + post: + operationId: createPrincipal + description: Create a principal + requestBody: + description: The principal to create + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/CreatePrincipalRequest" + responses: + 201: + description: "Successful response" + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalWithCredentials" + 403: + description: "The caller does not have permission to add a principal" + + /principals/{principalName}: + parameters: + - name: principalName + in: path + description: The principal name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: getPrincipal + description: Get the principal details + responses: + 200: + description: The requested principal + content: + application/json: + schema: + $ref: "#/components/schemas/Principal" + 403: + description: "The caller does not have permission to get principal details" + 404: + description: "The catalog or principal does not exist" + + put: + operationId: updatePrincipal + description: Update an existing principal + requestBody: + description: The principal details to use in the update + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdatePrincipalRequest" + responses: + 200: + description: The updated principal + content: + application/json: + schema: + $ref: "#/components/schemas/Principal" + 403: + description: "The caller does not have permission to update principal details" + 404: + description: "The principal does not exist" + 409: + description: "The entity version doesn't match the currentEntityVersion; retry after fetching latest version" + + delete: + operationId: deletePrincipal + description: Remove a principal from polaris + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to delete a principal" + 404: + description: "The principal does not exist" + + /principals/{principalName}/rotate: + parameters: + - name: principalName + in: path + description: The user name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + post: + operationId: rotateCredentials + description: Rotate a principal's credentials. The new credentials will be returned in the response. This is the only + API, aside from createPrincipal, that returns the user's credentials. This API is *not* idempotent. + responses: + 200: + description: The principal details along with the newly rotated credentials + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalWithCredentials" + 403: + description: "The caller does not have permission to rotate credentials" + 404: + description: "The principal does not exist" + + /principals/{principalName}/principal-roles: + parameters: + - name: principalName + in: path + description: The name of the target principal + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listPrincipalRolesAssigned + description: List the roles assigned to the principal + responses: + 200: + description: List of roles assigned to this principal + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRoles" + 403: + description: "The caller does not have permission to list roles" + 404: + description: "The principal or catalog does not exist" + + put: + operationId: assignPrincipalRole + description: Add a role to the principal + requestBody: + description: The principal role to assign + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/GrantPrincipalRoleRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The caller does not have permission to add assign a role to the principal" + 404: + description: "The catalog, the principal, or the role does not exist" + + /principals/{principalName}/principal-roles/{principalRoleName}: + parameters: + - name: principalName + in: path + description: The name of the target principal + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: principalRoleName + in: path + description: The name of the role + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + delete: + operationId: revokePrincipalRole + description: Remove a role from a catalog principal + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to remove a role from the principal" + 404: + description: "The catalog or principal does not exist" + + /principal-roles: + get: + operationId: listPrincipalRoles + description: List the principal roles + responses: + 200: + description: List of principal roles + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRoles" + 403: + description: "The caller does not have permission to list principal roles" + 404: + description: "The catalog does not exist" + + post: + operationId: createPrincipalRole + description: Create a principal role + requestBody: + description: The principal to create + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/CreatePrincipalRoleRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The caller does not have permission to add a principal role" + + /principal-roles/{principalRoleName}: + parameters: + - name: principalRoleName + in: path + description: The principal role name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: getPrincipalRole + description: Get the principal role details + responses: + 200: + description: The requested principal role + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRole" + 403: + description: "The caller does not have permission to get principal role details" + 404: + description: "The principal role does not exist" + + put: + operationId: updatePrincipalRole + description: Update an existing principalRole + requestBody: + description: The principalRole details to use in the update + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/UpdatePrincipalRoleRequest" + responses: + 200: + description: The updated principal role + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRole" + 403: + description: "The caller does not have permission to update principal role details" + 404: + description: "The principal role does not exist" + 409: + description: "The entity version doesn't match the currentEntityVersion; retry after fetching latest version" + + delete: + operationId: deletePrincipalRole + description: Remove a principal role from polaris + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to delete a principal role" + 404: + description: "The principal role does not exist" + + /principal-roles/{principalRoleName}/principals: + parameters: + - name: principalRoleName + in: path + description: The principal role name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listAssigneePrincipalsForPrincipalRole + description: List the Principals to whom the target principal role has been assigned + responses: + 200: + description: List the Principals to whom the target principal role has been assigned + content: + application/json: + schema: + $ref: "#/components/schemas/Principals" + 403: + description: "The caller does not have permission to list principals" + 404: + description: "The principal role does not exist" + + /principal-roles/{principalRoleName}/catalog-roles/{catalogName}: + parameters: + - name: principalRoleName + in: path + description: The principal role name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogName + in: path + required: true + description: The name of the catalog where the catalogRoles reside + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listCatalogRolesForPrincipalRole + description: Get the catalog roles mapped to the principal role + responses: + 200: + description: The list of catalog roles mapped to the principal role + content: + application/json: + schema: + $ref: "#/components/schemas/CatalogRoles" + 403: + description: "The caller does not have permission to list catalog roles" + 404: + description: "The principal role does not exist" + + put: + operationId: assignCatalogRoleToPrincipalRole + description: Assign a catalog role to a principal role + requestBody: + description: The principal to create + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/GrantCatalogRoleRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The caller does not have permission to assign a catalog role" + + /principal-roles/{principalRoleName}/catalog-roles/{catalogName}/{catalogRoleName}: + parameters: + - name: principalRoleName + in: path + description: The principal role name + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogName + in: path + description: The name of the catalog that contains the role to revoke + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogRoleName + in: path + description: The name of the catalog role that should be revoked + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + delete: + operationId: revokeCatalogRoleFromPrincipalRole + description: Remove a catalog role from a principal role + responses: + 204: + description: "Success, no content" + 403: + description: "The caller does not have permission to revoke a catalog role" + 404: + description: "The principal role does not exist" + + /catalogs/{catalogName}/catalog-roles: + parameters: + - name: catalogName + in: path + description: The catalog for which we are reading/updating roles + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listCatalogRoles + description: List existing roles in the catalog + responses: + 200: + description: The list of roles that exist in this catalog + content: + application/json: + schema: + $ref: "#/components/schemas/CatalogRoles" + post: + operationId: createCatalogRole + description: Create a new role in the catalog + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/CreateCatalogRoleRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The principal is not authorized to create roles" + 404: + description: "The catalog does not exist" + + /catalogs/{catalogName}/catalog-roles/{catalogRoleName}: + parameters: + - name: catalogName + in: path + description: The catalog for which we are retrieving roles + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogRoleName + in: path + description: The name of the role + required: true + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: getCatalogRole + description: Get the details of an existing role + responses: + 200: + description: The specified role details + content: + application/json: + schema: + $ref: "#/components/schemas/CatalogRole" + 403: + description: "The principal is not authorized to read role data" + 404: + description: "The catalog or the role does not exist" + + put: + operationId: updateCatalogRole + description: Update an existing role in the catalog + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/UpdateCatalogRoleRequest" + responses: + 200: + description: The specified role details + content: + application/json: + schema: + $ref: "#/components/schemas/CatalogRole" + 403: + description: "The principal is not authorized to update roles" + 404: + description: "The catalog or the role does not exist" + 409: + description: "The entity version doesn't match the currentEntityVersion; retry after fetching latest version" + + delete: + operationId: deleteCatalogRole + description: Delete an existing role from the catalog. All associated grants will also be deleted + responses: + 204: + description: "Success, no content" + 403: + description: "The principal is not authorized to delete roles" + 404: + description: "The catalog or the role does not exist" + + /catalogs/{catalogName}/catalog-roles/{catalogRoleName}/principal-roles: + parameters: + - name: catalogName + in: path + required: true + description: The name of the catalog where the catalog role resides + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogRoleName + in: path + required: true + description: The name of the catalog role + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listAssigneePrincipalRolesForCatalogRole + description: List the PrincipalRoles to which the target catalog role has been assigned + responses: + 200: + description: List the PrincipalRoles to which the target catalog role has been assigned + content: + application/json: + schema: + $ref: "#/components/schemas/PrincipalRoles" + 403: + description: "The caller does not have permission to list principal roles" + 404: + description: "The catalog or catalog role does not exist" + + /catalogs/{catalogName}/catalog-roles/{catalogRoleName}/grants: + parameters: + - name: catalogName + in: path + required: true + description: The name of the catalog where the role will receive the grant + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + - name: catalogRoleName + in: path + required: true + description: The name of the role receiving the grant (must exist) + schema: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + get: + operationId: listGrantsForCatalogRole + description: List the grants the catalog role holds + responses: + 200: + description: List of all grants given to the role in this catalog + content: + application/json: + schema: + $ref: "#/components/schemas/GrantResources" + put: + operationId: addGrantToCatalogRole + description: Add a new grant to the catalog role + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/AddGrantRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The principal is not authorized to create grants" + 404: + description: "The catalog or the role does not exist" + post: + operationId: revokeGrantFromCatalogRole + description: + Delete a specific grant from the role. This may be a subset or a superset of the grants the role has. In case of + a subset, the role will retain the grants not specified. If the `cascade` parameter is true, grant revocation + will have a cascading effect - that is, if a principal has specific grants on a subresource, and grants are revoked + on a parent resource, the grants present on the subresource will be revoked as well. By default, this behavior + is disabled and grant revocation only affects the specified resource. + parameters: + - name: cascade + in: query + schema: + type: boolean + default: false + description: If true, the grant revocation cascades to all subresources. + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/RevokeGrantRequest" + responses: + 201: + description: "Successful response" + 403: + description: "The principal is not authorized to create grants" + 404: + description: "The catalog or the role does not exist" + +components: + securitySchemes: + OAuth2: + type: oauth2 + description: Uses OAuth 2 with client credentials flow + flows: + implicit: + authorizationUrl: "{scheme}://{host}/api/v1/oauth/tokens" + scopes: {} + + schemas: + Catalogs: + type: object + description: A list of Catalog objects + properties: + catalogs: + type: array + items: + $ref: "#/components/schemas/Catalog" + required: + - catalogs + + CreateCatalogRequest: + type: object + description: Request to create a new catalog + properties: + catalog: + $ref: "#/components/schemas/Catalog" + required: + - catalog + + Catalog: + type: object + description: A catalog object. A catalog may be internal or external. Internal catalogs are managed entirely by + an external catalog interface. Third party catalogs may be other Iceberg REST implementations or other services + with their own proprietary APIs + properties: + type: + type: string + enum: + - INTERNAL + - EXTERNAL + description: the type of catalog - internal or external + default: INTERNAL + name: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + description: The name of the catalog + properties: + type: object + properties: + default-base-location: + type: string + additionalProperties: + type: string + required: + - default-base-location + createTimestamp: + type: integer + format: "int64" + description: The creation time represented as unix epoch timestamp in milliseconds + lastUpdateTimestamp: + type: integer + format: "int64" + description: The last update time represented as unix epoch timestamp in milliseconds + entityVersion: + type: integer + description: The version of the catalog object used to determine if the catalog metadata has changed + storageConfigInfo: + $ref: "#/components/schemas/StorageConfigInfo" + required: + - name + - type + - storageConfigInfo + - properties + discriminator: + propertyName: type + mapping: + INTERNAL: "#/components/schemas/PolarisCatalog" + EXTERNAL: "#/components/schemas/ExternalCatalog" + + + PolarisCatalog: + type: object + allOf: + - $ref: "#/components/schemas/Catalog" + description: The base catalog type - this contains all the fields necessary to construct an INTERNAL catalog + + ExternalCatalog: + description: An externally managed catalog + type: object + allOf: + - $ref: "#/components/schemas/Catalog" + - type: object + properties: + remoteUrl: + type: string + description: URL to the remote catalog API + + StorageConfigInfo: + type: object + description: A storage configuration used by catalogs + properties: + storageType: + type: string + enum: + - S3 + - GCS + - AZURE + - FILE + description: The cloud provider type this storage is built on. FILE is supported for testing purposes only + allowedLocations: + type: array + items: + type: string + example: "For AWS [s3://bucketname/prefix/], for AZURE [abfss://container@storageaccount.blob.core.windows.net/prefix/], for GCP [gs://bucketname/prefix/]" + required: + - storageType + discriminator: + propertyName: storageType + mapping: + S3: "#/components/schemas/AwsStorageConfigInfo" + AZURE: "#/components/schemas/AzureStorageConfigInfo" + GCS: "#/components/schemas/GcpStorageConfigInfo" + FILE: "#/components/schemas/FileStorageConfigInfo" + + AwsStorageConfigInfo: + type: object + description: aws storage configuration info + allOf: + - $ref: '#/components/schemas/StorageConfigInfo' + properties: + roleArn: + type: string + description: the aws role arn that grants privileges on the S3 buckets + example: "arn:aws:iam::123456789001:principal/abc1-b-self1234" + externalId: + type: string + description: an optional external id used to establish a trust relationship with AWS in the trust policy + userArn: + type: string + description: the aws user arn used to assume the aws role + example: "arn:aws:iam::123456789001:user/abc1-b-self1234" + required: + - roleArn + + AzureStorageConfigInfo: + type: object + description: azure storage configuration info + allOf: + - $ref: '#/components/schemas/StorageConfigInfo' + properties: + tenantId: + type: string + description: the tenant id that the storage accounts belong to + multiTenantAppName: + type: string + description: the name of the azure client application + consentUrl: + type: string + description: URL to the Azure permissions request page + required: + - tenantId + + GcpStorageConfigInfo: + type: object + description: gcp storage configuration info + allOf: + - $ref: '#/components/schemas/StorageConfigInfo' + properties: + gcsServiceAccount: + type: string + description: a Google cloud storage service account + + FileStorageConfigInfo: + type: object + description: gcp storage configuration info + allOf: + - $ref: '#/components/schemas/StorageConfigInfo' + + UpdateCatalogRequest: + description: Updates to apply to a Catalog + type: object + properties: + currentEntityVersion: + type: integer + description: The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version. + properties: + type: object + additionalProperties: + type: string + storageConfigInfo: + $ref: "#/components/schemas/StorageConfigInfo" + + Principals: + description: A list of Principals + type: object + properties: + principals: + type: array + items: + $ref: "#/components/schemas/Principal" + required: + - principals + + PrincipalWithCredentials: + description: A user with its client id and secret. This type is returned when a new principal is created or when its + credentials are rotated + type: object + properties: + principal: + $ref: "#/components/schemas/Principal" + credentials: + type: object + properties: + clientId: + type: string + clientSecret: + type: string + format: password + required: + - principal + - credentials + + CreatePrincipalRequest: + type: object + properties: + principal: + $ref: '#/components/schemas/Principal' + credentialRotationRequired: + type: boolean + description: If true, the initial credentials can only be used to call rotateCredentials + + Principal: + description: A Polaris principal. + type: object + properties: + name: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + clientId: + type: string + description: The output-only OAuth clientId associated with this principal if applicable + properties: + type: object + additionalProperties: + type: string + createTimestamp: + type: integer + format: "int64" + lastUpdateTimestamp: + type: integer + format: "int64" + entityVersion: + type: integer + description: The version of the principal object used to determine if the principal metadata has changed + required: + - name + + UpdatePrincipalRequest: + description: Updates to apply to a Principal + type: object + properties: + currentEntityVersion: + type: integer + description: The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version. + properties: + type: object + additionalProperties: + type: string + required: + - currentEntityVersion + - properties + + PrincipalRoles: + type: object + properties: + roles: + type: array + items: + $ref: "#/components/schemas/PrincipalRole" + required: + - roles + + GrantPrincipalRoleRequest: + type: object + properties: + principalRole: + $ref: '#/components/schemas/PrincipalRole' + + CreatePrincipalRoleRequest: + type: object + properties: + principalRole: + $ref: '#/components/schemas/PrincipalRole' + + PrincipalRole: + type: object + properties: + name: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + description: The name of the role + properties: + type: object + additionalProperties: + type: string + createTimestamp: + type: integer + format: "int64" + lastUpdateTimestamp: + type: integer + format: "int64" + entityVersion: + type: integer + description: The version of the principal role object used to determine if the principal role metadata has changed + required: + - name + + UpdatePrincipalRoleRequest: + description: Updates to apply to a Principal Role + type: object + properties: + currentEntityVersion: + type: integer + description: The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version. + properties: + type: object + additionalProperties: + type: string + required: + - currentEntityVersion + - properties + + CatalogRoles: + type: object + properties: + roles: + type: array + items: + $ref: "#/components/schemas/CatalogRole" + description: The list of catalog roles + required: + - roles + + GrantCatalogRoleRequest: + type: object + properties: + catalogRole: + $ref: '#/components/schemas/CatalogRole' + + CreateCatalogRoleRequest: + type: object + properties: + catalogRole: + $ref: '#/components/schemas/CatalogRole' + + CatalogRole: + type: object + properties: + name: + type: string + minLength: 1 + maxLength: 256 + pattern: '^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$' + description: The name of the role + properties: + type: object + additionalProperties: + type: string + createTimestamp: + type: integer + format: "int64" + lastUpdateTimestamp: + type: integer + format: "int64" + entityVersion: + type: integer + description: The version of the catalog role object used to determine if the catalog role metadata has changed + required: + - name + + UpdateCatalogRoleRequest: + description: Updates to apply to a Catalog Role + type: object + properties: + currentEntityVersion: + type: integer + description: The version of the object onto which this update is applied; if the object changed, the update will fail and the caller should retry after fetching the latest version. + properties: + type: object + additionalProperties: + type: string + required: + - currentEntityVersion + - properties + + ViewPrivilege: + type: string + enum: + - CATALOG_MANAGE_ACCESS + - VIEW_CREATE + - VIEW_DROP + - VIEW_LIST + - VIEW_READ_PROPERTIES + - VIEW_WRITE_PROPERTIES + - VIEW_FULL_METADATA + + TablePrivilege: + type: string + enum: + - CATALOG_MANAGE_ACCESS + - TABLE_DROP + - TABLE_LIST + - TABLE_READ_PROPERTIES + - VIEW_READ_PROPERTIES + - TABLE_WRITE_PROPERTIES + - TABLE_READ_DATA + - TABLE_WRITE_DATA + - TABLE_FULL_METADATA + + NamespacePrivilege: + type: string + enum: + - CATALOG_MANAGE_ACCESS + - CATALOG_MANAGE_CONTENT + - CATALOG_MANAGE_METADATA + - NAMESPACE_CREATE + - TABLE_CREATE + - VIEW_CREATE + - NAMESPACE_DROP + - TABLE_DROP + - VIEW_DROP + - NAMESPACE_LIST + - TABLE_LIST + - VIEW_LIST + - NAMESPACE_READ_PROPERTIES + - TABLE_READ_PROPERTIES + - VIEW_READ_PROPERTIES + - NAMESPACE_WRITE_PROPERTIES + - TABLE_WRITE_PROPERTIES + - VIEW_WRITE_PROPERTIES + - TABLE_READ_DATA + - TABLE_WRITE_DATA + - NAMESPACE_FULL_METADATA + - TABLE_FULL_METADATA + - VIEW_FULL_METADATA + + CatalogPrivilege: + type: string + enum: + - CATALOG_MANAGE_ACCESS + - CATALOG_MANAGE_CONTENT + - CATALOG_MANAGE_METADATA + - CATALOG_READ_PROPERTIES + - CATALOG_WRITE_PROPERTIES + - NAMESPACE_CREATE + - TABLE_CREATE + - VIEW_CREATE + - NAMESPACE_DROP + - TABLE_DROP + - VIEW_DROP + - NAMESPACE_LIST + - TABLE_LIST + - VIEW_LIST + - NAMESPACE_READ_PROPERTIES + - TABLE_READ_PROPERTIES + - VIEW_READ_PROPERTIES + - NAMESPACE_WRITE_PROPERTIES + - TABLE_WRITE_PROPERTIES + - VIEW_WRITE_PROPERTIES + - TABLE_READ_DATA + - TABLE_WRITE_DATA + - NAMESPACE_FULL_METADATA + - TABLE_FULL_METADATA + - VIEW_FULL_METADATA + + AddGrantRequest: + type: object + properties: + grant: + $ref: '#/components/schemas/GrantResource' + + RevokeGrantRequest: + type: object + properties: + grant: + $ref: '#/components/schemas/GrantResource' + + ViewGrant: + allOf: + - $ref: '#/components/schemas/GrantResource' + - type: object + properties: + namespace: + type: array + items: + type: string + viewName: + type: string + minLength: 1 + maxLength: 256 + privilege: + $ref: '#/components/schemas/ViewPrivilege' + required: + - namespace + - viewName + - privilege + + TableGrant: + allOf: + - $ref: '#/components/schemas/GrantResource' + - type: object + properties: + namespace: + type: array + items: + type: string + tableName: + type: string + minLength: 1 + maxLength: 256 + privilege: + $ref: '#/components/schemas/TablePrivilege' + required: + - namespace + - tableName + - privilege + + NamespaceGrant: + allOf: + - $ref: '#/components/schemas/GrantResource' + - type: object + properties: + namespace: + type: array + items: + type: string + privilege: + $ref: '#/components/schemas/NamespacePrivilege' + required: + - namespace + - privilege + + + CatalogGrant: + allOf: + - $ref: '#/components/schemas/GrantResource' + - type: object + properties: + privilege: + $ref: '#/components/schemas/CatalogPrivilege' + required: + - privilege + + GrantResource: + type: object + discriminator: + propertyName: type + mapping: + catalog: '#/components/schemas/CatalogGrant' + namespace: '#/components/schemas/NamespaceGrant' + table: '#/components/schemas/TableGrant' + view: '#/components/schemas/ViewGrant' + properties: + type: + type: string + enum: + - catalog + - namespace + - table + - view + required: + - type + + GrantResources: + type: object + properties: + grants: + type: array + items: + $ref: "#/components/schemas/GrantResource" + required: + - grants diff --git a/spec/docs.yaml b/spec/docs.yaml deleted file mode 100644 index 73a8381f2..000000000 --- a/spec/docs.yaml +++ /dev/null @@ -1,30 +0,0 @@ -openapi: 3.0.0 - -info: - title: Apache Polaris (Incubating) Documentation - x-logo: - url: ./img/logos/polaris-catalog-stacked-logo.svg - altText: Apache Polaris Logo - description: - $ref: ../docs/quickstart.md - contact: - email: dev [at] polaris.apache.org - url: https://github.com/apache/polaris - license: - name: Apache v2.0 - url: https://github.com/apache/polaris/blob/main/LICENSE - -tags: - - name: Overview - description: - $ref: ../docs/overview.md - - name: Polaris Entities - description: - $ref: ../docs/entities.md - - name: Access Control - description: - $ref: ../docs/access-control.md - - name: Configuring Polaris for Production - description: - $ref: ../docs/configuring-polaris-for-production.md - \ No newline at end of file diff --git a/spec/index.yaml b/spec/index.yaml deleted file mode 100644 index 7c88d4949..000000000 --- a/spec/index.yaml +++ /dev/null @@ -1,7087 +0,0 @@ -openapi: 3.0.0 -info: - title: Apache Polaris (Incubating) Documentation - x-logo: - url: ./img/logos/polaris-catalog-stacked-logo.svg - altText: Apache Polaris Logo - description: "\n\n# Quick Start\n\nThis guide serves as a introduction to several key entities that can be managed with Apache Polaris (Incubating), describes how to build and deploy Polaris locally, and finally includes examples of how to use Polaris with Apache Spark™.\n\n## Prerequisites\n\nThis guide covers building Polaris, deploying it locally or via [Docker](https://www.docker.com/), and interacting with it using the command-line interface and [Apache Spark](https://spark.apache.org/). Before proceeding with Polaris, be sure to satisfy the relevant prerequisites listed here.\n\n### Building and Deploying Polaris\n\nTo get the latest Polaris code, you'll need to clone the repository using [git](https://git-scm.com/). You can install git using [homebrew](https://brew.sh/):\n\n```shell\nbrew install git\n```\n\nThen, use git to clone the Polaris repo:\n\n```shell\ncd ~\ngit clone https://github.com/apache/polaris.git\n```\n\n#### With Docker\n\nIf you plan to deploy Polaris inside [Docker](https://www.docker.com/), you'll need to install docker itself. For example, this can be done using [homebrew](https://brew.sh/):\n\n```shell\nbrew install --cask docker\n```\n\nOnce installed, make sure Docker is running.\n\n#### From Source\n\nIf you plan to build Polaris from source yourself, you will need to satisfy a few prerequisites first.\n\nPolaris is built using [gradle](https://gradle.org/) and is compatible with Java 21. We recommend the use of [jenv](https://www.jenv.be/) to manage multiple Java versions. For example, to install Java 21 via [homebrew](https://brew.sh/) and configure it with jenv: \n\n```shell\ncd ~/polaris\nbrew install openjdk@21 jenv\njenv add $(brew --prefix openjdk@21)\njenv local 21\n```\n\n### Connecting to Polaris\n\nPolaris is compatible with any [Apache Iceberg](https://iceberg.apache.org/) client that supports the REST API. Depending on the client you plan to use, refer to the prerequisites below.\n\n#### With Spark\n\nIf you want to connect to Polaris with [Apache Spark](https://spark.apache.org/), you'll need to start by cloning Spark. As [above](#building-and-deploying-polaris), make sure [git](https://git-scm.com/) is installed first. You can install it with [homebrew](https://brew.sh/):\n\n```shell\nbrew install git\n```\n\nThen, clone Spark and check out a versioned branch. This guide uses [Spark 3.5](https://spark.apache.org/releases/spark-release-3-5-0.html).\n\n```shell\ncd ~\ngit clone https://github.com/apache/spark.git\ncd ~/spark\ngit checkout branch-3.5\n```\n\n## Deploying Polaris\n\nPolaris can be deployed via a lightweight docker image or as a standalone process. Before starting, be sure that you've satisfied the relevant [prerequisites](#building-and-deploying-polaris) detailed above.\n\n### Docker Image\n\nTo start using Polaris in Docker, launch Polaris while Docker is running:\n\n```shell\ncd ~/polaris\ndocker compose -f docker-compose.yml up --build\n```\n\nOnce the `polaris-polaris` container is up, you can continue to [Defining a Catalog](#defining-a-catalog).\n\n### Building Polaris\n\nRun Polaris locally with:\n\n```shell\ncd ~/polaris\n./gradlew runApp\n```\n\nYou should see output for some time as Polaris builds and starts up. Eventually, you won’t see any more logs and should see messages that resemble the following:\n\n```\nINFO [...] [main] [] o.e.j.s.handler.ContextHandler: Started i.d.j.MutableServletContextHandler@...\nINFO [...] [main] [] o.e.j.server.AbstractConnector: Started application@...\nINFO [...] [main] [] o.e.j.server.AbstractConnector: Started admin@...\nINFO [...] [main] [] o.eclipse.jetty.server.Server: Started Server@...\n```\n\nAt this point, Polaris is running.\n\n## Bootstrapping Polaris\n\nFor this tutorial, we'll launch an instance of Polaris that stores entities only in-memory. This means that any entities that you define will be destroyed when Polaris is shut down. It also means that Polaris will automatically bootstrap itself with root credentials. For more information on how to configure Polaris for production usage, see the [docs](./configuring-polaris-for-production.md).\n\nWhen Polaris is launched using in-memory mode the root principal credentials can be found in stdout on initial startup. For example:\n\n```\nrealm: default-realm root principal credentials: :\n```\n\nBe sure to note of these credentials as we'll be using them below. You can also set these credentials as environment variables for use with the Polaris CLI:\n\n```shell\nexport CLIENT_ID= \nexport CLIENT_SECRET=\n```\n\n## Defining a Catalog\n\nIn Polaris, the [catalog](./entities.md#catalog) is the top-level entity that objects like [tables](./entities.md#table) and [views](./entities.md#view) are organized under. With a Polaris service running, you can create a catalog like so:\n\n```shell\ncd ~/polaris\n\n./polaris \\\n --client-id ${CLIENT_ID} \\\n --client-secret ${CLIENT_SECRET} \\\n catalogs \\\n create \\\n --storage-type s3 \\\n --default-base-location ${DEFAULT_BASE_LOCATION} \\\n --role-arn ${ROLE_ARN} \\\n quickstart_catalog\n```\n\nThis will create a new catalog called **quickstart_catalog**.\n\nThe `DEFAULT_BASE_LOCATION` you provide will be the default location that objects in this catalog should be stored in, and the `ROLE_ARN` you provide should be a [Role ARN](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html) with access to read and write data in that location. These credentials will be provided to engines reading data from the catalog once they have authenticated with Polaris using credentials that have access to those resources.\n\nIf you’re using a storage type other than S3, such as Azure, you’ll provide a different type of credential than a Role ARN. For more details on supported storage types, see the [docs](./entities.md#storage-type).\n\nAdditionally, if Polaris is running somewhere other than `localhost:8181`, you can specify the correct hostname and port by providing `--host` and `--port` flags. For the full set of options supported by the CLI, please refer to the [docs](./command-line-interface.md).\n\n\n### Creating a Principal and Assigning it Privileges\n\nWith a catalog created, we can create a [principal](./entities.md#principal) that has access to manage that catalog. For details on how to configure the Polaris CLI, see [the section above](#defining-a-catalog) or refer to the [docs](./command-line-interface.md).\n\n```shell\n./polaris \\\n --client-id ${CLIENT_ID} \\\n --client-secret ${CLIENT_SECRET} \\\n principals \\\n create \\\n quickstart_user\n\n./polaris \\\n --client-id ${CLIENT_ID} \\\n --client-secret ${CLIENT_SECRET} \\\n principal-roles \\\n create \\\n quickstart_user_role\n\n./polaris \\\n --client-id ${CLIENT_ID} \\\n --client-secret ${CLIENT_SECRET} \\\n catalog-roles \\\n create \\\n --catalog quickstart_catalog \\\n quickstart_catalog_role\n```\n\nBe sure to provide the necessary credentials, hostname, and port as before.\n\nWhen the `principals create` command completes successfully, it will return the credentials for this new principal. Be sure to note these down for later. For example:\n\n```\n./polaris ... principals create example\n{\"clientId\": \"XXXX\", \"clientSecret\": \"YYYY\"}\n```\n\nNow, we grant the principal the [principal role](./entities.md#principal-role) we created, and grant the [catalog role](./entities.md#catalog-role) the principal role we created. For more information on these entities, please refer to the linked documentation.\n\n```shell\n./polaris \\\n --client-id ${CLIENT_ID} \\\n --client-secret ${CLIENT_SECRET} \\\n principal-roles \\\n grant \\\n --principal quickstart_user \\\n quickstart_user_role\n\n./polaris \\\n --client-id ${CLIENT_ID} \\\n --client-secret ${CLIENT_SECRET} \\\n catalog-roles \\\n grant \\\n --catalog quickstart_catalog \\\n --principal-role quickstart_user_role \\\n quickstart_catalog_role\n```\n\nNow, we’ve linked our principal to the catalog via roles like so:\n\n![Principal to Catalog](./img/quickstart/privilege-illustration-1.png \"Principal to Catalog\")\n\nIn order to give this principal the ability to interact with the catalog, we must assign some [privileges](./entities.md#privilege). For the time being, we will give this principal the ability to fully manage content in our new catalog. We can do this with the CLI like so:\n\n```shell\n./polaris \\\n --client-id ${CLIENT_ID} \\\n --client-secret ${CLIENT_SECRET} \\\n privileges \\\n catalog \\\n grant \\\n --catalog quickstart_catalog \\\n --catalog-role quickstart_catalog_role \\\n CATALOG_MANAGE_CONTENT\n```\n\nThis grants the [catalog privileges](./entities.md#privilege) `CATALOG_MANAGE_CONTENT` to our catalog role, linking everything together like so:\n\n![Principal to Catalog with Catalog Role](./img/quickstart/privilege-illustration-2.png \"Principal to Catalog with Catalog Role\")\n\n`CATALOG_MANAGE_CONTENT` has create/list/read/write privileges on all entities within the catalog. The same privilege could be granted to a namespace, in which case the principal could create/list/read/write any entity under that namespace.\n\n## Using Iceberg & Polaris\n\nAt this point, we’ve created a principal and granted it the ability to manage a catalog. We can now use an external engine to assume that principal, access our catalog, and store data in that catalog using [Apache Iceberg](https://iceberg.apache.org/).\n\n### Connecting with Spark\n\nTo use a Polaris-managed catalog in [Apache Spark](https://spark.apache.org/), we can configure Spark to use the Iceberg catalog REST API.\n\nThis guide uses [Apache Spark 3.5](https://spark.apache.org/releases/spark-release-3-5-0.html), but be sure to find [the appropriate iceberg-spark package for your Spark version](https://mvnrepository.com/artifact/org.apache.iceberg/iceberg-spark). From a local Spark clone on the `branch-3.5` branch we can run the following:\n\n_Note: the credentials provided here are those for our principal, not the root credentials._\n\n```shell\nbin/spark-shell \\\n--packages org.apache.iceberg:iceberg-spark-runtime-3.5_2.12:1.5.2,org.apache.hadoop:hadoop-aws:3.4.0 \\\n--conf spark.sql.extensions=org.apache.iceberg.spark.extensions.IcebergSparkSessionExtensions \\\n--conf spark.sql.catalog.quickstart_catalog.warehouse=quickstart_catalog \\\n--conf spark.sql.catalog.quickstart_catalog.header.X-Iceberg-Access-Delegation=vended-credentials \\\n--conf spark.sql.catalog.quickstart_catalog=org.apache.iceberg.spark.SparkCatalog \\\n--conf spark.sql.catalog.quickstart_catalog.catalog-impl=org.apache.iceberg.rest.RESTCatalog \\\n--conf spark.sql.catalog.quickstart_catalog.uri=http://localhost:8181/api/catalog \\\n--conf spark.sql.catalog.quickstart_catalog.credential='XXXX:YYYY' \\\n--conf spark.sql.catalog.quickstart_catalog.scope='PRINCIPAL_ROLE:ALL' \\\n--conf spark.sql.catalog.quickstart_catalog.token-refresh-enabled=true\n```\n\n\nReplace `XXXX` and `YYYY` with the client ID and client secret generated when you created the `quickstart_user` principal.\n\nSimilar to the CLI commands above, this configures Spark to use the Polaris running at `localhost:8181`. If your Polaris server is running elsewhere, but sure to update the configuration appropriately.\n\nFinally, note that we include the `hadoop-aws` package here. If your table is using a different filesystem, be sure to include the appropriate dependency.\n\nOnce the Spark session starts, we can create a namespace and table within the catalog:\n\n```\nspark.sql(\"USE quickstart_catalog\")\nspark.sql(\"CREATE NAMESPACE IF NOT EXISTS quickstart_namespace\")\nspark.sql(\"CREATE NAMESPACE IF NOT EXISTS quickstart_namespace.schema\")\nspark.sql(\"USE NAMESPACE quickstart_namespace.schema\")\nspark.sql(\"\"\"\n\tCREATE TABLE IF NOT EXISTS quickstart_table (\n\t\tid BIGINT, data STRING\n\t) \nUSING ICEBERG\n\"\"\")\n```\n\nWe can now use this table like any other:\n\n```\nspark.sql(\"INSERT INTO quickstart_table VALUES (1, 'some data')\")\nspark.sql(\"SELECT * FROM quickstart_table\").show(false)\n. . .\n+---+---------+\n|id |data |\n+---+---------+\n|1 |some data|\n+---+---------+\n```\n\nIf at any time access is revoked...\n\n```shell\n./polaris \\\n --client-id ${CLIENT_ID} \\\n --client-secret ${CLIENT_SECRET} \\\n privileges \\\n catalog \\\n revoke \\\n --catalog quickstart_catalog \\\n --catalog-role quickstart_catalog_role \\\n CATALOG_MANAGE_CONTENT\n```\n\nSpark will lose access to the table:\n\n```\nspark.sql(\"SELECT * FROM quickstart_table\").show(false)\n\norg.apache.iceberg.exceptions.ForbiddenException: Forbidden: Principal 'quickstart_user' with activated PrincipalRoles '[]' and activated ids '[6, 7]' is not authorized for op LOAD_TABLE_WITH_READ_DELEGATION\n```\n" - contact: - email: dev [at] polaris.apache.org - url: https://github.com/apache/polaris - license: - name: Apache v2.0 - url: https://github.com/apache/polaris/blob/main/LICENSE -servers: - - url: '{scheme}://{host}/api/management/v1' - description: Server URL when the port can be inferred from the scheme - variables: - scheme: - description: The scheme of the URI, either http or https. - default: https - host: - description: The host address for the specified server - default: localhost - - url: '{scheme}://{host}/{basePath}' - description: Server URL when the port can be inferred from the scheme - variables: - scheme: - description: The scheme of the URI, either http or https. - default: https - host: - description: The host address for the specified server - default: localhost - basePath: - description: Optional prefix to be appended to all routes - default: '' - - url: '{scheme}://{host}:{port}/{basePath}' - description: Generic base server URL, with all parts configurable - variables: - scheme: - description: The scheme of the URI, either http or https. - default: https - host: - description: The host address for the specified server - default: localhost - port: - description: The port used when addressing the host - default: '443' - basePath: - description: Optional prefix to be appended to all routes - default: '' -tags: - - name: Overview - description: > - - - - Apache Polaris (Incubating) is a catalog implementation for Apache - Iceberg™ tables and is built on the open source Apache - Iceberg™ REST protocol. - - - With Polaris, you can provide centralized, secure read and write access to - your Iceberg tables across different REST-compatible query engines. - - - ![Conceptual diagram of Apache Polaris (Incubating).](img/overview.svg - "Apache Polaris (Incubating) overview") - - - ## Key concepts - - - This section introduces key concepts associated with using Apache Polaris - (Incubating). - - - In the following diagram, a sample [Apache Polaris (Incubating) - structure](overview.md#catalog) with nested - [namespaces](overview.md#namespace) is shown for Catalog1. No tables - - or namespaces have been created yet for Catalog2 or Catalog3. - - - ![Diagram that shows an example Apache Polaris (Incubating) - structure.](img/sample-catalog-structure.svg "Sample Apache Polaris - (Incubating) structure") - - - ### Catalog - - - In Polaris, you can create one or more catalog resources to organize - Iceberg tables. - - - Configure your catalog by setting values in the storage configuration for - S3, Azure, or Google Cloud Storage. An Iceberg catalog enables a - - query engine to manage and organize tables. The catalog forms the first - architectural layer in the [Apache Iceberg™ table - specification](https://iceberg.apache.org/spec/#overview) and must support - the following tasks: - - - - Storing the current metadata pointer for one or more Iceberg tables. A - metadata pointer maps a table name to the location of that table's - current metadata file. - - - Performing atomic operations so that you can update the current metadata - pointer for a table to the metadata pointer of a new version of - the table. - - To learn more about Iceberg catalogs, see the [Apache Iceberg™ - documentation](https://iceberg.apache.org/concepts/catalog/). - - - #### Catalog types - - - A catalog can be one of the following two types: - - - - Internal: The catalog is managed by Polaris. Tables from this catalog - can be read and written in Polaris. - - - - External: The catalog is externally managed by another Iceberg catalog - provider (for example, Snowflake, Glue, Dremio Arctic). Tables from - this catalog are synced to Polaris. These tables are read-only in Polaris. In the current release, only a Snowflake external catalog is provided. - - A catalog is configured with a storage configuration that can point to S3, - Azure storage, or GCS. - - - ### Namespace - - - You create *namespaces* to logically group Iceberg tables within a - catalog. A catalog can have multiple namespaces. You can also create - - nested namespaces. Iceberg tables belong to namespaces. - - - ### Apache Iceberg™ tables and catalogs - - - In an internal catalog, an Iceberg table is registered in Polaris, but - read and written via query engines. The table data and - - metadata is stored in your external cloud storage. The table uses Polaris - as the Iceberg catalog. - - - If you have tables housed in another Iceberg catalog, you can sync these - tables to an external catalog in Polaris. - - If you sync this catalog to Polaris, it appears as an external catalog in - Polaris. Clients connecting to the external - - catalog can read from or write to these tables. However, clients - connecting to Polaris will only be able to - - read from these tables. - - - > **Important** - - > - - > For the access privileges defined for a catalog to be enforced - correctly, the following conditions must be met: - - > - - > - The directory only contains the data files that belong to a single - table. - - > - The directory hierarchy matches the namespace hierarchy for the - catalog. - - > - - > For example, if a catalog includes the following items: - - > - - > - Top-level namespace namespace1 - - > - Nested namespace namespace1a - - > - A customers table, which is grouped under nested namespace namespace1a - - > - An orders table, which is grouped under nested namespace namespace1a - - > - - > The directory hierarchy for the catalog must follow this structure: - - > - - > - /namespace1/namespace1a/customers/ - - > - /namespace1/namespace1a/orders/ - - - ### Service principal - - - A service principal is an entity that you create in Polaris. Each service - principal encapsulates credentials that you use to connect - - to Polaris. - - - Query engines use service principals to connect to catalogs. - - - Polaris generates a Client ID and Client Secret pair for each service - principal. - - - The following table displays example service principals that you might - create in Polaris: - - | Service connection name | Purpose | - | --------------------------- | ----------- | - | Flink ingestion | For Apache Flink® to ingest streaming data into Apache Iceberg™ tables. | - | Spark ETL pipeline | For Apache Spark™ to run ETL pipeline jobs on Iceberg tables. | - | Snowflake data pipelines | For Snowflake to run data pipelines for transforming data in Apache Iceberg™ tables. | - | Trino BI dashboard | For Trino to run BI queries for powering a dashboard. | - | Snowflake AI team | For Snowflake to run AI jobs on data in Apache Iceberg™ tables. | - - ### Service connection - - - A service connection represents a REST-compatible engine (such as Apache - Spark™, Apache Flink®, or Trino) that can read from and write to - Polaris - - Catalog. When creating a new service connection, the Polaris administrator - grants the service principal that is created with the new service - - connection either a new or existing principal role. A principal role is a - resource in Polaris that you can use to logically group Polaris - - service principals together and grant privileges on securable objects. For - more information, see [Principal role](access-control.md#principal-role - "Principal role"). Polaris uses a role-based access control (RBAC) model - to grant service principals access to resources. For more information, - - see [Access control](access-control.md "Access control"). For a diagram of - this model, see [RBAC model](access-control.md#rbac-model "RBAC model"). - - - If the Polaris administrator grants the service principal for the new - service connection a new principal role, the service principal - - doesn't have any privileges granted to it yet. When securing the catalog - that the new service connection will connect to, the Polaris - - administrator grants privileges to catalog roles and then grants these - catalog roles to the new principal role. As a result, the service - - principal for the new service connection has these privileges. For more - information about catalog roles, see [Catalog - role](access-control.md#catalog-role "Catalog role"). - - - If the Polaris administrator grants an existing principal role to the - service principal for the new service connection, the service principal - - has the same privileges granted to the catalog roles that are granted to - the existing principal role. If needed, the Polaris - - administrator can grant additional catalog roles to the existing principal - role or remove catalog roles from it to adjust the privileges - - bestowed to the service principal. For an example of how RBAC works in - Polaris, see [RBAC example](access-control.md#rbac-example "RBAC - example"). - - - ### Storage configuration - - - A storage configuration stores a generated identity and access management - (IAM) entity for your external cloud storage and is created - - when you create a catalog. The storage configuration is used to set the - values to connect Polaris to your cloud storage. During the - - catalog creation process, an IAM entity is generated and used to create a - trust relationship between the cloud storage provider and Polaris - - Catalog. - - - When you create a catalog, you supply the following information about your - external cloud storage: - - - | Cloud storage provider | Information | - - | -----------------------| ----------- | - - | Amazon S3 |
    • Default base location for your Amazon S3 - bucket
    • Locations for your Amazon S3 bucket
    • S3 role - ARN
    • External ID (optional)
    | - - | Google Cloud Storage (GCS) |
    • Default base location for your GCS - bucket
    • Locations for your GCS bucket
    | - - | Azure |
    • Default base location for your Microsoft Azure - container
    • Locations for your Microsoft Azure - container
    • Azure tenant ID
    | - - - ## Example workflow - - - In the following example workflow, Bob creates an Apache Iceberg™ - table named Table1 and Alice reads data from Table1. - - - 1. Bob uses Apache Spark™ to create the Table1 table under the - Namespace1 namespace in the Catalog1 catalog and insert values into - Table1. - - Bob can create Table1 and insert data into it because he is using a - service connection with a service principal that has - the privileges to perform these actions. - - 2. Alice uses Trino to read data from Table1. - - Alice can read data from Table1 because she is using a service - connection with a service principal that has the privileges to - perform this action. - - ![Diagram that shows an example workflow for Apache Polaris - (Incubating)](img/example-workflow.svg "Example workflow for Apache - Polaris (Incubating)") - - - ## Security and access control - - - This section describes security and access control. - - - ### Credential vending - - - To secure interactions with service connections, Polaris vends temporary - storage credentials to the query engine during query - - execution. These credentials allow the query engine to run the query - without requiring access to your external cloud storage for - - Iceberg tables. This process is called credential vending. - - - ### Identity and access management (IAM) - - - Polaris uses the identity and access management (IAM) entity to securely - connect to your storage for accessing table data, Iceberg - - metadata, and manifest files that store the table schema, partitions, and - other metadata. Polaris retains the IAM entity for your - - storage location. - - - ### Access control - - - Polaris enforces the access control that you configure across all tables - registered with the service and governs security for all - - queries from query engines in a consistent manner. - - - Polaris uses a role-based access control (RBAC) model that lets you - centrally configure access for Polaris service principals to catalogs, - - namespaces, and tables. - - - Polaris RBAC uses two different role types to delegate privileges: - - - - **Principal roles:** Granted to Polaris service principals and - analogous to roles in other access control systems that you grant to - service principals. - - - **Catalog roles:** Configured with certain privileges on Polaris - catalog resources and granted to principal roles. - - For more information, see [Access control](access-control.md "Access - control"). - - - ## Legal Notices - - - Apache®, Apache Iceberg™, Apache Spark™, Apache - Flink®, and Flink® are either registered trademarks or trademarks - of the Apache Software Foundation in the United States and/or other - countries. - x-displayName: Overview - - name: Polaris Entities - description: > - - - - This page documents various entities that can be managed in Apache Polaris - (Incubating). - - - ## Catalog - - - A catalog is a top-level entity in Polaris that may contain other entities - like [namespaces](#namespace) and [tables](#table). These map directly to - [Apache Iceberg catalogs](https://iceberg.apache.org/concepts/catalog/). - - - For information on managing catalogs with the REST API or for more - information on what data can be associated with a catalog, see [the API - docs](../regtests/client/python/docs/CreateCatalogRequest.md). - - - ### Storage Type - - - All catalogs in Polaris are associated with a _storage type_. Valid - Storage Types are `S3`, `Azure`, and `GCS`. The `FILE` type is also - additionally available for testing. Each of these types relates to a - different storage provider where data within the catalog may reside. - Depending on the storage type, various other configurations may be set for - a catalog including credentials to be used when accessing data inside the - catalog. - - - For details on how to use Storage Types in the REST API, see [the API - docs](../regtests/client/python/docs/StorageConfigInfo.md). - - - ## Namespace - - - A namespace is a logical entity that resides within a [catalog](#catalog) - and can contain other entities such as [tables](#table) or [views](#view). - Some other systems may refer to namespaces as _schemas_ or _databases_. - - - In Polaris, namespaces can be nested. For example, `a.b.c.d.e.f.g` is a - valid namespace. `b` is said to reside within `a`, and so on. - - - For information on managing namespaces with the REST API or for more - information on what data can be associated with a namespace, see [the API - docs](../regtests/client/python/docs/CreateNamespaceRequest.md). - - - - ## Table - - - Polaris tables are entities that map to [Apache Iceberg - tables](https://iceberg.apache.org/docs/nightly/configuration/). - - - For information on managing tables with the REST API or for more - information on what data can be associated with a table, see [the API - docs](../regtests/client/python/docs/CreateTableRequest.md). - - - ## View - - - Polaris views are entities that map to [Apache Iceberg - views](https://iceberg.apache.org/view-spec/). - - - For information on managing views with the REST API or for more - information on what data can be associated with a view, see [the API - docs](../regtests/client/python/docs/CreateViewRequest.md). - - - ## Principal - - - Polaris principals are unique identities that can be used to represent - users or services. Each principal may have one or more [principal - roles](#principal-role) assigned to it for the purpose of accessing - catalogs and the entities within them. - - - For information on managing principals with the REST API or for more - information on what data can be associated with a principal, see [the API - docs](../regtests/client/python/docs/CreatePrincipalRequest.md). - - - ## Principal Role - - - Polaris principal roles are labels that may be granted to - [principals](#principal). Each principal may have one or more principal - roles, and the same principal role may be granted to multiple principals. - Principal roles may be assigned based on the persona or responsibilities - of a given principal, or on how that principal will need to access - different entities within Polaris. - - - For information on managing principal roles with the REST API or for more - information on what data can be associated with a principal role, see [the - API docs](../regtests/client/python/docs/CreatePrincipalRoleRequest.md). - - - - ## Catalog Role - - - Polaris catalog roles are labels that may be granted to - [catalogs](#catalog). Each catalog may have one or more catalog roles, and - the same catalog role may be granted to multiple catalogs. Catalog roles - may be assigned based on the nature of data that will reside in a catalog, - or by the groups of users and services that might need to access that - data. - - - Each catalog role may have multiple [privileges](#privilege) granted to - it, and each catalog role can be granted to one or more [principal - roles](#principal-role). This is the mechanism by which principals are - granted access to entities inside a catalog such as namespaces and tables. - - - ## Privilege - - - Polaris privileges are granted to [catalog roles](#catalog-role) in order - to grant principals with a given principal role some degree of access to - catalogs with a given catalog role. When a privilege is granted to a - catalog role, any principal roles granted that catalog role receive the - privilege. In turn, any principals who are granted that principal role - receive it. - - - A privilege can be scoped to any entity inside a catalog, including the - catalog itself. - - - For a list of supported privileges for each privilege class, see the API - docs: - - * [Table Privileges](../regtests/client/python/docs/TablePrivilege.md) - - * [View Privileges](../regtests/client/python/docs/ViewPrivilege.md) - - * [Namespace - Privileges](../regtests/client/python/docs/NamespacePrivilege.md) - - * [Catalog Privileges](../regtests/client/python/docs/CatalogPrivilege.md) - x-displayName: Polaris Entities - - name: Access Control - description: > - - - - This section provides information about how access control works for - Apache Polaris (Incubating). - - - Polaris uses a role-based access control (RBAC) model in which the Polaris - administrator assigns access privileges to catalog roles - - and then grants access to resources to service principals by assigning - catalog roles to principal roles. - - - These are the key concepts to understanding access control in Polaris: - - - - **Securable object** - - - **Principal role** - - - **Catalog role** - - - **Privilege** - - - ## Securable object - - - A securable object is an object to which access can be granted. Polaris - - has the following securable objects: - - - - Catalog - - - Namespace - - - Iceberg table - - - View - - - ## Principal role - - - A principal role is a resource in Polaris that you can use to logically - group Polaris service principals together and grant privileges on - - securable objects. - - - Polaris supports a many-to-one relationship between service principals and - principal roles. For example, to grant the same privileges to - - multiple service principals, you can grant a single principal role to - those service principals. A service principal can be granted one - - principal role. When registering a service connection, the Polaris - administrator specifies the principal role that is granted to the - - service principal. - - - You don't grant privileges directly to a principal role. Instead, you - configure object permissions at the catalog role level, and then grant - - catalog roles to a principal role. - - - The following table shows examples of principal roles that you might - configure in Polaris: - - - | Principal role name | Description | - - | -----------------------| ----------- | - - | Data_engineer | A role that is granted to multiple service principals - for running data engineering jobs. | - - | Data_scientist | A role that is granted to multiple service principals - for running data science or AI jobs. | - - - ## Catalog role - - - A catalog role belongs to a particular catalog resource in Polaris and - specifies a set of permissions for actions on the catalog or objects - - in the catalog, such as catalog namespaces or tables. You can create one - or more catalog roles for a catalog. - - - You grant privileges to a catalog role and then grant the catalog role to - a principal role to bestow the privileges to one or more service - - principals. - - - > **Note** - - > - - > If you update the privileges bestowed to a service principal, the - updates won't take effect for up to one hour. This means that if you - - > revoke or grant some privileges for a catalog, the updated privileges - won't take effect on any service principal with access to that catalog - - > for up to one hour. - - - Polaris also supports a many-to-many relationship between catalog roles - and principal roles. You can grant the same catalog role to one or more - - principal roles. Likewise, a principal role can be granted to one or more - catalog roles. - - - The following table displays examples of catalog roles that you might - - configure in Polaris: - - - | Example Catalog role | Description | - - | -----------------------| ----------- | - - | Catalog administrators | A role that has been granted multiple - privileges to emulate full access to the catalog.

    Principal - roles that have been granted this role are permitted to create, alter, - read, write, and drop tables in the catalog. | - - | Catalog readers | A role that has been granted read-only privileges - to tables in the catalog.

    Principal roles that have been - granted this role are allowed to read from tables in the catalog. | - - | Catalog contributor | A role that has been granted read and write - access privileges to all tables that belong to the catalog.

    Principal roles that have been granted this role are allowed to perform - read and write operations on tables in the catalog. | - - - ## RBAC model - - - The following diagram illustrates the RBAC model used by Polaris. For each - catalog, the Polaris administrator assigns access - - privileges to catalog roles and then grants service principals access to - resources by assigning catalog roles to principal roles. Polaris - - supports a many-to-one relationship between service principals and - principal roles. - - - ![Diagram that shows the RBAC model for Apache - Polaris.](img/rbac-model.svg "Apache Polaris RBAC model") - - - ## Access control privileges - - - This section describes the privileges that are available in the Polaris - access control model. Privileges are granted to catalog roles, catalog - - roles are granted to principal roles, and principal roles are granted to - service principals to specify the operations that service principals can - - perform on objects in Polaris. - - - > **Important** - - > - - > You can only grant privileges at the catalog level. Fine-grained access - controls are not available. For example, you can grant read - - > privileges to all tables in a catalog but not to an individual table in - the catalog. - - - To grant the full set of privileges (drop, list, read, write, etc.) on an - object, you can use the *full privilege* option. - - - ### Table privileges - - - | Privilege | Description | - - | --------- | ----------- | - - | TABLE_CREATE | Enables registering a table with the catalog. | - - | TABLE_DROP | Enables dropping a table from the catalog. | - - | TABLE_LIST | Enables listing any tables in the catalog. | - - | TABLE_READ_PROPERTIES | Enables reading - [properties](https://iceberg.apache.org/docs/nightly/configuration/#table-properties) - of the table. | - - | TABLE_WRITE_PROPERTIES | Enables configuring - [properties](https://iceberg.apache.org/docs/nightly/configuration/#table-properties) - for the table. | - - | TABLE_READ_DATA | Enables reading data from the table by receiving - short-lived read-only storage credentials from the catalog. | - - | TABLE_WRITE_DATA | Enables writing data to the table by receiving - short-lived read+write storage credentials from the catalog. | - - | TABLE_FULL_METADATA | Grants all table privileges, except - TABLE_READ_DATA and TABLE_WRITE_DATA, which need to be granted - individually. | - - - ### View privileges - - - | Privilege | Description | - - | --------- | ----------- | - - | VIEW_CREATE | Enables registering a view with the catalog. | - - | VIEW_DROP | Enables dropping a view from the catalog. | - - | VIEW_LIST | Enables listing any views in the catalog. | - - | VIEW_READ_PROPERTIES | Enables reading all the view properties. | - - | VIEW_WRITE_PROPERTIES | Enables configuring view properties. | - - | VIEW_FULL_METADATA | Grants all view privileges. | - - - ### Namespace privileges - - - | Privilege | Description | - - | --------- | ----------- | - - | NAMESPACE_CREATE | Enables creating a namespace in a catalog. | - - | NAMESPACE_DROP | Enables dropping the namespace from the catalog. | - - | NAMESPACE_LIST | Enables listing any object in the namespace, including - nested namespaces and tables. | - - | NAMESPACE_READ_PROPERTIES | Enables reading all the namespace - properties. | - - | NAMESPACE_WRITE_PROPERTIES | Enables configuring namespace properties. | - - | NAMESPACE_FULL_METADATA | Grants all namespace privileges. | - - - ### Catalog privileges - - - | Privilege | Description | - - | -----------------------| ----------- | - - | CATALOG_MANAGE_ACCESS | Includes the ability to grant or revoke - privileges on objects in a catalog to catalog roles, and the ability to - grant or revoke catalog roles to or from principal roles. | - - | CATALOG_MANAGE_CONTENT | Enables full management of content for the - catalog. This privilege encompasses the following - privileges:
    • CATALOG_MANAGE_METADATA
    • TABLE_FULL_METADATA
    • NAMESPACE_FULL_METADATA
    • VIEW_FULL_METADATA
    • TABLE_WRITE_DATA
    • TABLE_READ_DATA
    • CATALOG_READ_PROPERTIES
    • CATALOG_WRITE_PROPERTIES
    - | - - | CATALOG_MANAGE_METADATA | Enables full management of the catalog, - catalog roles, namespaces, and tables. | - - | CATALOG_READ_PROPERTIES | Enables listing catalogs and reading - properties of the catalog. | - - | CATALOG_WRITE_PROPERTIES | Enables configuring catalog properties. | - - - ## RBAC example - - - The following diagram illustrates how RBAC works in Polaris and - - includes the following users: - - - - **Alice:** A service admin who signs up for Polaris. Alice can - create service principals. She can also create catalogs and - namespaces and configure access control for Polaris resources. - - - **Bob:** A data engineer who uses Apache Spark™ to - interact with Polaris. - - - Alice has created a service principal for Bob. It has been - granted the Data_engineer principal role, which in turn has been - granted the following catalog roles: Catalog contributor and - Data administrator (for both the Silver and Gold zone catalogs - in the following diagram). - - - The Catalog contributor role grants permission to create - namespaces and tables in the Bronze zone catalog. - - - The Data administrator roles grant full administrative rights to - the Silver zone catalog and Gold zone catalog. - - - **Mark:** A data scientist who uses trains models with data managed - by Polaris. - - - Alice has created a service principal for Mark. It has been - granted the Data_scientist principal role, which in turn has - been granted the catalog role named Catalog reader. - - - The Catalog reader role grants read-only access for a catalog - named Gold zone catalog. - - ![Diagram that shows an example of how RBAC works in Apache - Polaris.](img/rbac-example.svg "Apache Polaris RBAC example") - x-displayName: Access Control - - name: Configuring Polaris for Production - description: >+ - - - - - # Configuring Apache Polaris (Incubating) for Production - - - The default `polaris-server.yml` configuration is intended for development - and testing. When deploying Polaris in production, there are several best - practices to keep in mind. - - - ## Security - - - ### Configurations - - - Notable configuration used to secure a Polaris deployment are outlined - below. - - - #### oauth2 - - - > [!WARNING] - - > Ensure that the `tokenBroker` setting reflects the token broker - specified in `authenticator` below. - - - * Configure [OAuth](https://oauth.net/2/) with this setting. Remove the - `TestInlineBearerTokenPolarisAuthenticator` option and uncomment the - `DefaultPolarisAuthenticator` authenticator option beneath it. - - * Then, configure the token broker. You can configure the token broker to - use either - [asymmetric](https://github.com/apache/polaris/blob/b482617bf8cc508b37dbedf3ebc81a9408160a5e/polaris-service/src/main/java/io/polaris/service/auth/JWTRSAKeyPair.java#L24) - or - [symmetric](https://github.com/apache/polaris/blob/b482617bf8cc508b37dbedf3ebc81a9408160a5e/polaris-service/src/main/java/io/polaris/service/auth/JWTSymmetricKeyBroker.java#L23) - keys. - - - #### authenticator.tokenBroker - - - > [!WARNING] - - > Ensure that the `tokenBroker` setting reflects the token broker - specified in `oauth2` above. - - - #### callContextResolver & realmContextResolver - - * Use these configurations to specify a service that can resolve a realm - from bearer tokens. - - * The service(s) used here must implement the relevant interfaces (i.e. - [CallContextResolver](https://github.com/apache/polaris/blob/8290019c10290a600e40b35ddb1e2f54bf99e120/polaris-service/src/main/java/io/polaris/service/context/CallContextResolver.java#L27) - and - [RealmContextResolver](https://github.com/apache/polaris/blob/7ce86f10a68a3b56aed766235c88d6027c0de038/polaris-service/src/main/java/io/polaris/service/context/RealmContextResolver.java)). - - - ## Metastore Management - - - > [!IMPORTANT] - - > The default `in-memory` implementation for `metastoreManager` is meant - for testing and not suitable for production usage. Instead, consider an - implementation such as `eclipse-link` which allows you to store metadata - in a remote database. - - - A Metastore Manger should be configured with an implementation that - durably persists Polaris entities. Use the configuration - `metaStoreManager` to configure a - [MetastoreManager](https://github.com/apache/polaris/blob/627dc602eb15a3258dcc32babf8def34cf6de0e9/polaris-core/src/main/java/io/polaris/core/persistence/PolarisMetaStoreManager.java#L47) - implementation where Polaris entities will be persisted. - - - Be sure to secure your metastore backend since it will be storing - credentials and catalog metadata. - - - ### Configuring EclipseLink - - - To use EclipseLink for metastore management, specify the configuration - `metaStoreManager.conf-file` to point to an EclipseLink `persistence.xml` - file. This file, local to the Polaris service, contains details of the - database used for metastore management and the connection settings. For - more information, refer to [metastore documentation](./metastores.md) for - details. - - - ### Bootstrapping - - - Before using Polaris when using a metastore manager other than - `in-memory`, you must **bootstrap** the metastore manager. This is a - manual operation that must be performed **only once** in order to prepare - the metastore manager to integrate with Polaris. When the metastore - manager is bootstrapped, any existing Polaris entities in the metastore - manager may be **purged**. - - - To bootstrap Polaris, run: - - - ```bash - - java -jar /path/to/jar/polaris-service-all.jar bootstrap - polaris-server.yml - - ``` - - - Afterwards, Polaris can be launched normally: - - - ```bash - - java -jar /path/to/jar/polaris-service-all.jar server polaris-server.yml - - ``` - - - ## Other Configurations - - - When deploying Polaris in production, consider adjusting the following - configurations: - - - #### featureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES - - By default Polaris catalogs are allowed to be located in local filesystem with the `FILE` storage type. This should be disabled for production systems. - - Use this configuration to additionally disable any other storage types that will not be in use. - - - x-displayName: Configuring Polaris for Production - - name: polaris-management-service_other - x-displayName: other - - name: Configuration API - x-displayName: Configuration API - - name: OAuth2 API - x-displayName: OAuth2 API - - name: Catalog API - x-displayName: Catalog API -paths: - /catalogs: - get: - operationId: listCatalogs - description: List all catalogs in this polaris service - responses: - '200': - description: List of catalogs in the polaris service - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_Catalogs' - '403': - description: The caller does not have permission to list catalog details - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - post: - operationId: createCatalog - description: Add a new Catalog - requestBody: - description: The Catalog to create - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_CreateCatalogRequest - responses: - '201': - description: Successful response - '403': - description: The caller does not have permission to create a catalog - '404': - description: The catalog does not exist - '409': - description: A catalog with the specified name already exists - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /catalogs/{catalogName}: - parameters: - - name: catalogName - in: path - description: The name of the catalog - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: getCatalog - description: Get the details of a catalog - responses: - '200': - description: The catalog details - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_Catalog' - '403': - description: The caller does not have permission to read catalog details - '404': - description: The catalog does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - put: - operationId: updateCatalog - description: Update an existing catalog - requestBody: - description: The catalog details to use in the update - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_UpdateCatalogRequest - responses: - '200': - description: The catalog details - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_Catalog' - '403': - description: The caller does not have permission to update catalog details - '404': - description: The catalog does not exist - '409': - description: >- - The entity version doesn't match the currentEntityVersion; retry - after fetching latest version - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - delete: - operationId: deleteCatalog - description: Delete an existing catalog. The catalog must be empty. - responses: - '204': - description: Success, no content - '403': - description: The caller does not have permission to delete a catalog - '404': - description: The catalog does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principals: - get: - operationId: listPrincipals - description: List the principals for the current catalog - responses: - '200': - description: List of principals for this catalog - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_Principals' - '403': - description: The caller does not have permission to list catalog admins - '404': - description: The catalog does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - post: - operationId: createPrincipal - description: Create a principal - requestBody: - description: The principal to create - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_CreatePrincipalRequest - responses: - '201': - description: Successful response - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_PrincipalWithCredentials - '403': - description: The caller does not have permission to add a principal - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principals/{principalName}: - parameters: - - name: principalName - in: path - description: The principal name - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: getPrincipal - description: Get the principal details - responses: - '200': - description: The requested principal - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_Principal' - '403': - description: The caller does not have permission to get principal details - '404': - description: The catalog or principal does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - put: - operationId: updatePrincipal - description: Update an existing principal - requestBody: - description: The principal details to use in the update - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_UpdatePrincipalRequest - responses: - '200': - description: The updated principal - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_Principal' - '403': - description: The caller does not have permission to update principal details - '404': - description: The principal does not exist - '409': - description: >- - The entity version doesn't match the currentEntityVersion; retry - after fetching latest version - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - delete: - operationId: deletePrincipal - description: Remove a principal from polaris - responses: - '204': - description: Success, no content - '403': - description: The caller does not have permission to delete a principal - '404': - description: The principal does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principals/{principalName}/rotate: - parameters: - - name: principalName - in: path - description: The user name - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - post: - operationId: rotateCredentials - description: >- - Rotate a principal's credentials. The new credentials will be returned - in the response. This is the only API, aside from createPrincipal, that - returns the user's credentials. This API is *not* idempotent. - responses: - '200': - description: The principal details along with the newly rotated credentials - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_PrincipalWithCredentials - '403': - description: The caller does not have permission to rotate credentials - '404': - description: The principal does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principals/{principalName}/principal-roles: - parameters: - - name: principalName - in: path - description: The name of the target principal - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: listPrincipalRolesAssigned - description: List the roles assigned to the principal - responses: - '200': - description: List of roles assigned to this principal - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_PrincipalRoles' - '403': - description: The caller does not have permission to list roles - '404': - description: The principal or catalog does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - put: - operationId: assignPrincipalRole - description: Add a role to the principal - requestBody: - description: The principal role to assign - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_GrantPrincipalRoleRequest - responses: - '201': - description: Successful response - '403': - description: >- - The caller does not have permission to add assign a role to the - principal - '404': - description: The catalog, the principal, or the role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principals/{principalName}/principal-roles/{principalRoleName}: - parameters: - - name: principalName - in: path - description: The name of the target principal - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - - name: principalRoleName - in: path - description: The name of the role - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - delete: - operationId: revokePrincipalRole - description: Remove a role from a catalog principal - responses: - '204': - description: Success, no content - '403': - description: >- - The caller does not have permission to remove a role from the - principal - '404': - description: The catalog or principal does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principal-roles: - get: - operationId: listPrincipalRoles - description: List the principal roles - responses: - '200': - description: List of principal roles - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_PrincipalRoles' - '403': - description: The caller does not have permission to list principal roles - '404': - description: The catalog does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - post: - operationId: createPrincipalRole - description: Create a principal role - requestBody: - description: The principal to create - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_CreatePrincipalRoleRequest - responses: - '201': - description: Successful response - '403': - description: The caller does not have permission to add a principal role - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principal-roles/{principalRoleName}: - parameters: - - name: principalRoleName - in: path - description: The principal role name - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: getPrincipalRole - description: Get the principal role details - responses: - '200': - description: The requested principal role - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_PrincipalRole' - '403': - description: The caller does not have permission to get principal role details - '404': - description: The principal role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - put: - operationId: updatePrincipalRole - description: Update an existing principalRole - requestBody: - description: The principalRole details to use in the update - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_UpdatePrincipalRoleRequest - responses: - '200': - description: The updated principal role - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_PrincipalRole' - '403': - description: The caller does not have permission to update principal role details - '404': - description: The principal role does not exist - '409': - description: >- - The entity version doesn't match the currentEntityVersion; retry - after fetching latest version - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - delete: - operationId: deletePrincipalRole - description: Remove a principal role from polaris - responses: - '204': - description: Success, no content - '403': - description: The caller does not have permission to delete a principal role - '404': - description: The principal role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principal-roles/{principalRoleName}/principals: - parameters: - - name: principalRoleName - in: path - description: The principal role name - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: listAssigneePrincipalsForPrincipalRole - description: List the Principals to whom the target principal role has been assigned - responses: - '200': - description: >- - List the Principals to whom the target principal role has been - assigned - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_Principals' - '403': - description: The caller does not have permission to list principals - '404': - description: The principal role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principal-roles/{principalRoleName}/catalog-roles/{catalogName}: - parameters: - - name: principalRoleName - in: path - description: The principal role name - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - - name: catalogName - in: path - required: true - description: The name of the catalog where the catalogRoles reside - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: listCatalogRolesForPrincipalRole - description: Get the catalog roles mapped to the principal role - responses: - '200': - description: The list of catalog roles mapped to the principal role - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_CatalogRoles' - '403': - description: The caller does not have permission to list catalog roles - '404': - description: The principal role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - put: - operationId: assignCatalogRoleToPrincipalRole - description: Assign a catalog role to a principal role - requestBody: - description: The principal to create - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_GrantCatalogRoleRequest - responses: - '201': - description: Successful response - '403': - description: The caller does not have permission to assign a catalog role - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /principal-roles/{principalRoleName}/catalog-roles/{catalogName}/{catalogRoleName}: - parameters: - - name: principalRoleName - in: path - description: The principal role name - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - - name: catalogName - in: path - description: The name of the catalog that contains the role to revoke - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - - name: catalogRoleName - in: path - description: The name of the catalog role that should be revoked - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - delete: - operationId: revokeCatalogRoleFromPrincipalRole - description: Remove a catalog role from a principal role - responses: - '204': - description: Success, no content - '403': - description: The caller does not have permission to revoke a catalog role - '404': - description: The principal role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /catalogs/{catalogName}/catalog-roles: - parameters: - - name: catalogName - in: path - description: The catalog for which we are reading/updating roles - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: listCatalogRoles - description: List existing roles in the catalog - responses: - '200': - description: The list of roles that exist in this catalog - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_CatalogRoles' - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - post: - operationId: createCatalogRole - description: Create a new role in the catalog - requestBody: - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_CreateCatalogRoleRequest - responses: - '201': - description: Successful response - '403': - description: The principal is not authorized to create roles - '404': - description: The catalog does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /catalogs/{catalogName}/catalog-roles/{catalogRoleName}: - parameters: - - name: catalogName - in: path - description: The catalog for which we are retrieving roles - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - - name: catalogRoleName - in: path - description: The name of the role - required: true - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: getCatalogRole - description: Get the details of an existing role - responses: - '200': - description: The specified role details - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_CatalogRole' - '403': - description: The principal is not authorized to read role data - '404': - description: The catalog or the role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - put: - operationId: updateCatalogRole - description: Update an existing role in the catalog - requestBody: - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_UpdateCatalogRoleRequest - responses: - '200': - description: The specified role details - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_CatalogRole' - '403': - description: The principal is not authorized to update roles - '404': - description: The catalog or the role does not exist - '409': - description: >- - The entity version doesn't match the currentEntityVersion; retry - after fetching latest version - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - delete: - operationId: deleteCatalogRole - description: >- - Delete an existing role from the catalog. All associated grants will - also be deleted - responses: - '204': - description: Success, no content - '403': - description: The principal is not authorized to delete roles - '404': - description: The catalog or the role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /catalogs/{catalogName}/catalog-roles/{catalogRoleName}/principal-roles: - parameters: - - name: catalogName - in: path - required: true - description: The name of the catalog where the catalog role resides - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - - name: catalogRoleName - in: path - required: true - description: The name of the catalog role - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: listAssigneePrincipalRolesForCatalogRole - description: >- - List the PrincipalRoles to which the target catalog role has been - assigned - responses: - '200': - description: >- - List the PrincipalRoles to which the target catalog role has been - assigned - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_PrincipalRoles' - '403': - description: The caller does not have permission to list principal roles - '404': - description: The catalog or catalog role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /catalogs/{catalogName}/catalog-roles/{catalogRoleName}/grants: - parameters: - - name: catalogName - in: path - required: true - description: The name of the catalog where the role will receive the grant - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - - name: catalogRoleName - in: path - required: true - description: The name of the role receiving the grant (must exist) - schema: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - get: - operationId: listGrantsForCatalogRole - description: List the grants the catalog role holds - responses: - '200': - description: List of all grants given to the role in this catalog - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_GrantResources' - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - put: - operationId: addGrantToCatalogRole - description: Add a new grant to the catalog role - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/Polaris_Management_Service_AddGrantRequest' - responses: - '201': - description: Successful response - '403': - description: The principal is not authorized to create grants - '404': - description: The catalog or the role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - post: - operationId: revokeGrantFromCatalogRole - description: >- - Delete a specific grant from the role. This may be a subset or a - superset of the grants the role has. In case of a subset, the role will - retain the grants not specified. If the `cascade` parameter is true, - grant revocation will have a cascading effect - that is, if a principal - has specific grants on a subresource, and grants are revoked on a parent - resource, the grants present on the subresource will be revoked as well. - By default, this behavior is disabled and grant revocation only affects - the specified resource. - parameters: - - name: cascade - in: query - schema: - type: boolean - default: false - description: If true, the grant revocation cascades to all subresources. - requestBody: - content: - application/json: - schema: - $ref: >- - #/components/schemas/Polaris_Management_Service_RevokeGrantRequest - responses: - '201': - description: Successful response - '403': - description: The principal is not authorized to create grants - '404': - description: The catalog or the role does not exist - tags: - - polaris-management-service_other - security: - - Polaris_Management_Service_OAuth2: [] - /v1/config: - get: - tags: - - Configuration API - summary: List all catalog configuration settings - operationId: getConfig - parameters: - - name: warehouse - in: query - required: false - schema: - type: string - description: Warehouse location or identifier to request from the service - description: >2- - All REST clients should first call this route to get catalog configuration properties from the server to configure the catalog and its HTTP client. Configuration from the server consists of two sets of key/value pairs. - - defaults - properties that should be used as default configuration; - applied before client configuration - - - overrides - properties that should be used to override client - configuration; applied after defaults and client configuration - - - Catalog configuration is constructed by setting the defaults, then - client- provided configuration, and finally overrides. The final - property set is then used to configure the catalog. - - - For example, a default configuration property might set the size of the - client pool, which can be replaced with a client-specific setting. An - override might be used to set the warehouse location, which is stored on - the server rather than in client configuration. - - - Common catalog configuration settings are documented at - https://iceberg.apache.org/docs/latest/configuration/#catalog-properties - responses: - '200': - description: Server specified configuration values. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CatalogConfig - example: - overrides: - warehouse: s3://bucket/warehouse/ - defaults: - clients: '4' - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/oauth/tokens: - post: - tags: - - OAuth2 API - summary: Get a token using an OAuth2 flow - operationId: getToken - description: >- - Exchange credentials for a token using the OAuth2 client credentials - flow or token exchange. - - - This endpoint is used for three purposes - - - 1. To exchange client credentials (client ID and secret) for an access - token This uses the client credentials flow. - - 2. To exchange a client token and an identity token for a more specific - access token This uses the token exchange flow. - - 3. To exchange an access token for one with the same claims and a - refreshed expiration period This uses the token exchange flow. - - - For example, a catalog client may be configured with client credentials - from the OAuth2 Authorization flow. This client would exchange its - client ID and secret for an access token using the client credentials - request with this endpoint (1). Subsequent requests would then use that - access token. - - - Some clients may also handle sessions that have additional user context. - These clients would use the token exchange flow to exchange a user token - (the "subject" token) from the session for a more specific access token - for that user, using the catalog's access token as the "actor" token - (2). The user ID token is the "subject" token and can be any token type - allowed by the OAuth2 token exchange flow, including a unsecured JWT - token with a sub claim. This request should use the catalog's bearer - token in the "Authorization" header. - - - Clients may also use the token exchange flow to refresh a token that is - about to expire by sending a token exchange request (3). The request's - "subject" token should be the expiring token. This request should use - the subject token in the "Authorization" header. - parameters: - - name: Authorization - in: header - schema: - type: string - required: false - requestBody: - required: true - content: - application/x-www-form-urlencoded: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_OAuthTokenRequest - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_OAuthTokenResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_OAuthErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_OAuthErrorResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_OAuthErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - get: - tags: - - Catalog API - summary: >- - List namespaces, optionally providing a parent namespace to list - underneath - description: >- - List all namespaces at a certain level, optionally starting from a given - parent namespace. If table accounting.tax.paid.info exists, using - 'SELECT NAMESPACE IN accounting' would translate into `GET - /namespaces?parent=accounting` and must return a namespace, - ["accounting", "tax"] only. Using 'SELECT NAMESPACE IN accounting.tax' - would translate into `GET /namespaces?parent=accounting%1Ftax` and must - return a namespace, ["accounting", "tax", "paid"]. If `parent` is not - provided, all top-level namespaces should be listed. - operationId: listNamespaces - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_page-token' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_page-size' - - name: parent - in: query - description: >- - An optional namespace, underneath which to list namespaces. If not - provided or empty, all top-level namespaces should be listed. If - parent is a multipart namespace, the parts must be separated by the - unit separator (`0x1F`) byte. - required: false - allowEmptyValue: true - schema: - type: string - example: accounting%1Ftax - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ListNamespacesResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: >- - Not Found - Namespace provided in the `parent` query parameter is - not found. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NoSuchNamespaceExample: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - post: - tags: - - Catalog API - summary: Create a namespace - description: >- - Create a namespace, with an optional set of properties. The server might - also add properties, such as `last_modified_time` etc. - operationId: createNamespace - requestBody: - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CreateNamespaceRequest - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_CreateNamespaceResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '406': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnsupportedOperationResponse - '409': - description: Conflict - The namespace already exists - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NamespaceAlreadyExists: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NamespaceAlreadyExistsError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - get: - tags: - - Catalog API - summary: Load the metadata properties for a namespace - operationId: loadNamespaceMetadata - description: Return all stored metadata properties for a given namespace - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_GetNamespaceResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - Namespace not found - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NoSuchNamespaceExample: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - head: - tags: - - Catalog API - summary: Check if a namespace exists - operationId: namespaceExists - description: Check if a namespace exists. The response does not contain a body. - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - Namespace not found - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NoSuchNamespaceExample: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - delete: - tags: - - Catalog API - summary: Drop a namespace from the catalog. Namespace must be empty. - operationId: dropNamespace - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - Namespace to delete does not exist. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NoSuchNamespaceExample: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}/properties: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - post: - tags: - - Catalog API - summary: Set or remove properties on a namespace - operationId: updateProperties - description: >- - Set and/or remove properties on a namespace. The request body specifies - a list of properties to remove and a map of key value pairs to update. - - Properties that are not in the request are not modified or removed by - this call. - - Server implementations are not required to support namespace properties. - requestBody: - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_UpdateNamespacePropertiesRequest - examples: - UpdateAndRemoveProperties: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_UpdateAndRemoveNamespacePropertiesRequest - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UpdateNamespacePropertiesResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - Namespace not found - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NamespaceNotFound: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '406': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnsupportedOperationResponse - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '422': - description: >- - Unprocessable Entity - A property key was included in both - `removals` and `updates` - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - UnprocessableEntityDuplicateKey: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_UnprocessableEntityDuplicateKey - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}/tables: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - get: - tags: - - Catalog API - summary: List all table identifiers underneath a given namespace - description: Return all table identifiers under this namespace - operationId: listTables - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_page-token' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_page-size' - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ListTablesResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - The namespace specified does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NamespaceNotFound: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - post: - tags: - - Catalog API - summary: Create a table in the given namespace - description: >- - Create a table or start a create transaction, like atomic CTAS. - - - If `stage-create` is false, the table is created immediately. - - - If `stage-create` is true, the table is not created, but table metadata - is initialized and returned. The service should prepare as needed for a - commit to the table commit endpoint to complete the create transaction. - The client uses the returned metadata to begin a transaction. To commit - the transaction, the client sends all create and subsequent changes to - the table commit route. Changes from the table create operation include - changes like AddSchemaUpdate and SetCurrentSchemaUpdate that set the - initial table state. - operationId: createTable - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_data-access' - requestBody: - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CreateTableRequest - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_CreateTableResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - The namespace specified does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NamespaceNotFound: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '409': - description: Conflict - The table already exists - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NamespaceAlreadyExists: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_TableAlreadyExistsError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}/register: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - post: - tags: - - Catalog API - summary: >- - Register a table in the given namespace using given metadata file - location - description: Register a table using given metadata file location. - operationId: registerTable - requestBody: - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RegisterTableRequest - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_LoadTableResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - The namespace specified does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NamespaceNotFound: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '409': - description: Conflict - The table already exists - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - NamespaceAlreadyExists: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_TableAlreadyExistsError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}/tables/{table}: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_table' - get: - tags: - - Catalog API - summary: Load a table from the catalog - operationId: loadTable - description: >- - Load a table from the catalog. - - - The response contains both configuration and table metadata. The - configuration, if non-empty is used as additional configuration for the - table that overrides catalog configuration. For example, this - configuration may change the FileIO implementation to be used for the - table. - - - The response also contains the table's full metadata, matching the table - metadata JSON file. - - - The catalog configuration may contain credentials that should be used - for subsequent requests for the table. The configuration key "token" is - used to pass an access token to be used as a bearer token for table - requests. Otherwise, a token may be passed using a RFC 8693 token type - as a configuration key. For example, - "urn:ietf:params:oauth:token-type:jwt=". - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_data-access' - - in: query - name: snapshots - description: >- - The snapshots to return in the body of the metadata. Setting the - value to `all` would return the full set of snapshots currently - valid for the table. Setting the value to `refs` would load all - snapshots referenced by branches or tags. - - Default if no param is provided is `all`. - required: false - schema: - type: string - enum: - - all - - refs - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_LoadTableResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchTableException, table to load does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - TableToLoadDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchTableError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - post: - tags: - - Catalog API - summary: Commit updates to a table - operationId: updateTable - description: >- - Commit updates to a table. - - - Commits have two parts, requirements and updates. Requirements are - assertions that will be validated before attempting to make and commit - changes. For example, `assert-ref-snapshot-id` will check that a named - ref's snapshot ID has a certain value. - - - Updates are changes to make to table metadata. For example, after - asserting that the current main ref is at the expected snapshot, a - commit may add a new child snapshot and set the ref to the new snapshot - id. - - - Create table transactions that are started by createTable with - `stage-create` set to true are committed using this route. Transactions - should include all changes to the table, including table initialization, - like AddSchemaUpdate and SetCurrentSchemaUpdate. The `assert-create` - requirement is used to ensure that the table was not created - concurrently. - requestBody: - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CommitTableRequest - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_CommitTableResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchTableException, table to load does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - TableToUpdateDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchTableError - '409': - description: >- - Conflict - CommitFailedException, one or more requirements failed. - The client may retry. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '500': - description: >- - An unknown server-side problem occurred; the commit state is - unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Internal Server Error - type: CommitStateUnknownException - code: 500 - '502': - description: >- - A gateway or proxy received an invalid response from the upstream - server; the commit state is unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Invalid response from the upstream server - type: CommitStateUnknownException - code: 502 - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - '504': - description: A server-side gateway timeout occurred; the commit state is unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Gateway timed out during commit - type: CommitStateUnknownException - code: 504 - 5XX: - description: A server-side problem that might not be addressable on the client. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Bad Gateway - type: InternalServerError - code: 502 - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - delete: - tags: - - Catalog API - summary: Drop a table from the catalog - operationId: dropTable - description: Remove a table from the catalog - parameters: - - name: purgeRequested - in: query - required: false - description: >- - Whether the user requested to purge the underlying table's data and - metadata - schema: - type: boolean - default: false - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchTableException, Table to drop does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - TableToDeleteDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchTableError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - head: - tags: - - Catalog API - summary: Check if a table exists - operationId: tableExists - description: >- - Check if a table exists within a given namespace. The response does not - contain a body. - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchTableException, Table not found - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - TableToLoadDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchTableError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/tables/rename: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - post: - tags: - - Catalog API - summary: Rename a table from its current name to a new name - description: >- - Rename a table from one identifier to another. It's valid to move a - table across namespaces, but the server implementation is not required - to support it. - operationId: renameTable - requestBody: - description: >- - Current table identifier to rename and new table identifier to rename - to - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RenameTableRequest - examples: - RenameTableSameNamespace: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_RenameTableSameNamespace - required: true - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: >- - Not Found - NoSuchTableException, Table to rename does not exist - - NoSuchNamespaceException, The target namespace of the new table - identifier does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - TableToRenameDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchTableError - NamespaceToRenameToDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '406': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnsupportedOperationResponse - '409': - description: >- - Conflict - The target identifier to rename to already exists as a - table or view - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - summary: The requested table identifier already exists - value: - error: - message: The given table already exists - type: AlreadyExistsException - code: 409 - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}/tables/{table}/metrics: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_table' - post: - tags: - - Catalog API - summary: Send a metrics report to this endpoint to be processed by the backend - operationId: reportMetrics - requestBody: - description: The request containing the metrics report to be sent - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ReportMetricsRequest - required: true - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchTableException, table to load does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - TableToLoadDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchTableError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}/tables/{table}/notifications: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_table' - post: - tags: - - Catalog API - summary: Sends a notification to the table - operationId: sendNotification - requestBody: - description: >- - The request containing the notification to be sent. - - For each table, Polaris will reject any notification where the - timestamp in the request body is older than or equal to the most - recent time Polaris has already processed for the table. The - responsibility of ensuring the correct order of timestamps for a - sequence of notifications lies with the caller of the API. This - includes managing potential clock skew or inconsistencies when - notifications are sent from multiple sources. - - A VALIDATE request behaves like a dry-run of a CREATE or UPDATE - request up to but not including loading the contents of a metadata - file; this includes validations of permissions, the specified metadata - path being within ALLOWED_LOCATIONS, having an EXTERNAL catalog, etc. - The intended use case for a VALIDATE notification is to allow a remote - catalog to pre-validate the general settings of a receiving catalog - against an intended new table location before possibly creating a - table intended for sending notifcations in the remote catalog at all. - For a VALIDATE request, the specified metadata-location can either be - a prospective full metadata file path, or a relevant parent directory - of the intended table to validate against ALLOWED_LOCATIONS. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_NotificationRequest - required: true - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchTableException, table to load does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - TableToLoadDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchTableError - '409': - description: >- - Conflict - The timestamp of the received notification is older than - or equal to the most recent timestamp Polaris has already processed - for the specified table. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - summary: >- - The timestamp of the received notification is older than or - equal to the most recent timestamp Polaris has already - processed for the specified table. - value: - error: - message: >- - A notification with a newer timestamp has been admitted - for table - type: AlreadyExistsException - code: 409 - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/transactions/commit: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - post: - tags: - - Catalog API - summary: Commit updates to multiple tables in an atomic operation - operationId: commitTransaction - requestBody: - description: >- - Commit updates to multiple tables in an atomic operation - - - A commit for a single table consists of a table identifier with - requirements and updates. Requirements are assertions that will be - validated before attempting to make and commit changes. For example, - `assert-ref-snapshot-id` will check that a named ref's snapshot ID has - a certain value. - - - Updates are changes to make to table metadata. For example, after - asserting that the current main ref is at the expected snapshot, a - commit may add a new child snapshot and set the ref to the new - snapshot id. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CommitTransactionRequest - required: true - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchTableException, table to load does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - examples: - TableToUpdateDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchTableError - '409': - description: >- - Conflict - CommitFailedException, one or more requirements failed. - The client may retry. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '500': - description: >- - An unknown server-side problem occurred; the commit state is - unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Internal Server Error - type: CommitStateUnknownException - code: 500 - '502': - description: >- - A gateway or proxy received an invalid response from the upstream - server; the commit state is unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Invalid response from the upstream server - type: CommitStateUnknownException - code: 502 - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - '504': - description: A server-side gateway timeout occurred; the commit state is unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Gateway timed out during commit - type: CommitStateUnknownException - code: 504 - 5XX: - description: A server-side problem that might not be addressable on the client. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Bad Gateway - type: InternalServerError - code: 502 - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}/views: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - get: - tags: - - Catalog API - summary: List all view identifiers underneath a given namespace - description: Return all view identifiers under this namespace - operationId: listViews - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_page-token' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_page-size' - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ListTablesResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - The namespace specified does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - examples: - NamespaceNotFound: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - post: - tags: - - Catalog API - summary: Create a view in the given namespace - description: Create a view in the given namespace. - operationId: createView - requestBody: - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CreateViewRequest - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_LoadViewResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - The namespace specified does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - examples: - NamespaceNotFound: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '409': - description: Conflict - The view already exists - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - examples: - NamespaceAlreadyExists: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_ViewAlreadyExistsError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/namespaces/{namespace}/views/{view}: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_namespace' - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_view' - get: - tags: - - Catalog API - summary: Load a view from the catalog - operationId: loadView - description: >- - Load a view from the catalog. - - - The response contains both configuration and view metadata. The - configuration, if non-empty is used as additional configuration for the - view that overrides catalog configuration. - - - The response also contains the view's full metadata, matching the view - metadata JSON file. - - - The catalog configuration may contain credentials that should be used - for subsequent requests for the view. The configuration key "token" is - used to pass an access token to be used as a bearer token for view - requests. Otherwise, a token may be passed using a RFC 8693 token type - as a configuration key. For example, - "urn:ietf:params:oauth:token-type:jwt=". - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_LoadViewResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchViewException, view to load does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - examples: - ViewToLoadDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchViewError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - post: - tags: - - Catalog API - summary: Replace a view - operationId: replaceView - description: Commit updates to a view. - requestBody: - required: true - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CommitViewRequest - responses: - '200': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_LoadViewResponse - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchViewException, view to load does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - examples: - ViewToUpdateDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchViewError - '409': - description: Conflict - CommitFailedException. The client may retry. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '500': - description: >- - An unknown server-side problem occurred; the commit state is - unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - example: - error: - message: Internal Server Error - type: CommitStateUnknownException - code: 500 - '502': - description: >- - A gateway or proxy received an invalid response from the upstream - server; the commit state is unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - example: - error: - message: Invalid response from the upstream server - type: CommitStateUnknownException - code: 502 - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - '504': - description: A server-side gateway timeout occurred; the commit state is unknown. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - example: - error: - message: Gateway timed out during commit - type: CommitStateUnknownException - code: 504 - 5XX: - description: A server-side problem that might not be addressable on the client. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - example: - error: - message: Bad Gateway - type: InternalServerError - code: 502 - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - delete: - tags: - - Catalog API - summary: Drop a view from the catalog - operationId: dropView - description: Remove a view from the catalog - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: Not Found - NoSuchViewException, view to drop does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - examples: - ViewToDeleteDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchViewError - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - head: - tags: - - Catalog API - summary: Check if a view exists - operationId: viewExists - description: >- - Check if a view exists within a given namespace. This request does not - return a response body. - responses: - '204': - description: Success, no content - '400': - description: Bad Request - '401': - description: Unauthorized - '404': - description: Not Found - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] - /v1/{prefix}/views/rename: - parameters: - - $ref: '#/components/parameters/Apache_Iceberg_REST_Catalog_API_prefix' - post: - tags: - - Catalog API - summary: Rename a view from its current name to a new name - description: >- - Rename a view from one identifier to another. It's valid to move a view - across namespaces, but the server implementation is not required to - support it. - operationId: renameView - requestBody: - description: Current view identifier to rename and new view identifier to rename to - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RenameTableRequest - examples: - RenameViewSameNamespace: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_RenameViewSameNamespace - required: true - responses: - '204': - description: Success, no content - '400': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse - '401': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse - '403': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ForbiddenResponse - '404': - description: >- - Not Found - NoSuchViewException, view to rename does not exist - - NoSuchNamespaceException, The target namespace of the new identifier - does not exist - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - examples: - ViewToRenameDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchViewError - NamespaceToRenameToDoesNotExist: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError - '406': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_UnsupportedOperationResponse - '409': - description: >- - Conflict - The target identifier to rename to already exists as a - table or view - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel - example: - summary: The requested view identifier already exists - value: - error: - message: The given view already exists - type: AlreadyExistsException - code: 409 - '419': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse - '503': - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse - 5XX: - $ref: >- - #/components/responses/Apache_Iceberg_REST_Catalog_API_ServerErrorResponse - security: - - Apache_Iceberg_REST_Catalog_API_OAuth2: - - catalog - - Apache_Iceberg_REST_Catalog_API_BearerAuth: [] -components: - securitySchemes: - Polaris_Management_Service_OAuth2: - type: oauth2 - description: Uses OAuth 2 with client credentials flow - flows: - implicit: - authorizationUrl: '{scheme}://{host}/api/v1/oauth/tokens' - scopes: {} - Apache_Iceberg_REST_Catalog_API_OAuth2: - type: oauth2 - description: >- - This scheme is used for OAuth2 authorization. - - - For unauthorized requests, services should return an appropriate 401 or - 403 response. Implementations must not return altered success (200) - responses when a request is unauthenticated or unauthorized. - - If a separate authorization server is used, substitute the tokenUrl with - the full token path of the external authorization server, and use the - resulting token to access the resources defined in the spec. - flows: - clientCredentials: - tokenUrl: /v1/oauth/tokens - scopes: - catalog: Allows interacting with the Config and Catalog APIs - Apache_Iceberg_REST_Catalog_API_BearerAuth: - type: http - scheme: bearer - schemas: - Polaris_Management_Service_Catalogs: - type: object - description: A list of Catalog objects - properties: - catalogs: - type: array - items: - $ref: '#/components/schemas/Polaris_Management_Service_Catalog' - required: - - catalogs - Polaris_Management_Service_CreateCatalogRequest: - type: object - description: Request to create a new catalog - properties: - catalog: - $ref: '#/components/schemas/Polaris_Management_Service_Catalog' - required: - - catalog - Polaris_Management_Service_Catalog: - type: object - description: >- - A catalog object. A catalog may be internal or external. External - catalogs are managed entirely by an external catalog interface. Third - party catalogs may be other Iceberg REST implementations or other - services with their own proprietary APIs - properties: - type: - type: string - enum: - - INTERNAL - - EXTERNAL - description: the type of catalog - internal or external - default: INTERNAL - name: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - description: The name of the catalog - properties: - type: object - properties: - default-base-location: - type: string - additionalProperties: - type: string - required: - - default-base-location - createTimestamp: - type: integer - format: int64 - description: >- - The creation time represented as unix epoch timestamp in - milliseconds - lastUpdateTimestamp: - type: integer - format: int64 - description: >- - The last update time represented as unix epoch timestamp in - milliseconds - entityVersion: - type: integer - description: >- - The version of the catalog object used to determine if the catalog - metadata has changed - storageConfigInfo: - $ref: '#/components/schemas/Polaris_Management_Service_StorageConfigInfo' - required: - - name - - type - - storageConfigInfo - - properties - discriminator: - propertyName: type - mapping: - INTERNAL: '#/components/schemas/Polaris_Management_Service_PolarisCatalog' - EXTERNAL: '#/components/schemas/Polaris_Management_Service_ExternalCatalog' - Polaris_Management_Service_PolarisCatalog: - type: object - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_Catalog' - description: >- - The base catalog type - this contains all the fields necessary to - construct an INTERNAL catalog - Polaris_Management_Service_ExternalCatalog: - description: An externally managed catalog - type: object - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_Catalog' - - type: object - properties: - remoteUrl: - type: string - description: URL to the remote catalog API - Polaris_Management_Service_StorageConfigInfo: - type: object - description: A storage configuration used by catalogs - properties: - storageType: - type: string - enum: - - S3 - - GCS - - AZURE - - FILE - description: >- - The cloud provider type this storage is built on. FILE is supported - for testing purposes only - allowedLocations: - type: array - items: - type: string - example: >- - For AWS [s3://bucketname/prefix/], for AZURE - [abfss://container@storageaccount.blob.core.windows.net/prefix/], - for GCP [gs://bucketname/prefix/] - required: - - storageType - discriminator: - propertyName: storageType - mapping: - S3: '#/components/schemas/Polaris_Management_Service_AwsStorageConfigInfo' - AZURE: >- - #/components/schemas/Polaris_Management_Service_AzureStorageConfigInfo - GCS: '#/components/schemas/Polaris_Management_Service_GcpStorageConfigInfo' - FILE: >- - #/components/schemas/Polaris_Management_Service_FileStorageConfigInfo - Polaris_Management_Service_AwsStorageConfigInfo: - type: object - description: aws storage configuration info - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_StorageConfigInfo' - properties: - roleArn: - type: string - description: the aws role arn that grants privileges on the S3 buckets - example: arn:aws:iam::123456789001:principal/abc1-b-self1234 - externalId: - type: string - description: >- - an optional external id used to establish a trust relationship with - AWS in the trust policy - userArn: - type: string - description: the aws user arn used to assume the aws role - example: arn:aws:iam::123456789001:user/abc1-b-self1234 - required: - - roleArn - Polaris_Management_Service_AzureStorageConfigInfo: - type: object - description: azure storage configuration info - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_StorageConfigInfo' - properties: - tenantId: - type: string - description: the tenant id that the storage accounts belong to - multiTenantAppName: - type: string - description: the name of the azure client application - consentUrl: - type: string - description: URL to the Azure permissions request page - required: - - tenantId - Polaris_Management_Service_GcpStorageConfigInfo: - type: object - description: gcp storage configuration info - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_StorageConfigInfo' - properties: - gcsServiceAccount: - type: string - description: a Google cloud storage service account - Polaris_Management_Service_FileStorageConfigInfo: - type: object - description: gcp storage configuration info - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_StorageConfigInfo' - Polaris_Management_Service_UpdateCatalogRequest: - description: Updates to apply to a Catalog - type: object - properties: - currentEntityVersion: - type: integer - description: >- - The version of the object onto which this update is applied; if the - object changed, the update will fail and the caller should retry - after fetching the latest version. - properties: - type: object - additionalProperties: - type: string - storageConfigInfo: - $ref: '#/components/schemas/Polaris_Management_Service_StorageConfigInfo' - Polaris_Management_Service_Principals: - description: A list of Principals - type: object - properties: - principals: - type: array - items: - $ref: '#/components/schemas/Polaris_Management_Service_Principal' - required: - - principals - Polaris_Management_Service_PrincipalWithCredentials: - description: >- - A user with its client id and secret. This type is returned when a new - principal is created or when its credentials are rotated - type: object - properties: - principal: - $ref: '#/components/schemas/Polaris_Management_Service_Principal' - credentials: - type: object - properties: - clientId: - type: string - clientSecret: - type: string - format: password - required: - - principal - - credentials - Polaris_Management_Service_CreatePrincipalRequest: - type: object - properties: - principal: - $ref: '#/components/schemas/Polaris_Management_Service_Principal' - credentialRotationRequired: - type: boolean - description: >- - If true, the initial credentials can only be used to call - rotateCredentials - Polaris_Management_Service_Principal: - description: A Polaris principal. - type: object - properties: - name: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - clientId: - type: string - description: >- - The output-only OAuth clientId associated with this principal if - applicable - properties: - type: object - additionalProperties: - type: string - createTimestamp: - type: integer - format: int64 - lastUpdateTimestamp: - type: integer - format: int64 - entityVersion: - type: integer - description: >- - The version of the principal object used to determine if the - principal metadata has changed - required: - - name - Polaris_Management_Service_UpdatePrincipalRequest: - description: Updates to apply to a Principal - type: object - properties: - currentEntityVersion: - type: integer - description: >- - The version of the object onto which this update is applied; if the - object changed, the update will fail and the caller should retry - after fetching the latest version. - properties: - type: object - additionalProperties: - type: string - required: - - currentEntityVersion - - properties - Polaris_Management_Service_PrincipalRoles: - type: object - properties: - roles: - type: array - items: - $ref: '#/components/schemas/Polaris_Management_Service_PrincipalRole' - required: - - roles - Polaris_Management_Service_GrantPrincipalRoleRequest: - type: object - properties: - principalRole: - $ref: '#/components/schemas/Polaris_Management_Service_PrincipalRole' - Polaris_Management_Service_CreatePrincipalRoleRequest: - type: object - properties: - principalRole: - $ref: '#/components/schemas/Polaris_Management_Service_PrincipalRole' - Polaris_Management_Service_PrincipalRole: - type: object - properties: - name: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - description: The name of the role - properties: - type: object - additionalProperties: - type: string - createTimestamp: - type: integer - format: int64 - lastUpdateTimestamp: - type: integer - format: int64 - entityVersion: - type: integer - description: >- - The version of the principal role object used to determine if the - principal role metadata has changed - required: - - name - Polaris_Management_Service_UpdatePrincipalRoleRequest: - description: Updates to apply to a Principal Role - type: object - properties: - currentEntityVersion: - type: integer - description: >- - The version of the object onto which this update is applied; if the - object changed, the update will fail and the caller should retry - after fetching the latest version. - properties: - type: object - additionalProperties: - type: string - required: - - currentEntityVersion - - properties - Polaris_Management_Service_CatalogRoles: - type: object - properties: - roles: - type: array - items: - $ref: '#/components/schemas/Polaris_Management_Service_CatalogRole' - description: The list of catalog roles - required: - - roles - Polaris_Management_Service_GrantCatalogRoleRequest: - type: object - properties: - catalogRole: - $ref: '#/components/schemas/Polaris_Management_Service_CatalogRole' - Polaris_Management_Service_CreateCatalogRoleRequest: - type: object - properties: - catalogRole: - $ref: '#/components/schemas/Polaris_Management_Service_CatalogRole' - Polaris_Management_Service_CatalogRole: - type: object - properties: - name: - type: string - minLength: 1 - maxLength: 256 - pattern: ^(?!\s*[s|S][y|Y][s|S][t|T][e|E][m|M]\$).*$ - description: The name of the role - properties: - type: object - additionalProperties: - type: string - createTimestamp: - type: integer - format: int64 - lastUpdateTimestamp: - type: integer - format: int64 - entityVersion: - type: integer - description: >- - The version of the catalog role object used to determine if the - catalog role metadata has changed - required: - - name - Polaris_Management_Service_UpdateCatalogRoleRequest: - description: Updates to apply to a Catalog Role - type: object - properties: - currentEntityVersion: - type: integer - description: >- - The version of the object onto which this update is applied; if the - object changed, the update will fail and the caller should retry - after fetching the latest version. - properties: - type: object - additionalProperties: - type: string - required: - - currentEntityVersion - - properties - Polaris_Management_Service_ViewPrivilege: - type: string - enum: - - CATALOG_MANAGE_ACCESS - - VIEW_CREATE - - VIEW_DROP - - VIEW_LIST - - VIEW_READ_PROPERTIES - - VIEW_WRITE_PROPERTIES - - VIEW_FULL_METADATA - Polaris_Management_Service_TablePrivilege: - type: string - enum: - - CATALOG_MANAGE_ACCESS - - TABLE_DROP - - TABLE_LIST - - TABLE_READ_PROPERTIES - - VIEW_READ_PROPERTIES - - TABLE_WRITE_PROPERTIES - - TABLE_READ_DATA - - TABLE_WRITE_DATA - - TABLE_FULL_METADATA - Polaris_Management_Service_NamespacePrivilege: - type: string - enum: - - CATALOG_MANAGE_ACCESS - - CATALOG_MANAGE_CONTENT - - CATALOG_MANAGE_METADATA - - NAMESPACE_CREATE - - TABLE_CREATE - - VIEW_CREATE - - NAMESPACE_DROP - - TABLE_DROP - - VIEW_DROP - - NAMESPACE_LIST - - TABLE_LIST - - VIEW_LIST - - NAMESPACE_READ_PROPERTIES - - TABLE_READ_PROPERTIES - - VIEW_READ_PROPERTIES - - NAMESPACE_WRITE_PROPERTIES - - TABLE_WRITE_PROPERTIES - - VIEW_WRITE_PROPERTIES - - TABLE_READ_DATA - - TABLE_WRITE_DATA - - NAMESPACE_FULL_METADATA - - TABLE_FULL_METADATA - - VIEW_FULL_METADATA - Polaris_Management_Service_CatalogPrivilege: - type: string - enum: - - CATALOG_MANAGE_ACCESS - - CATALOG_MANAGE_CONTENT - - CATALOG_MANAGE_METADATA - - CATALOG_READ_PROPERTIES - - CATALOG_WRITE_PROPERTIES - - NAMESPACE_CREATE - - TABLE_CREATE - - VIEW_CREATE - - NAMESPACE_DROP - - TABLE_DROP - - VIEW_DROP - - NAMESPACE_LIST - - TABLE_LIST - - VIEW_LIST - - NAMESPACE_READ_PROPERTIES - - TABLE_READ_PROPERTIES - - VIEW_READ_PROPERTIES - - NAMESPACE_WRITE_PROPERTIES - - TABLE_WRITE_PROPERTIES - - VIEW_WRITE_PROPERTIES - - TABLE_READ_DATA - - TABLE_WRITE_DATA - - NAMESPACE_FULL_METADATA - - TABLE_FULL_METADATA - - VIEW_FULL_METADATA - Polaris_Management_Service_AddGrantRequest: - type: object - properties: - grant: - $ref: '#/components/schemas/Polaris_Management_Service_GrantResource' - Polaris_Management_Service_RevokeGrantRequest: - type: object - properties: - grant: - $ref: '#/components/schemas/Polaris_Management_Service_GrantResource' - Polaris_Management_Service_ViewGrant: - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_GrantResource' - - type: object - properties: - namespace: - type: array - items: - type: string - viewName: - type: string - minLength: 1 - maxLength: 256 - privilege: - $ref: '#/components/schemas/Polaris_Management_Service_ViewPrivilege' - required: - - namespace - - viewName - - privilege - Polaris_Management_Service_TableGrant: - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_GrantResource' - - type: object - properties: - namespace: - type: array - items: - type: string - tableName: - type: string - minLength: 1 - maxLength: 256 - privilege: - $ref: '#/components/schemas/Polaris_Management_Service_TablePrivilege' - required: - - namespace - - tableName - - privilege - Polaris_Management_Service_NamespaceGrant: - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_GrantResource' - - type: object - properties: - namespace: - type: array - items: - type: string - privilege: - $ref: >- - #/components/schemas/Polaris_Management_Service_NamespacePrivilege - required: - - namespace - - privilege - Polaris_Management_Service_CatalogGrant: - allOf: - - $ref: '#/components/schemas/Polaris_Management_Service_GrantResource' - - type: object - properties: - privilege: - $ref: '#/components/schemas/Polaris_Management_Service_CatalogPrivilege' - required: - - privilege - Polaris_Management_Service_GrantResource: - type: object - discriminator: - propertyName: type - mapping: - catalog: '#/components/schemas/Polaris_Management_Service_CatalogGrant' - namespace: '#/components/schemas/Polaris_Management_Service_NamespaceGrant' - table: '#/components/schemas/Polaris_Management_Service_TableGrant' - view: '#/components/schemas/Polaris_Management_Service_ViewGrant' - properties: - type: - type: string - enum: - - catalog - - namespace - - table - - view - required: - - type - Polaris_Management_Service_GrantResources: - type: object - properties: - grants: - type: array - items: - $ref: '#/components/schemas/Polaris_Management_Service_GrantResource' - required: - - grants - Apache_Iceberg_REST_Catalog_API_ErrorModel: - type: object - description: >- - JSON error payload returned in a response with further details on the - error - required: - - message - - type - - code - properties: - message: - type: string - description: Human-readable error message - type: - type: string - description: Internal type definition of the error - example: NoSuchNamespaceException - code: - type: integer - minimum: 400 - maximum: 600 - description: HTTP response code - example: 404 - stack: - type: array - items: - type: string - Apache_Iceberg_REST_Catalog_API_CatalogConfig: - type: object - description: Server-provided configuration for the catalog. - required: - - defaults - - overrides - properties: - overrides: - type: object - additionalProperties: - type: string - description: >- - Properties that should be used to override client configuration; - applied after defaults and client configuration. - defaults: - type: object - additionalProperties: - type: string - description: >- - Properties that should be used as default configuration; applied - before client configuration. - Apache_Iceberg_REST_Catalog_API_CreateNamespaceRequest: - type: object - required: - - namespace - properties: - namespace: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Namespace' - properties: - type: object - description: Configured string to string map of properties for the namespace - example: - owner: Hank Bendickson - default: {} - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_UpdateNamespacePropertiesRequest: - type: object - properties: - removals: - type: array - uniqueItems: true - items: - type: string - example: - - department - - access_group - updates: - type: object - example: - owner: Hank Bendickson - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_RenameTableRequest: - type: object - required: - - source - - destination - properties: - source: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TableIdentifier' - destination: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TableIdentifier' - Apache_Iceberg_REST_Catalog_API_Namespace: - description: Reference to one or more levels of a namespace - type: array - items: - type: string - example: - - accounting - - tax - Apache_Iceberg_REST_Catalog_API_PageToken: - description: >- - An opaque token that allows clients to make use of pagination for list - APIs (e.g. ListTables). Clients may initiate the first paginated request - by sending an empty query parameter `pageToken` to the server. - - Servers that support pagination should identify the `pageToken` - parameter and return a `next-page-token` in the response if there are - more results available. After the initial request, the value of - `next-page-token` from each response must be used as the `pageToken` - parameter value for the next request. The server must return `null` - value for the `next-page-token` in the last response. - - Servers that support pagination must return all results in a single - response with the value of `next-page-token` set to `null` if the query - parameter `pageToken` is not set in the request. - - Servers that do not support pagination should ignore the `pageToken` - parameter and return all results in a single response. The - `next-page-token` must be omitted from the response. - - Clients must interpret either `null` or missing response value of - `next-page-token` as the end of the listing results. - type: string - nullable: true - Apache_Iceberg_REST_Catalog_API_TableIdentifier: - type: object - required: - - namespace - - name - properties: - namespace: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Namespace' - name: - type: string - nullable: false - Apache_Iceberg_REST_Catalog_API_PrimitiveType: - type: string - example: - - long - - string - - fixed[16] - - decimal(10,2) - Apache_Iceberg_REST_Catalog_API_StructField: - type: object - required: - - id - - name - - type - - required - properties: - id: - type: integer - name: - type: string - type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Type' - required: - type: boolean - doc: - type: string - Apache_Iceberg_REST_Catalog_API_StructType: - type: object - required: - - type - - fields - properties: - type: - type: string - enum: - - struct - fields: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_StructField' - Apache_Iceberg_REST_Catalog_API_ListType: - type: object - required: - - type - - element-id - - element - - element-required - properties: - type: - type: string - enum: - - list - element-id: - type: integer - element: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Type' - element-required: - type: boolean - Apache_Iceberg_REST_Catalog_API_MapType: - type: object - required: - - type - - key-id - - key - - value-id - - value - - value-required - properties: - type: - type: string - enum: - - map - key-id: - type: integer - key: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Type' - value-id: - type: integer - value: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Type' - value-required: - type: boolean - Apache_Iceberg_REST_Catalog_API_Type: - oneOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_PrimitiveType' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_StructType' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ListType' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_MapType' - Apache_Iceberg_REST_Catalog_API_Schema: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_StructType' - - type: object - properties: - schema-id: - type: integer - readOnly: true - identifier-field-ids: - type: array - items: - type: integer - Apache_Iceberg_REST_Catalog_API_Expression: - oneOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_AndOrExpression' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_NotExpression' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_SetExpression' - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_LiteralExpression - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_UnaryExpression' - Apache_Iceberg_REST_Catalog_API_ExpressionType: - type: string - example: - - eq - - and - - or - - not - - in - - not-in - - lt - - lt-eq - - gt - - gt-eq - - not-eq - - starts-with - - not-starts-with - - is-null - - not-null - - is-nan - - not-nan - Apache_Iceberg_REST_Catalog_API_AndOrExpression: - type: object - required: - - type - - left - - right - properties: - type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ExpressionType' - enum: - - and - - or - left: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Expression' - right: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Expression' - Apache_Iceberg_REST_Catalog_API_NotExpression: - type: object - required: - - type - - child - properties: - type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ExpressionType' - enum: - - not - child: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Expression' - Apache_Iceberg_REST_Catalog_API_UnaryExpression: - type: object - required: - - type - - term - - value - properties: - type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ExpressionType' - enum: - - is-null - - not-null - - is-nan - - not-nan - term: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Term' - value: - type: object - Apache_Iceberg_REST_Catalog_API_LiteralExpression: - type: object - required: - - type - - term - - value - properties: - type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ExpressionType' - enum: - - lt - - lt-eq - - gt - - gt-eq - - eq - - not-eq - - starts-with - - not-starts-with - term: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Term' - value: - type: object - Apache_Iceberg_REST_Catalog_API_SetExpression: - type: object - required: - - type - - term - - values - properties: - type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ExpressionType' - enum: - - in - - not-in - term: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Term' - values: - type: array - items: - type: object - Apache_Iceberg_REST_Catalog_API_Term: - oneOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Reference' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TransformTerm' - Apache_Iceberg_REST_Catalog_API_Reference: - type: string - example: - - column-name - Apache_Iceberg_REST_Catalog_API_TransformTerm: - type: object - required: - - type - - transform - - term - properties: - type: - type: string - enum: - - transform - transform: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Transform' - term: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Reference' - Apache_Iceberg_REST_Catalog_API_Transform: - type: string - example: - - identity - - year - - month - - day - - hour - - bucket[256] - - truncate[16] - Apache_Iceberg_REST_Catalog_API_PartitionField: - type: object - required: - - source-id - - transform - - name - properties: - field-id: - type: integer - source-id: - type: integer - name: - type: string - transform: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Transform' - Apache_Iceberg_REST_Catalog_API_PartitionSpec: - type: object - required: - - fields - properties: - spec-id: - type: integer - readOnly: true - fields: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_PartitionField - Apache_Iceberg_REST_Catalog_API_SortDirection: - type: string - enum: - - asc - - desc - Apache_Iceberg_REST_Catalog_API_NullOrder: - type: string - enum: - - nulls-first - - nulls-last - Apache_Iceberg_REST_Catalog_API_SortField: - type: object - required: - - source-id - - transform - - direction - - null-order - properties: - source-id: - type: integer - transform: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Transform' - direction: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_SortDirection' - null-order: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_NullOrder' - Apache_Iceberg_REST_Catalog_API_SortOrder: - type: object - required: - - order-id - - fields - properties: - order-id: - type: integer - readOnly: true - fields: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_SortField' - Apache_Iceberg_REST_Catalog_API_Snapshot: - type: object - required: - - snapshot-id - - timestamp-ms - - manifest-list - - summary - properties: - snapshot-id: - type: integer - format: int64 - parent-snapshot-id: - type: integer - format: int64 - sequence-number: - type: integer - format: int64 - timestamp-ms: - type: integer - format: int64 - manifest-list: - type: string - description: Location of the snapshot's manifest list file - summary: - type: object - required: - - operation - properties: - operation: - type: string - enum: - - append - - replace - - overwrite - - delete - additionalProperties: - type: string - schema-id: - type: integer - Apache_Iceberg_REST_Catalog_API_SnapshotReference: - type: object - required: - - type - - snapshot-id - properties: - type: - type: string - enum: - - tag - - branch - snapshot-id: - type: integer - format: int64 - max-ref-age-ms: - type: integer - format: int64 - max-snapshot-age-ms: - type: integer - format: int64 - min-snapshots-to-keep: - type: integer - Apache_Iceberg_REST_Catalog_API_SnapshotReferences: - type: object - additionalProperties: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_SnapshotReference' - Apache_Iceberg_REST_Catalog_API_SnapshotLog: - type: array - items: - type: object - required: - - snapshot-id - - timestamp-ms - properties: - snapshot-id: - type: integer - format: int64 - timestamp-ms: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_MetadataLog: - type: array - items: - type: object - required: - - metadata-file - - timestamp-ms - properties: - metadata-file: - type: string - timestamp-ms: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_TableMetadata: - type: object - required: - - format-version - - table-uuid - properties: - format-version: - type: integer - minimum: 1 - maximum: 2 - table-uuid: - type: string - location: - type: string - last-updated-ms: - type: integer - format: int64 - properties: - type: object - additionalProperties: - type: string - schemas: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Schema' - current-schema-id: - type: integer - last-column-id: - type: integer - partition-specs: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_PartitionSpec' - default-spec-id: - type: integer - last-partition-id: - type: integer - sort-orders: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_SortOrder' - default-sort-order-id: - type: integer - snapshots: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Snapshot' - refs: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SnapshotReferences - current-snapshot-id: - type: integer - format: int64 - last-sequence-number: - type: integer - format: int64 - snapshot-log: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_SnapshotLog' - metadata-log: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_MetadataLog' - statistics-files: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_StatisticsFile - partition-statistics-files: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_PartitionStatisticsFile - Apache_Iceberg_REST_Catalog_API_SQLViewRepresentation: - type: object - required: - - type - - sql - - dialect - properties: - type: - type: string - sql: - type: string - dialect: - type: string - Apache_Iceberg_REST_Catalog_API_ViewRepresentation: - oneOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SQLViewRepresentation - Apache_Iceberg_REST_Catalog_API_ViewHistoryEntry: - type: object - required: - - version-id - - timestamp-ms - properties: - version-id: - type: integer - timestamp-ms: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_ViewVersion: - type: object - required: - - version-id - - timestamp-ms - - schema-id - - summary - - representations - - default-namespace - properties: - version-id: - type: integer - timestamp-ms: - type: integer - format: int64 - schema-id: - type: integer - description: Schema ID to set as current, or -1 to set last added schema - summary: - type: object - additionalProperties: - type: string - representations: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewRepresentation - default-catalog: - type: string - default-namespace: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Namespace' - Apache_Iceberg_REST_Catalog_API_ViewMetadata: - type: object - required: - - view-uuid - - format-version - - location - - current-version-id - - versions - - version-log - - schemas - properties: - view-uuid: - type: string - format-version: - type: integer - minimum: 1 - maximum: 1 - location: - type: string - current-version-id: - type: integer - versions: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewVersion' - version-log: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewHistoryEntry - schemas: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Schema' - properties: - type: object - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_BaseUpdate: - discriminator: - propertyName: action - mapping: - assign-uuid: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssignUUIDUpdate - upgrade-format-version: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_UpgradeFormatVersionUpdate - add-schema: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_AddSchemaUpdate' - set-current-schema: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetCurrentSchemaUpdate - add-spec: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AddPartitionSpecUpdate - set-default-spec: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetDefaultSpecUpdate - add-sort-order: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AddSortOrderUpdate - set-default-sort-order: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetDefaultSortOrderUpdate - add-snapshot: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AddSnapshotUpdate - set-snapshot-ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetSnapshotRefUpdate - remove-snapshots: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemoveSnapshotsUpdate - remove-snapshot-ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemoveSnapshotRefUpdate - set-location: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetLocationUpdate - set-properties: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetPropertiesUpdate - remove-properties: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemovePropertiesUpdate - add-view-version: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AddViewVersionUpdate - set-current-view-version: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetCurrentViewVersionUpdate - set-statistics: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetStatisticsUpdate - remove-statistics: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemoveStatisticsUpdate - set-partition-statistics: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetPartitionStatisticsUpdate - remove-partition-statistics: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemovePartitionStatisticsUpdate - type: object - required: - - action - properties: - action: - type: string - Apache_Iceberg_REST_Catalog_API_AssignUUIDUpdate: - description: >- - Assigning a UUID to a table/view should only be done when creating the - table/view. It is not safe to re-assign the UUID if a table/view already - has a UUID assigned - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - uuid - properties: - action: - type: string - enum: - - assign-uuid - uuid: - type: string - Apache_Iceberg_REST_Catalog_API_UpgradeFormatVersionUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - format-version - properties: - action: - type: string - enum: - - upgrade-format-version - format-version: - type: integer - Apache_Iceberg_REST_Catalog_API_AddSchemaUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - schema - properties: - action: - type: string - enum: - - add-schema - schema: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Schema' - last-column-id: - type: integer - description: >- - The highest assigned column ID for the table. This is used to ensure - columns are always assigned an unused ID when evolving schemas. When - omitted, it will be computed on the server side. - Apache_Iceberg_REST_Catalog_API_SetCurrentSchemaUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - schema-id - properties: - action: - type: string - enum: - - set-current-schema - schema-id: - type: integer - description: Schema ID to set as current, or -1 to set last added schema - Apache_Iceberg_REST_Catalog_API_AddPartitionSpecUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - spec - properties: - action: - type: string - enum: - - add-spec - spec: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_PartitionSpec' - Apache_Iceberg_REST_Catalog_API_SetDefaultSpecUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - spec-id - properties: - action: - type: string - enum: - - set-default-spec - spec-id: - type: integer - description: >- - Partition spec ID to set as the default, or -1 to set last added - spec - Apache_Iceberg_REST_Catalog_API_AddSortOrderUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - sort-order - properties: - action: - type: string - enum: - - add-sort-order - sort-order: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_SortOrder' - Apache_Iceberg_REST_Catalog_API_SetDefaultSortOrderUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - sort-order-id - properties: - action: - type: string - enum: - - set-default-sort-order - sort-order-id: - type: integer - description: >- - Sort order ID to set as the default, or -1 to set last added sort - order - Apache_Iceberg_REST_Catalog_API_AddSnapshotUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - snapshot - properties: - action: - type: string - enum: - - add-snapshot - snapshot: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Snapshot' - Apache_Iceberg_REST_Catalog_API_SetSnapshotRefUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SnapshotReference - required: - - action - - ref-name - properties: - action: - type: string - enum: - - set-snapshot-ref - ref-name: - type: string - Apache_Iceberg_REST_Catalog_API_RemoveSnapshotsUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - snapshot-ids - properties: - action: - type: string - enum: - - remove-snapshots - snapshot-ids: - type: array - items: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_RemoveSnapshotRefUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - ref-name - properties: - action: - type: string - enum: - - remove-snapshot-ref - ref-name: - type: string - Apache_Iceberg_REST_Catalog_API_SetLocationUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - location - properties: - action: - type: string - enum: - - set-location - location: - type: string - Apache_Iceberg_REST_Catalog_API_SetPropertiesUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - updates - properties: - action: - type: string - enum: - - set-properties - updates: - type: object - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_RemovePropertiesUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - removals - properties: - action: - type: string - enum: - - remove-properties - removals: - type: array - items: - type: string - Apache_Iceberg_REST_Catalog_API_AddViewVersionUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - view-version - properties: - action: - type: string - enum: - - add-view-version - view-version: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewVersion' - Apache_Iceberg_REST_Catalog_API_SetCurrentViewVersionUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - view-version-id - properties: - action: - type: string - enum: - - set-current-view-version - view-version-id: - type: integer - description: >- - The view version id to set as current, or -1 to set last added view - version id - Apache_Iceberg_REST_Catalog_API_SetStatisticsUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - snapshot-id - - statistics - properties: - action: - type: string - enum: - - set-statistics - snapshot-id: - type: integer - format: int64 - statistics: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_StatisticsFile' - Apache_Iceberg_REST_Catalog_API_RemoveStatisticsUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - snapshot-id - properties: - action: - type: string - enum: - - remove-statistics - snapshot-id: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_SetPartitionStatisticsUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - partition-statistics - properties: - action: - type: string - enum: - - set-partition-statistics - partition-statistics: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_PartitionStatisticsFile - Apache_Iceberg_REST_Catalog_API_RemovePartitionStatisticsUpdate: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BaseUpdate' - required: - - action - - snapshot-id - properties: - action: - type: string - enum: - - remove-partition-statistics - snapshot-id: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_TableUpdate: - anyOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssignUUIDUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_UpgradeFormatVersionUpdate - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_AddSchemaUpdate' - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetCurrentSchemaUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AddPartitionSpecUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetDefaultSpecUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AddSortOrderUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetDefaultSortOrderUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AddSnapshotUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetSnapshotRefUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemoveSnapshotsUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemoveSnapshotRefUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetLocationUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetPropertiesUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemovePropertiesUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetStatisticsUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemoveStatisticsUpdate - Apache_Iceberg_REST_Catalog_API_ViewUpdate: - anyOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssignUUIDUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_UpgradeFormatVersionUpdate - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_AddSchemaUpdate' - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetLocationUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetPropertiesUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_RemovePropertiesUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AddViewVersionUpdate - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_SetCurrentViewVersionUpdate - Apache_Iceberg_REST_Catalog_API_TableRequirement: - discriminator: - propertyName: type - mapping: - assert-create: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertCreate' - assert-table-uuid: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertTableUUID' - assert-ref-snapshot-id: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertRefSnapshotId - assert-last-assigned-field-id: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertLastAssignedFieldId - assert-current-schema-id: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertCurrentSchemaId - assert-last-assigned-partition-id: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertLastAssignedPartitionId - assert-default-spec-id: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertDefaultSpecId - assert-default-sort-order-id: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertDefaultSortOrderId - type: object - required: - - type - properties: - type: - type: string - Apache_Iceberg_REST_Catalog_API_AssertCreate: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - type: object - description: The table must not already exist; used for create transactions - required: - - type - properties: - type: - type: string - enum: - - assert-create - Apache_Iceberg_REST_Catalog_API_AssertTableUUID: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - description: The table UUID must match the requirement's `uuid` - required: - - type - - uuid - properties: - type: - type: string - enum: - - assert-table-uuid - uuid: - type: string - Apache_Iceberg_REST_Catalog_API_AssertRefSnapshotId: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - description: >- - The table branch or tag identified by the requirement's `ref` must - reference the requirement's `snapshot-id`; if `snapshot-id` is `null` or - missing, the ref must not already exist - required: - - type - - ref - - snapshot-id - properties: - type: - type: string - enum: - - assert-ref-snapshot-id - ref: - type: string - snapshot-id: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_AssertLastAssignedFieldId: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - description: >- - The table's last assigned column id must match the requirement's - `last-assigned-field-id` - required: - - type - - last-assigned-field-id - properties: - type: - type: string - enum: - - assert-last-assigned-field-id - last-assigned-field-id: - type: integer - Apache_Iceberg_REST_Catalog_API_AssertCurrentSchemaId: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - description: >- - The table's current schema id must match the requirement's - `current-schema-id` - required: - - type - - current-schema-id - properties: - type: - type: string - enum: - - assert-current-schema-id - current-schema-id: - type: integer - Apache_Iceberg_REST_Catalog_API_AssertLastAssignedPartitionId: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - description: >- - The table's last assigned partition id must match the requirement's - `last-assigned-partition-id` - required: - - type - - last-assigned-partition-id - properties: - type: - type: string - enum: - - assert-last-assigned-partition-id - last-assigned-partition-id: - type: integer - Apache_Iceberg_REST_Catalog_API_AssertDefaultSpecId: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - description: >- - The table's default spec id must match the requirement's - `default-spec-id` - required: - - type - - default-spec-id - properties: - type: - type: string - enum: - - assert-default-spec-id - default-spec-id: - type: integer - Apache_Iceberg_REST_Catalog_API_AssertDefaultSortOrderId: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - description: >- - The table's default sort order id must match the requirement's - `default-sort-order-id` - required: - - type - - default-sort-order-id - properties: - type: - type: string - enum: - - assert-default-sort-order-id - default-sort-order-id: - type: integer - Apache_Iceberg_REST_Catalog_API_ViewRequirement: - discriminator: - propertyName: type - mapping: - assert-view-uuid: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_AssertViewUUID' - type: object - required: - - type - properties: - type: - type: string - Apache_Iceberg_REST_Catalog_API_AssertViewUUID: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewRequirement' - description: The view UUID must match the requirement's `uuid` - required: - - type - - uuid - properties: - type: - type: string - enum: - - assert-view-uuid - uuid: - type: string - Apache_Iceberg_REST_Catalog_API_LoadTableResult: - description: > - Result used when a table is successfully loaded. - - - - The table metadata JSON is returned in the `metadata` field. The - corresponding file location of table metadata should be returned in the - `metadata-location` field, unless the metadata is not yet committed. For - example, a create transaction may return metadata that is staged but not - committed. - - Clients can check whether metadata has changed by comparing metadata - locations after the table has been created. - - - - The `config` map returns table-specific configuration for the table's - resources, including its HTTP client and FileIO. For example, config may - contain a specific FileIO implementation class for the table depending - on its underlying storage. - - - - The following configurations should be respected by clients: - - - ## General Configurations - - - - `token`: Authorization bearer token to use for table requests if - OAuth2 security is enabled - - - ## AWS Configurations - - - The following configurations should be respected when working with - tables stored in AWS S3 - - `client.region`: region to configure client for making requests to AWS - - `s3.access-key-id`: id for for credentials that provide access to the data in S3 - - `s3.secret-access-key`: secret for credentials that provide access to data in S3 - - `s3.session-token`: if present, this value should be used for as the session token - - `s3.remote-signing-enabled`: if `true` remote signing should be performed as described in the `s3-signer-open-api.yaml` specification - type: object - required: - - metadata - properties: - metadata-location: - type: string - description: May be null if the table is staged as part of a transaction - metadata: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TableMetadata' - config: - type: object - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_CommitTableRequest: - type: object - required: - - requirements - - updates - properties: - identifier: - description: >- - Table identifier to update; must be present for - CommitTransactionRequest - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TableIdentifier' - requirements: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableRequirement - updates: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TableUpdate' - Apache_Iceberg_REST_Catalog_API_CommitViewRequest: - type: object - required: - - updates - properties: - identifier: - description: View identifier to update - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TableIdentifier' - requirements: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewRequirement - updates: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewUpdate' - Apache_Iceberg_REST_Catalog_API_CommitTransactionRequest: - type: object - required: - - table-changes - properties: - table-changes: - type: array - items: - description: Table commit request; must provide an `identifier` - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CommitTableRequest - Apache_Iceberg_REST_Catalog_API_CreateTableRequest: - type: object - required: - - name - - schema - properties: - name: - type: string - location: - type: string - schema: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Schema' - partition-spec: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_PartitionSpec' - write-order: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_SortOrder' - stage-create: - type: boolean - properties: - type: object - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_RegisterTableRequest: - type: object - required: - - name - - metadata-location - properties: - name: - type: string - metadata-location: - type: string - Apache_Iceberg_REST_Catalog_API_CreateViewRequest: - type: object - required: - - name - - schema - - view-version - - properties - properties: - name: - type: string - location: - type: string - schema: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Schema' - view-version: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewVersion' - description: >- - The view version to create, will replace the schema-id sent within - the view-version with the id assigned to the provided schema - properties: - type: object - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_LoadViewResult: - description: > - Result used when a view is successfully loaded. - - - - The view metadata JSON is returned in the `metadata` field. The - corresponding file location of view metadata is returned in the - `metadata-location` field. - - Clients can check whether metadata has changed by comparing metadata - locations after the view has been created. - - - The `config` map returns view-specific configuration for the view's - resources. - - - The following configurations should be respected by clients: - - - ## General Configurations - - - - `token`: Authorization bearer token to use for view requests if OAuth2 - security is enabled - type: object - required: - - metadata-location - - metadata - properties: - metadata-location: - type: string - metadata: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ViewMetadata' - config: - type: object - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_TokenType: - type: string - enum: - - urn:ietf:params:oauth:token-type:access_token - - urn:ietf:params:oauth:token-type:refresh_token - - urn:ietf:params:oauth:token-type:id_token - - urn:ietf:params:oauth:token-type:saml1 - - urn:ietf:params:oauth:token-type:saml2 - - urn:ietf:params:oauth:token-type:jwt - description: |- - Token type identifier, from RFC 8693 Section 3 - - See https://datatracker.ietf.org/doc/html/rfc8693#section-3 - Apache_Iceberg_REST_Catalog_API_OAuthClientCredentialsRequest: - description: |- - OAuth2 client credentials request - - See https://datatracker.ietf.org/doc/html/rfc6749#section-4.4 - type: object - required: - - grant_type - - client_id - - client_secret - properties: - grant_type: - type: string - enum: - - client_credentials - scope: - type: string - client_id: - type: string - description: >- - Client ID - - - This can be sent in the request body, but OAuth2 recommends sending - it in a Basic Authorization header. - client_secret: - type: string - description: >- - Client secret - - - This can be sent in the request body, but OAuth2 recommends sending - it in a Basic Authorization header. - Apache_Iceberg_REST_Catalog_API_OAuthTokenExchangeRequest: - description: |- - OAuth2 token exchange request - - See https://datatracker.ietf.org/doc/html/rfc8693 - type: object - required: - - grant_type - - subject_token - - subject_token_type - properties: - grant_type: - type: string - enum: - - urn:ietf:params:oauth:grant-type:token-exchange - scope: - type: string - requested_token_type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TokenType' - subject_token: - type: string - description: Subject token for token exchange request - subject_token_type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TokenType' - actor_token: - type: string - description: Actor token for token exchange request - actor_token_type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TokenType' - Apache_Iceberg_REST_Catalog_API_OAuthTokenRequest: - anyOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_OAuthClientCredentialsRequest - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_OAuthTokenExchangeRequest - Apache_Iceberg_REST_Catalog_API_CounterResult: - type: object - required: - - unit - - value - properties: - unit: - type: string - value: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_TimerResult: - type: object - required: - - time-unit - - count - - total-duration - properties: - time-unit: - type: string - count: - type: integer - format: int64 - total-duration: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_MetricResult: - anyOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_CounterResult' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TimerResult' - Apache_Iceberg_REST_Catalog_API_Metrics: - type: object - additionalProperties: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_MetricResult' - example: - metrics: - total-planning-duration: - count: 1 - time-unit: nanoseconds - total-duration: 2644235116 - result-data-files: - unit: count - value: 1 - result-delete-files: - unit: count - value: 0 - total-data-manifests: - unit: count - value: 1 - total-delete-manifests: - unit: count - value: 0 - scanned-data-manifests: - unit: count - value: 1 - skipped-data-manifests: - unit: count - value: 0 - total-file-size-bytes: - unit: bytes - value: 10 - total-delete-file-size-bytes: - unit: bytes - value: 0 - Apache_Iceberg_REST_Catalog_API_ReportMetricsRequest: - anyOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ScanReport' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_CommitReport' - required: - - report-type - properties: - report-type: - type: string - Apache_Iceberg_REST_Catalog_API_ScanReport: - type: object - required: - - table-name - - snapshot-id - - filter - - schema-id - - projected-field-ids - - projected-field-names - - metrics - properties: - table-name: - type: string - snapshot-id: - type: integer - format: int64 - filter: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Expression' - schema-id: - type: integer - projected-field-ids: - type: array - items: - type: integer - projected-field-names: - type: array - items: - type: string - metrics: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Metrics' - metadata: - type: object - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_CommitReport: - type: object - required: - - table-name - - snapshot-id - - sequence-number - - operation - - metrics - properties: - table-name: - type: string - snapshot-id: - type: integer - format: int64 - sequence-number: - type: integer - format: int64 - operation: - type: string - metrics: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Metrics' - metadata: - type: object - additionalProperties: - type: string - Apache_Iceberg_REST_Catalog_API_NotificationRequest: - required: - - notification-type - - payload - properties: - notification-type: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_NotificationType - payload: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableUpdateNotification - Apache_Iceberg_REST_Catalog_API_NotificationType: - type: string - enum: - - UNKNOWN - - CREATE - - UPDATE - - DROP - - VALIDATE - Apache_Iceberg_REST_Catalog_API_TableUpdateNotification: - type: object - required: - - table-name - - timestamp - - table-uuid - - metadata-location - properties: - table-name: - type: string - timestamp: - type: integer - format: int64 - table-uuid: - type: string - metadata-location: - type: string - metadata: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TableMetadata' - Apache_Iceberg_REST_Catalog_API_OAuthError: - type: object - required: - - error - properties: - error: - type: string - enum: - - invalid_request - - invalid_client - - invalid_grant - - unauthorized_client - - unsupported_grant_type - - invalid_scope - error_description: - type: string - error_uri: - type: string - Apache_Iceberg_REST_Catalog_API_OAuthTokenResponse: - type: object - required: - - access_token - - token_type - properties: - access_token: - type: string - description: The access token, for client credentials or token exchange - token_type: - type: string - enum: - - bearer - - mac - - N_A - description: |- - Access token type for client credentials or token exchange - - See https://datatracker.ietf.org/doc/html/rfc6749#section-7.1 - expires_in: - type: integer - description: >- - Lifetime of the access token in seconds for client credentials or - token exchange - issued_token_type: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TokenType' - refresh_token: - type: string - description: Refresh token for client credentials or token exchange - scope: - type: string - description: Authorization scope for client credentials or token exchange - Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse: - description: JSON wrapper for all error responses (non-2xx) - type: object - required: - - error - properties: - error: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel' - additionalProperties: false - example: - error: - message: The server does not support this operation - type: UnsupportedOperationException - code: 406 - Apache_Iceberg_REST_Catalog_API_CreateNamespaceResponse: - type: object - required: - - namespace - properties: - namespace: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Namespace' - properties: - type: object - additionalProperties: - type: string - description: Properties stored on the namespace, if supported by the server. - example: - owner: Ralph - created_at: '1452120468' - default: {} - Apache_Iceberg_REST_Catalog_API_GetNamespaceResponse: - type: object - required: - - namespace - properties: - namespace: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Namespace' - properties: - type: object - description: >- - Properties stored on the namespace, if supported by the server. If - the server does not support namespace properties, it should return - null for this field. If namespace properties are supported, but none - are set, it should return an empty object. - additionalProperties: - type: string - example: - owner: Ralph - transient_lastDdlTime: '1452120468' - default: {} - nullable: true - Apache_Iceberg_REST_Catalog_API_ListTablesResponse: - type: object - properties: - next-page-token: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_PageToken' - identifiers: - type: array - uniqueItems: true - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TableIdentifier - Apache_Iceberg_REST_Catalog_API_ListNamespacesResponse: - type: object - properties: - next-page-token: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_PageToken' - namespaces: - type: array - uniqueItems: true - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_Namespace' - Apache_Iceberg_REST_Catalog_API_UpdateNamespacePropertiesResponse: - type: object - required: - - updated - - removed - properties: - updated: - description: List of property keys that were added or updated - type: array - uniqueItems: true - items: - type: string - removed: - description: List of properties that were removed - type: array - items: - type: string - missing: - type: array - items: - type: string - description: >- - List of properties requested for removal that were not found in the - namespace's properties. Represents a partial success response. - Server's do not need to implement this. - nullable: true - Apache_Iceberg_REST_Catalog_API_CommitTableResponse: - type: object - required: - - metadata-location - - metadata - properties: - metadata-location: - type: string - metadata: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TableMetadata' - Apache_Iceberg_REST_Catalog_API_StatisticsFile: - type: object - required: - - snapshot-id - - statistics-path - - file-size-in-bytes - - file-footer-size-in-bytes - - blob-metadata - properties: - snapshot-id: - type: integer - format: int64 - statistics-path: - type: string - file-size-in-bytes: - type: integer - format: int64 - file-footer-size-in-bytes: - type: integer - format: int64 - blob-metadata: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BlobMetadata' - Apache_Iceberg_REST_Catalog_API_BlobMetadata: - type: object - required: - - type - - snapshot-id - - sequence-number - - fields - properties: - type: - type: string - snapshot-id: - type: integer - format: int64 - sequence-number: - type: integer - format: int64 - fields: - type: array - items: - type: integer - properties: - type: object - Apache_Iceberg_REST_Catalog_API_PartitionStatisticsFile: - type: object - required: - - snapshot-id - - statistics-path - - file-size-in-bytes - properties: - snapshot-id: - type: integer - format: int64 - statistics-path: - type: string - file-size-in-bytes: - type: integer - format: int64 - Apache_Iceberg_REST_Catalog_API_BooleanTypeValue: - type: boolean - example: true - Apache_Iceberg_REST_Catalog_API_IntegerTypeValue: - type: integer - example: 42 - Apache_Iceberg_REST_Catalog_API_LongTypeValue: - type: integer - format: int64 - example: 9223372036854776000 - Apache_Iceberg_REST_Catalog_API_FloatTypeValue: - type: number - format: float - example: 3.14 - Apache_Iceberg_REST_Catalog_API_DoubleTypeValue: - type: number - format: double - example: 123.456 - Apache_Iceberg_REST_Catalog_API_DecimalTypeValue: - type: string - description: >- - Decimal type values are serialized as strings. Decimals with a positive - scale serialize as numeric plain text, while decimals with a negative - scale use scientific notation and the exponent will be equal to the - negated scale. For instance, a decimal with a positive scale is - '123.4500', with zero scale is '2', and with a negative scale is - '2E+20' - example: '123.4500' - Apache_Iceberg_REST_Catalog_API_StringTypeValue: - type: string - example: hello - Apache_Iceberg_REST_Catalog_API_UUIDTypeValue: - type: string - format: uuid - pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ - maxLength: 36 - minLength: 36 - description: >- - UUID type values are serialized as a 36-character lowercase string in - standard UUID format as specified by RFC-4122 - example: eb26bdb1-a1d8-4aa6-990e-da940875492c - Apache_Iceberg_REST_Catalog_API_DateTypeValue: - type: string - format: date - description: Date type values follow the 'YYYY-MM-DD' ISO-8601 standard date format - example: '2007-12-03' - Apache_Iceberg_REST_Catalog_API_TimeTypeValue: - type: string - description: >- - Time type values follow the 'HH:MM:SS.ssssss' ISO-8601 format with - microsecond precision - example: '22:31:08.123456' - Apache_Iceberg_REST_Catalog_API_TimestampTypeValue: - type: string - description: >- - Timestamp type values follow the 'YYYY-MM-DDTHH:MM:SS.ssssss' ISO-8601 - format with microsecond precision - example: '2007-12-03T10:15:30.123456' - Apache_Iceberg_REST_Catalog_API_TimestampTzTypeValue: - type: string - description: >- - TimestampTz type values follow the 'YYYY-MM-DDTHH:MM:SS.ssssss+00:00' - ISO-8601 format with microsecond precision, and a timezone offset - (+00:00 for UTC) - example: '2007-12-03T10:15:30.123456+00:00' - Apache_Iceberg_REST_Catalog_API_TimestampNanoTypeValue: - type: string - description: >- - Timestamp_ns type values follow the 'YYYY-MM-DDTHH:MM:SS.sssssssss' - ISO-8601 format with nanosecond precision - example: '2007-12-03T10:15:30.123456789' - Apache_Iceberg_REST_Catalog_API_TimestampTzNanoTypeValue: - type: string - description: >- - Timestamp_ns type values follow the - 'YYYY-MM-DDTHH:MM:SS.sssssssss+00:00' ISO-8601 format with nanosecond - precision, and a timezone offset (+00:00 for UTC) - example: '2007-12-03T10:15:30.123456789+00:00' - Apache_Iceberg_REST_Catalog_API_FixedTypeValue: - type: string - description: >- - Fixed length type values are stored and serialized as an uppercase - hexadecimal string preserving the fixed length - example: 78797A - Apache_Iceberg_REST_Catalog_API_BinaryTypeValue: - type: string - description: >- - Binary type values are stored and serialized as an uppercase hexadecimal - string - example: 78797A - Apache_Iceberg_REST_Catalog_API_CountMap: - type: object - properties: - keys: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IntegerTypeValue - description: List of integer column ids for each corresponding value - values: - type: array - items: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_LongTypeValue' - description: List of Long values, matched to 'keys' by index - example: - keys: - - 1 - - 2 - values: - - 100 - - 200 - Apache_Iceberg_REST_Catalog_API_ValueMap: - type: object - properties: - keys: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IntegerTypeValue - description: List of integer column ids for each corresponding value - values: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_PrimitiveTypeValue - description: List of primitive type values, matched to 'keys' by index - example: - keys: - - 1 - - 2 - values: - - 100 - - test - Apache_Iceberg_REST_Catalog_API_PrimitiveTypeValue: - oneOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_BooleanTypeValue - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IntegerTypeValue - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_LongTypeValue' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_FloatTypeValue' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_DoubleTypeValue' - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_DecimalTypeValue - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_StringTypeValue' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_UUIDTypeValue' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_DateTypeValue' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_TimeTypeValue' - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TimestampTypeValue - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TimestampTzTypeValue - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TimestampNanoTypeValue - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_TimestampTzNanoTypeValue - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_FixedTypeValue' - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_BinaryTypeValue' - Apache_Iceberg_REST_Catalog_API_FileFormat: - type: string - enum: - - avro - - orc - - parquet - Apache_Iceberg_REST_Catalog_API_ContentFile: - discriminator: - propertyName: content - mapping: - data: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_DataFile' - position-deletes: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_PositionDeleteFile - equality-deletes: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_EqualityDeleteFile - type: object - required: - - spec-id - - content - - file-path - - file-format - - file-size-in-bytes - - record-count - properties: - content: - type: string - file-path: - type: string - file-format: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_FileFormat' - spec-id: - type: integer - partition: - type: array - items: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_PrimitiveTypeValue - description: >- - A list of partition field values ordered based on the fields of the - partition spec specified by the `spec-id` - example: - - 1 - - bar - file-size-in-bytes: - type: integer - format: int64 - description: Total file size in bytes - record-count: - type: integer - format: int64 - description: Number of records in the file - key-metadata: - allOf: - - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_BinaryTypeValue - description: Encryption key metadata blob - split-offsets: - type: array - items: - type: integer - format: int64 - description: List of splittable offsets - sort-order-id: - type: integer - Apache_Iceberg_REST_Catalog_API_DataFile: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ContentFile' - type: object - required: - - content - properties: - content: - type: string - enum: - - data - column-sizes: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_CountMap' - description: Map of column id to total count, including null and NaN - value-counts: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_CountMap' - description: Map of column id to null value count - null-value-counts: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_CountMap' - description: Map of column id to null value count - nan-value-counts: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_CountMap' - description: Map of column id to number of NaN values in the column - lower-bounds: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ValueMap' - description: Map of column id to lower bound primitive type values - upper-bounds: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ValueMap' - description: Map of column id to upper bound primitive type values - Apache_Iceberg_REST_Catalog_API_PositionDeleteFile: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ContentFile' - required: - - content - properties: - content: - type: string - enum: - - position-deletes - Apache_Iceberg_REST_Catalog_API_EqualityDeleteFile: - allOf: - - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ContentFile' - required: - - content - properties: - content: - type: string - enum: - - equality-deletes - equality-ids: - type: array - items: - type: integer - description: List of equality field IDs - parameters: - Apache_Iceberg_REST_Catalog_API_namespace: - name: namespace - in: path - required: true - description: >- - A namespace identifier as a single string. Multipart namespace parts - should be separated by the unit separator (`0x1F`) byte. - schema: - type: string - examples: - singlepart_namespace: - value: accounting - multipart_namespace: - value: accounting%1Ftax - Apache_Iceberg_REST_Catalog_API_prefix: - name: prefix - in: path - schema: - type: string - required: true - description: An optional prefix in the path - Apache_Iceberg_REST_Catalog_API_table: - name: table - in: path - description: A table name - required: true - schema: - type: string - example: sales - Apache_Iceberg_REST_Catalog_API_view: - name: view - in: path - description: A view name - required: true - schema: - type: string - example: sales - Apache_Iceberg_REST_Catalog_API_data-access: - name: X-Iceberg-Access-Delegation - in: header - description: > - Optional signal to the server that the client supports delegated access - via a comma-separated list of access mechanisms. The server may choose - to supply access via any or none of the requested mechanisms. - - - Specific properties and handling for `vended-credentials` is documented - in the `LoadTableResult` schema section of this spec document. - - - The protocol and specification for `remote-signing` is documented in - the `s3-signer-open-api.yaml` OpenApi spec in the `aws` module. - required: false - schema: - type: string - enum: - - vended-credentials - - remote-signing - style: simple - explode: false - example: vended-credentials,remote-signing - Apache_Iceberg_REST_Catalog_API_page-token: - name: pageToken - in: query - required: false - allowEmptyValue: true - schema: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_PageToken' - Apache_Iceberg_REST_Catalog_API_page-size: - name: pageSize - in: query - description: >- - For servers that support pagination, this signals an upper bound of the - number of results that a client will receive. For servers that do not - support pagination, clients may receive results larger than the - indicated `pageSize`. - required: false - schema: - type: integer - minimum: 1 - responses: - Apache_Iceberg_REST_Catalog_API_OAuthTokenResponse: - description: OAuth2 token response for client credentials or token exchange - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_OAuthTokenResponse - Apache_Iceberg_REST_Catalog_API_OAuthErrorResponse: - description: OAuth2 error response - content: - application/json: - schema: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_OAuthError' - Apache_Iceberg_REST_Catalog_API_BadRequestErrorResponse: - description: >- - Indicates a bad request error. It could be caused by an unexpected - request body format or other forms of request validation failure, such - as invalid json. Usually serves application/json content, although in - some cases simple text/plain content might be returned by the server's - middleware. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Malformed request - type: BadRequestException - code: 400 - Apache_Iceberg_REST_Catalog_API_UnauthorizedResponse: - description: >- - Unauthorized. Authentication is required and has failed or has not yet - been provided. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Not authorized to make this request - type: NotAuthorizedException - code: 401 - Apache_Iceberg_REST_Catalog_API_ForbiddenResponse: - description: Forbidden. Authenticated user does not have the necessary permissions. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Not authorized to make this request - type: NotAuthorizedException - code: 403 - Apache_Iceberg_REST_Catalog_API_UnsupportedOperationResponse: - description: >- - Not Acceptable / Unsupported Operation. The server does not support this - operation. - content: - application/json: - schema: - $ref: '#/components/schemas/Apache_Iceberg_REST_Catalog_API_ErrorModel' - example: - error: - message: The server does not support this operation - type: UnsupportedOperationException - code: 406 - Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse: - description: JSON wrapper for all error responses (non-2xx) - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: The server does not support this operation - type: UnsupportedOperationException - code: 406 - Apache_Iceberg_REST_Catalog_API_CreateNamespaceResponse: - description: >- - Represents a successful call to create a namespace. Returns the - namespace created, as well as any properties that were stored for the - namespace, including those the server might have added. Implementations - are not required to support namespace properties. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CreateNamespaceResponse - example: - namespace: - - accounting - - tax - properties: - owner: Ralph - created_at: '1452120468' - Apache_Iceberg_REST_Catalog_API_GetNamespaceResponse: - description: >- - Returns a namespace, as well as any properties stored on the namespace - if namespace properties are supported by the server. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_GetNamespaceResponse - Apache_Iceberg_REST_Catalog_API_ListTablesResponse: - description: A list of table identifiers - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ListTablesResponse - examples: - ListTablesResponseNonEmpty: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_ListTablesNonEmptyExample - ListTablesResponseEmpty: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_ListTablesEmptyExample - Apache_Iceberg_REST_Catalog_API_ListNamespacesResponse: - description: A list of namespaces - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_ListNamespacesResponse - examples: - NonEmptyResponse: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_ListNamespacesNonEmptyExample - EmptyResponse: - $ref: >- - #/components/examples/Apache_Iceberg_REST_Catalog_API_ListNamespacesEmptyExample - Apache_Iceberg_REST_Catalog_API_AuthenticationTimeoutResponse: - description: >- - Credentials have timed out. If possible, the client should refresh - credentials and retry. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Credentials have timed out - type: AuthenticationTimeoutException - code: 419 - Apache_Iceberg_REST_Catalog_API_ServiceUnavailableResponse: - description: >- - The service is not ready to handle the request. The client should wait - and retry. - - - The service may additionally send a Retry-After header to indicate when - to retry. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Slow down - type: SlowDownException - code: 503 - Apache_Iceberg_REST_Catalog_API_ServerErrorResponse: - description: >- - A server-side problem that might not be addressable from the client - side. Used for server 5xx errors without more specific documentation in - individual routes. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_IcebergErrorResponse - example: - error: - message: Internal Server Error - type: InternalServerError - code: 500 - Apache_Iceberg_REST_Catalog_API_UpdateNamespacePropertiesResponse: - description: JSON data response for a synchronous update properties request. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_UpdateNamespacePropertiesResponse - example: - updated: - - owner - removed: - - foo - missing: - - bar - Apache_Iceberg_REST_Catalog_API_CreateTableResponse: - description: Table metadata result after creating a table - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_LoadTableResult - Apache_Iceberg_REST_Catalog_API_LoadTableResponse: - description: Table metadata result when loading a table - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_LoadTableResult - Apache_Iceberg_REST_Catalog_API_LoadViewResponse: - description: View metadata result when loading a view - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_LoadViewResult - Apache_Iceberg_REST_Catalog_API_CommitTableResponse: - description: >- - Response used when a table is successfully updated. - - The table metadata JSON is returned in the metadata field. The - corresponding file location of table metadata must be returned in the - metadata-location field. Clients can check whether metadata has changed - by comparing metadata locations. - content: - application/json: - schema: - $ref: >- - #/components/schemas/Apache_Iceberg_REST_Catalog_API_CommitTableResponse - examples: - Apache_Iceberg_REST_Catalog_API_ListTablesEmptyExample: - summary: An empty list for a namespace with no tables - value: - identifiers: [] - Apache_Iceberg_REST_Catalog_API_ListNamespacesEmptyExample: - summary: An empty list of namespaces - value: - namespaces: [] - Apache_Iceberg_REST_Catalog_API_ListNamespacesNonEmptyExample: - summary: A non-empty list of namespaces - value: - namespaces: - - - accounting - - tax - - - accounting - - credits - Apache_Iceberg_REST_Catalog_API_ListTablesNonEmptyExample: - summary: A non-empty list of table identifiers - value: - identifiers: - - namespace: - - accounting - - tax - name: paid - - namespace: - - accounting - - tax - name: owed - Apache_Iceberg_REST_Catalog_API_MultipartNamespaceAsPathVariable: - summary: A multi-part namespace, as represented in a path parameter - value: accounting%1Ftax - Apache_Iceberg_REST_Catalog_API_NamespaceAsPathVariable: - summary: A single part namespace, as represented in a path paremeter - value: accounting - Apache_Iceberg_REST_Catalog_API_NamespaceAlreadyExistsError: - summary: The requested namespace already exists - value: - error: - message: The given namespace already exists - type: AlreadyExistsException - code: 409 - Apache_Iceberg_REST_Catalog_API_NoSuchTableError: - summary: The requested table does not exist - value: - error: - message: The given table does not exist - type: NoSuchTableException - code: 404 - Apache_Iceberg_REST_Catalog_API_NoSuchViewError: - summary: The requested view does not exist - value: - error: - message: The given view does not exist - type: NoSuchViewException - code: 404 - Apache_Iceberg_REST_Catalog_API_NoSuchNamespaceError: - summary: The requested namespace does not exist - value: - error: - message: The given namespace does not exist - type: NoSuchNamespaceException - code: 404 - Apache_Iceberg_REST_Catalog_API_RenameTableSameNamespace: - summary: Rename a table in the same namespace - value: - source: - namespace: - - accounting - - tax - name: paid - destination: - namespace: - - accounting - - tax - name: owed - Apache_Iceberg_REST_Catalog_API_RenameViewSameNamespace: - summary: Rename a view in the same namespace - value: - source: - namespace: - - accounting - - tax - name: paid-view - destination: - namespace: - - accounting - - tax - name: owed-view - Apache_Iceberg_REST_Catalog_API_TableAlreadyExistsError: - summary: The requested table identifier already exists - value: - error: - message: The given table already exists - type: AlreadyExistsException - code: 409 - Apache_Iceberg_REST_Catalog_API_ViewAlreadyExistsError: - summary: The requested view identifier already exists - value: - error: - message: The given view already exists - type: AlreadyExistsException - code: 409 - Apache_Iceberg_REST_Catalog_API_UnprocessableEntityDuplicateKey: - summary: >- - The request body either has the same key multiple times in what should - be a map with unique keys or the request body has keys in two or more - fields which should be disjoint sets. - value: - error: - message: >- - The request cannot be processed as there is a key present multiple - times - type: UnprocessableEntityException - code: 422 - Apache_Iceberg_REST_Catalog_API_UpdateAndRemoveNamespacePropertiesRequest: - summary: >- - An update namespace properties request with both properties to remove - and properties to upsert. - value: - removals: - - foo - - bar - updates: - owner: Raoul - Apache_Iceberg_REST_Catalog_API_OutOfOrderNotificationError: - summary: >- - The timestamp of the received notification is older than or equal to the - most recent timestamp Polaris has already processed for the specified - table. - value: - error: - message: A notification with a newer timestamp has been admitted for table - type: AlreadyExistsException - code: 409 -x-tagGroups: - - name: Apache Polaris (Incubating) Documentation - tags: - - Overview - - Polaris Entities - - Access Control - - Configuring Polaris for Production - - name: Polaris Management Service - tags: - - polaris-management-service_other - - name: Apache Iceberg REST Catalog API - tags: - - Configuration API - - OAuth2 API - - Catalog API diff --git a/spec/redocly.yaml b/spec/redocly.yaml deleted file mode 100644 index a00d458e9..000000000 --- a/spec/redocly.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -theme: - openapi: - theme: - typography: - fontFamily: 'Roboto, sans-serif' - logo: - gutter: '15px' - -seo: - title: Polaris Catalog Documentation - description: Learn how to work with the Open Source Polaris Catalog for Apache Iceberg \ No newline at end of file