made the regex more generic #3005
Merged
+35
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dimas-b
reviewed
Nov 7, 2025
Contributor
dimas-b
left a comment
dimas-b
left a comment
There was a problem hiding this comment.
Thanks for your contribution, @cccs-cat001 ! In general the regex change looks reasonable to me. However, given that some existing applications may rely on the more strict regex (I do not know for sure), I've started a dev ML discussion too. Let's wait a few days for people to raise concerns (if any).
https://lists.apache.org/thread/dvgtn32h722h9xtvty84h21474q1b4jr
polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java
Outdated
Show resolved
Hide resolved
dimas-b
previously approved these changes
Nov 7, 2025
github-project-automation
bot
moved this from PRs In Progress
to Ready to merge
in Basic Kanban Board
flyrain
reviewed
Nov 7, 2025
polaris-core/src/main/java/org/apache/polaris/core/storage/aws/AwsStorageConfigurationInfo.java
Show resolved
Hide resolved
flyrain
reviewed
Nov 7, 2025
runtime/service/src/test/java/org/apache/polaris/service/entity/CatalogEntityTest.java
Outdated
Show resolved
Hide resolved
flyrain
reviewed
Nov 7, 2025
|
|
||
| @ParameterizedTest | ||
| @ValueSource(strings = {"", "arn:aws:iam::0123456:role/jdoe", "aws-cn"}) | ||
| @ValueSource(strings = {"", "arn:aws:iam:0123456:role/jdoe", "aws-cn"}) |
Contributor
There was a problem hiding this comment.
Can we have another test for a valid non-aws role string which can pass the validation? So that, any regression will be caught if the regex change happens.
dimas-b
approved these changes
Nov 7, 2025
flyrain
approved these changes
Nov 7, 2025
github-project-automation
bot
moved this from Ready to merge
to Done
in Basic Kanban Board
Contributor
|
Thanks a lot for the change, @cccs-cat001 ! Thanks a lot for the review and dev mailing discussion, @dimas-b ! |
dimas-b
added a commit
to dimas-b/polaris
that referenced
this pull request
Nov 17, 2025
Following up on apache#3005, which allowed a wide range of ARN values in the validation RegEx, remove an additional explicit check for `aws-cn` being present in the ARN as a sub-string. Update existing unit tests to process `aws-cn` ARNs as common `aws` ARNs. Note: the old validation code does not look correct because it used to check for `aws-cn` anywhere in the ARN string, not just in its "partition" component.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We found a use case where the AWS ARN regex pattern was too specific and caused us issues connecting to our private S3 storage that's not on AWS. This fixes that issue.
Checklist
CHANGELOG.md(if needed)site/content/in-dev/unreleased(if needed)