Package org.apache.polaris.service.identity

Interface ServiceIdentityConfiguration

@ConfigMapping(prefix="polaris.service-identity") public interface ServiceIdentityConfiguration
Configuration interface for managing service identities across multiple realms in Polaris.

A service identity represents the Polaris service itself when it needs to authenticate to external systems (e.g., AWS services for SigV4 authentication). Each realm can configure its own set of service identities for different cloud providers.

This interface supports multi-tenant deployments where each realm (tenant) can have distinct service identities, as well as single-tenant deployments with a default configuration shared across all catalogs.

Configuration is loaded from polaris.service-identity.* properties at startup and includes credentials that Polaris uses to assume customer-provided roles when accessing federated catalogs.

Example Configuration: 


 # Default service identity (used when no realm-specific configuration exists)
 polaris.service-identity.aws-iam.iam-arn=arn:aws:iam::123456789012:user/polaris-default-user
 # Optional: provide static credentials, or omit to use AWS default credential chain
 polaris.service-identity.aws-iam.access-key-id=<access-key-id>
 polaris.service-identity.aws-iam.secret-access-key=<secret-access-key>
 polaris.service-identity.aws-iam.session-token=<optional-session-token>

 # Realm-specific service identity for multi-tenant deployments
 polaris.service-identity.my-realm.aws-iam.iam-arn=arn:aws:iam::123456789012:user/my-realm-user
 polaris.service-identity.my-realm.aws-iam.access-key-id=<access-key-id>
 polaris.service-identity.my-realm.aws-iam.secret-access-key=<secret-access-key>

  • Field Details

    • DEFAULT_REALM_KEY

      static final String DEFAULT_REALM_KEY
      The key used to identify the default realm configuration.

      This default is especially useful in testing scenarios and single-tenant deployments where only one realm is expected and explicitly configuring realms is unnecessary.

      See Also:

  • Method Details

    • realms

      @WithParentName @WithUnnamedKey("<default>") @WithDefaults @WithUnnamedKey("<default>") Map<String,RealmServiceIdentityConfiguration> realms()
      Returns a map of realm identifiers to their corresponding service identity configurations.
      Returns:
      the map of realm-specific configurations

    • forRealm

      default ServiceIdentityConfiguration.RealmConfigEntry forRealm(org.apache.polaris.core.context.RealmContext realmContext)
      Retrieves the configuration entry for the given realm context.

      If the realm has no specific configuration, falls back to the default realm configuration.

      Parameters:
      realmContext - the realm context
      Returns:
      the configuration entry containing the realm identifier and its configuration

    • forRealm

      default ServiceIdentityConfiguration.RealmConfigEntry forRealm(String realmIdentifier)
      Retrieves the configuration entry for the given realm identifier.

      If the realm has no specific configuration, falls back to the default realm configuration (DEFAULT_REALM_KEY). If the default realm configuration is also not set, returns a default configuration that uses environment-based credentials.

      Parameters:
      realmIdentifier - the realm identifier
      Returns:
      the configuration entry containing the realm identifier and its configuration