TemporaryModelVersionCredentialsService

Author: jaceklaskowski

docs/credential-vending/index.md

@@ -37,6 +37,19 @@ The path operations are used for [TemporaryPathCredentialsService](../server/Tem
 ??? note "OpenAPI Generator"
     Path operations are defined in `PathOperation` enum in Unity Catalog's [OpenAPI specification]({{ uc.github }}/api/all.yaml).
 
+## Model Version Operations
+
+There are the following model version operations supported in Unity Catalog:
+
+* `READ_MODEL_VERSION`
+* `READ_WRITE_MODEL_VERSION`
+* `UNKNOWN_MODEL_VERSION_OPERATION`
+
+The path operations are used for [TemporaryModelVersionCredentialsService](../server/TemporaryModelVersionCredentialsService.md) to determine the [privileges for a model version operation](../server/TemporaryModelVersionCredentialsService.md#modelVersionOperationToPrivileges) (while [generating temporary model version credentials](../server/TemporaryModelVersionCredentialsService.md#generateTemporaryModelVersionCredentials)).
+
+??? note "OpenAPI Generator"
+    Path operations are defined in `ModelVersionOperation` enum in Unity Catalog's [OpenAPI specification]({{ uc.github }}/api/all.yaml).
+
 ## Amazon S3
 
 [Alex Reid once wrote]({{ uc.slack }}/C076YREKX8W/p1728333073156489?thread_ts=1728308961.254459&cid=C076YREKX8W):

docs/server/TemporaryModelVersionCredentialsService.md

@@ -1,5 +1,13 @@
 # TemporaryModelVersionCredentialsService
 
+`TemporaryModelVersionCredentialsService` is an API service of [UnityCatalogServer](UnityCatalogServer.md) to handle HTTP requests at `/api/2.1/unity-catalog/temporary-model-version-credentials` URL.
+
+Method | URL | Handler | Params
+-|-|-|-
+ POST | `/` | [generateTemporaryModelVersionCredentials](#generateTemporaryModelVersionCredentials) | JSON-ified `GenerateTemporaryModelVersionCredential`
+
+`TemporaryModelVersionCredentialsService` supports [credential vending](#generateTemporaryModelVersionCredentials) for model versions in non-file-based storage locations.
+
 ## Creating Instance
 
 `TemporaryModelVersionCredentialsService` takes the following to be created:
@@ -17,11 +25,32 @@ While being created, `TemporaryModelVersionCredentialsService` creates an [Unity
 
 `TemporaryModelVersionCredentialsService` creates an [UnityAccessEvaluator](../server-authorization/UnityAccessEvaluator.md) (with the given [UnityCatalogAuthorizer](#authorizer)) when [created](#creating-instance).
 
-## generateTemporaryModelVersionCredentials { #generateTemporaryModelVersionCredentials }
+## ModelRepository { #MODEL_REPOSITORY }
+
+`TemporaryModelVersionCredentialsService` gets the system-wide [ModelRepository](../persistent-storage/ModelRepository.md#getInstance) instance when [created](#creating-instance).
+
+`TemporaryModelVersionCredentialsService` uses the `ModelRepository` to [look up the model version](../persistent-storage/ModelRepository.md#getModelVersion) while [generating temporary model version credentials](#generateTemporaryModelVersionCredentials).
+
+## Generate Temporary Model Version Credentials { #generateTemporaryModelVersionCredentials }
 
 ``` java
 HttpResponse generateTemporaryModelVersionCredentials(
   GenerateTemporaryModelVersionCredential generateTemporaryModelVersionCredentials)
 ```
 
 `generateTemporaryModelVersionCredentials`...FIXME
+
+### Privileges by Model Version Operation { #modelVersionOperationToPrivileges }
+
+```java
+Set<CredentialContext.Privilege> modelVersionOperationToPrivileges(
+  ModelVersionOperation modelVersionOperation)
+```
+
+`modelVersionOperationToPrivileges` converts the given [ModelVersionOperation](../credential-vending/index.md#model-version-operations) to [Privileges](../basic-server-access-control/index.md#privileges):
+
+ModelVersionOperation | Privileges
+-|-
+ `READ_MODEL_VERSION` | `SELECT`
+ `READ_WRITE_MODEL_VERSION` | `SELECT`, `UPDATE`
+ `UNKNOWN_MODEL_VERSION_OPERATION` | A `BaseException` is thrown

docs/server/TemporaryPathCredentialsService.md

@@ -73,6 +73,6 @@ Set<CredentialContext.Privilege> pathOperationToPrivileges(
 PathOperation | Privileges
 -|-
  `PATH_READ` | `SELECT`
- `PATH_READ_WRITE` | `SELECT` and `UPDATE`
- `PATH_CREATE_TABLE` | `SELECT` and `UPDATE`
+ `PATH_READ_WRITE` | `SELECT`, `UPDATE`
+ `PATH_CREATE_TABLE` | `SELECT`, `UPDATE`
  `UNKNOWN_PATH_OPERATION` | (empty)