Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a flag to control whether credentials are printed during bootstrapping #461

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add a flag to control whether credentials are printed during bootstrapping #461

wants to merge 2 commits into from

Conversation

eric-maynard
Copy link
Contributor

Description

This adds a new flag, BOOTSTRAP_PRINT_CREDENTIALS, that controls whether the bootstrap command prints root credentials to stdout.

If it's disabled, and environment variables were not provided to set the root credentials, bootstrapping will fail.

Fixes #450

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • Documentation update
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Credentials are now printed during bootstrap when it's enabled:

realm: default-realm root principal credentials: 2b98107557bcce20:f74281319ac8519ef30cbced6563223b

@eric-maynard eric-maynard mentioned this pull request Nov 21, 2024
Open
dimas-b
dimas-b reviewed Nov 21, 2024
View reviewed changes
...e/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java
@@ -181,6 +196,19 @@ private PrincipalSecretsResult bootstrapServiceAndCreatePolarisPrincipalForRealm
throw new IllegalArgumentException(overrideMessage);
}

// TODO rebase onto #422, call a method like PrincipalSecretsGenerator.hasEnvironmentVariables
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

idea: maybe pass a flag down to PrincipalSecretsGenerator to not use random secrets if printCredentials is false? Then the PrincipalSecretsGenerator can simply throw if the specific realm/user combination is missing env. vars. WDYT?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like that idea. If there is a good pathway from the bootstrap command down to the PrincipalSecretsGenerator then I think that works as well. It should hopefully be more clear when #422 merges.

dimas-b
dimas-b reviewed Nov 21, 2024
View reviewed changes
...e/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java
+ "to recover the root credentials",
PolarisConfiguration.BOOTSTRAP_PRINT_CREDENTIALS.key);
LOGGER.error("\n\n {} \n\n", failureMessage);
throw new IllegalArgumentException(failureMessage);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dimas-b dimas-b dimas-b left review comments

@jbonofre jbonofre Awaiting requested review from jbonofre jbonofre will be requested when the pull request is marked ready for review jbonofre is a code owner

@ashvina ashvina Awaiting requested review from ashvina ashvina will be requested when the pull request is marked ready for review ashvina is a code owner

@RussellSpitzer RussellSpitzer Awaiting requested review from RussellSpitzer RussellSpitzer will be requested when the pull request is marked ready for review RussellSpitzer is a code owner

@snazy snazy Awaiting requested review from snazy snazy will be requested when the pull request is marked ready for review snazy is a code owner

@vvcephei vvcephei Awaiting requested review from vvcephei vvcephei will be requested when the pull request is marked ready for review vvcephei is a code owner

@takidau takidau Awaiting requested review from takidau takidau will be requested when the pull request is marked ready for review takidau is a code owner

@jackye1995 jackye1995 Awaiting requested review from jackye1995 jackye1995 will be requested when the pull request is marked ready for review jackye1995 is a code owner

@flyrain flyrain Awaiting requested review from flyrain flyrain will be requested when the pull request is marked ready for review flyrain is a code owner

@collado-mike collado-mike Awaiting requested review from collado-mike collado-mike will be requested when the pull request is marked ready for review collado-mike is a code owner

@ebyhr ebyhr Awaiting requested review from ebyhr ebyhr will be requested when the pull request is marked ready for review ebyhr is a code owner

@adutra adutra Awaiting requested review from adutra adutra will be requested when the pull request is marked ready for review adutra is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Potential eclipselink schema upgrade issue
2 participants
@eric-maynard @dimas-b