From 1b0ee0ca15b93bbf4f2db7a5be832bfb2d0bbb7a Mon Sep 17 00:00:00 2001 From: sclee01 Date: Tue, 17 Jun 2025 15:13:47 +0900 Subject: [PATCH] fix: unify bootstrap credentials and standardize POLARIS setup - unified formatting across docker, gradle - reverted secret to s3cr3t - updated docker-compose, README, conftest.py fix: unify bootstrap credentials across docker-compose, Gradle, and docs use POLARIS for consistency across docker, gradle and others. Applied changes to ../docker-compose-bootstrap-db.yml and other locations. Applied change 'default-realm' to 'POLARIS' Applied change 'default-realm' to 'POLARIS' in conftest.py Applied changes to 'polaris_root_credential' Applied changes to README files changing secret back to s3cr3t Fix missing part from previous commit: reverted secret to s3cr3t fixed missing part --- README.md | 4 ++-- client/python/docker-compose.yml | 4 ++-- client/python/integration_tests/conftest.py | 2 +- getting-started/spark/docker-compose.yml | 4 ++-- getting-started/spark/notebooks/SparkPolaris.ipynb | 8 ++++---- plugins/spark/v3.5/getting-started/docker-compose.yml | 4 ++-- .../v3.5/getting-started/notebooks/SparkPolaris.ipynb | 2 +- plugins/spark/v3.5/regtests/docker-compose.yml | 2 +- plugins/spark/v3.5/regtests/run.sh | 2 +- regtests/docker-compose.yml | 2 +- regtests/run.sh | 2 +- regtests/run_spark_sql.sh | 2 +- runtime/server/build.gradle.kts | 2 +- 13 files changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index a0c9350ee7..81fa99518a 100644 --- a/README.md +++ b/README.md @@ -67,11 +67,11 @@ Apache Polaris is built using Gradle with Java 21+ and Docker 27+. - `./gradlew build` - To build and run tests. Make sure Docker is running, as the integration tests depend on it. - `./gradlew assemble` - To skip tests. - `./gradlew check` - To run all checks, including unit tests and integration tests. -- `./gradlew run` - To run the Polaris server locally; the server is reachable at localhost:8181. This is also suitable for running regression tests, or for connecting with Spark. Set your own credentials by specifying system property `./gradlew run -Dpolaris.bootstrap.credentials=POLARIS,root,secret` where: +- `./gradlew run` - To run the Polaris server locally; the server is reachable at localhost:8181. This is also suitable for running regression tests, or for connecting with Spark. Set your own credentials by specifying system property `./gradlew run -Dpolaris.bootstrap.credentials=POLARIS,root,s3cr3t` where: - `POLARIS` is the realm - `root` is the CLIENT_ID - `secret` is the CLIENT_SECRET - - If credentials are not set, it will use preset credentials `POLARIS,root,secret` + - If credentials are not set, it will use preset credentials `POLARIS,root,s3cr3t` - `./regtests/run_spark_sql.sh` - To connect from Spark SQL. Here are some example commands to run in the Spark SQL shell: ```sql create database db1; diff --git a/client/python/docker-compose.yml b/client/python/docker-compose.yml index 58c191efb6..4e1035dd8f 100644 --- a/client/python/docker-compose.yml +++ b/client/python/docker-compose.yml @@ -27,8 +27,8 @@ services: AWS_REGION: us-west-2 AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY - POLARIS_BOOTSTRAP_CREDENTIALS: default-realm,root,s3cr3t - polaris.realm-context.realms: default-realm + POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,s3cr3t + polaris.realm-context.realms: POLARIS quarkus.log.file.enable: "false" quarkus.otel.sdk.disabled: "true" polaris.features."DROP_WITH_PURGE_ENABLED": "true" diff --git a/client/python/integration_tests/conftest.py b/client/python/integration_tests/conftest.py index d90fa7a212..5ad5165a00 100644 --- a/client/python/integration_tests/conftest.py +++ b/client/python/integration_tests/conftest.py @@ -133,7 +133,7 @@ def root_token( client_id=client_id, client_secret=client_secret, grant_type="client_credentials", - _headers={"realm": "default-realm"}, + _headers={"realm": "POLARIS"}, ) return token diff --git a/getting-started/spark/docker-compose.yml b/getting-started/spark/docker-compose.yml index 0c0476fb8c..293c67d30d 100644 --- a/getting-started/spark/docker-compose.yml +++ b/getting-started/spark/docker-compose.yml @@ -27,8 +27,8 @@ services: AWS_REGION: us-west-2 AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY - POLARIS_BOOTSTRAP_CREDENTIALS: default-realm,root,s3cr3t - polaris.realm-context.realms: default-realm + POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,s3cr3t + polaris.realm-context.realms: POLARIS quarkus.otel.sdk.disabled: "true" polaris.features."ALLOW_INSECURE_STORAGE_TYPES": "true" polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES": "[\"FILE\",\"S3\",\"GCS\",\"AZURE\"]" diff --git a/getting-started/spark/notebooks/SparkPolaris.ipynb b/getting-started/spark/notebooks/SparkPolaris.ipynb index 08f28e9f24..c015235406 100644 --- a/getting-started/spark/notebooks/SparkPolaris.ipynb +++ b/getting-started/spark/notebooks/SparkPolaris.ipynb @@ -33,7 +33,7 @@ " client_id=client_id,\n", " client_secret=client_secret,\n", " grant_type='client_credentials',\n", - " _headers={'realm': 'default-realm'})\n" + " _headers={'realm': 'POLARIS'})\n" ] }, { @@ -420,7 +420,7 @@ " client_id=engineer_principal.credentials.client_id,\n", " client_secret=engineer_principal.credentials.client_secret.get_secret_value(),\n", " grant_type='client_credentials',\n", - " _headers={'realm': 'default-realm'})\n", + " _headers={'realm': 'POLARIS'})\n", "\n", "# Now create a catalog client that uses the token in its Authentication header\n", "client = CatalogApiClient(CatalogApiClientConfiguration(access_token=collado_token.access_token,\n", @@ -573,7 +573,7 @@ " client_id=reader_principal.credentials.client_id,\n", " client_secret=reader_principal.credentials.client_secret.get_secret_value(),\n", " grant_type='client_credentials',\n", - " _headers={'realm': 'default-realm'})\n", + " _headers={'realm': 'POLARIS'})\n", "\n", "# Now create a catalog client that uses the token in its Authentication header\n", "pm_client = IcebergCatalogAPI(CatalogApiClient(CatalogApiClientConfiguration(access_token=pm_token.access_token,\n", @@ -767,7 +767,7 @@ " client_id=engineer_principal.credentials.client_id,\n", " client_secret=engineer_principal.credentials.client_secret.get_secret_value(),\n", " grant_type='client_credentials',\n", - " _headers={'realm': 'default-realm'})\n", + " _headers={'realm': 'POLARIS'})\n", "\n", "# The returned token is scoped to _only_ the privileges granted to the ops_engineer role\n", "# The ops_client fails to do any real damage even though the engineer normally has DROP_TABLE privileges\n", diff --git a/plugins/spark/v3.5/getting-started/docker-compose.yml b/plugins/spark/v3.5/getting-started/docker-compose.yml index d531e7605e..e010d4a92c 100644 --- a/plugins/spark/v3.5/getting-started/docker-compose.yml +++ b/plugins/spark/v3.5/getting-started/docker-compose.yml @@ -27,8 +27,8 @@ services: AWS_REGION: us-west-2 AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY - POLARIS_BOOTSTRAP_CREDENTIALS: default-realm,root,s3cr3t - polaris.realm-context.realms: default-realm + POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,s3cr3t + polaris.realm-context.realms: POLARIS quarkus.otel.sdk.disabled: "true" polaris.features."ALLOW_INSECURE_STORAGE_TYPES": "true" polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES": "[\"FILE\",\"S3\",\"GCS\",\"AZURE\"]" diff --git a/plugins/spark/v3.5/getting-started/notebooks/SparkPolaris.ipynb b/plugins/spark/v3.5/getting-started/notebooks/SparkPolaris.ipynb index f4459b0714..15283dc3f7 100644 --- a/plugins/spark/v3.5/getting-started/notebooks/SparkPolaris.ipynb +++ b/plugins/spark/v3.5/getting-started/notebooks/SparkPolaris.ipynb @@ -33,7 +33,7 @@ " client_id=client_id,\n", " client_secret=client_secret,\n", " grant_type='client_credentials',\n", - " _headers={'realm': 'default-realm'})\n" + " _headers={'realm': 'POLARIS'})\n" ] }, { diff --git a/plugins/spark/v3.5/regtests/docker-compose.yml b/plugins/spark/v3.5/regtests/docker-compose.yml index aa0c259feb..37fe2afe85 100755 --- a/plugins/spark/v3.5/regtests/docker-compose.yml +++ b/plugins/spark/v3.5/regtests/docker-compose.yml @@ -25,7 +25,7 @@ services: - "8182" environment: AWS_REGION: us-west-2 - POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,secret + POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,s3cr3t quarkus.log.file.enable: "false" quarkus.otel.sdk.disabled: "true" polaris.features."ALLOW_INSECURE_STORAGE_TYPES": "true" diff --git a/plugins/spark/v3.5/regtests/run.sh b/plugins/spark/v3.5/regtests/run.sh index acf5d1a906..6c19cdcc8f 100755 --- a/plugins/spark/v3.5/regtests/run.sh +++ b/plugins/spark/v3.5/regtests/run.sh @@ -41,7 +41,7 @@ if [[ -z "$REGTEST_ROOT_BEARER_TOKEN" ]]; then if ! output=$(curl -X POST -H "Polaris-Realm: POLARIS" "http://${POLARIS_HOST:-localhost}:8181/api/catalog/v1/oauth/tokens" \ -d "grant_type=client_credentials" \ -d "client_id=root" \ - -d "client_secret=secret" \ + -d "client_secret=s3cr3t" \ -d "scope=PRINCIPAL_ROLE:ALL"); then logred "Error: Failed to retrieve bearer token" exit 1 diff --git a/regtests/docker-compose.yml b/regtests/docker-compose.yml index 33d72aacbf..6da159ce43 100644 --- a/regtests/docker-compose.yml +++ b/regtests/docker-compose.yml @@ -31,7 +31,7 @@ services: AZURE_TENANT_ID: $AZURE_TENANT_ID AZURE_CLIENT_ID: $AZURE_CLIENT_ID AZURE_CLIENT_SECRET: $AZURE_CLIENT_SECRET - POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,secret + POLARIS_BOOTSTRAP_CREDENTIALS: POLARIS,root,s3cr3t quarkus.log.file.enable: "false" quarkus.otel.sdk.disabled: "true" polaris.features."DROP_WITH_PURGE_ENABLED": "true" diff --git a/regtests/run.sh b/regtests/run.sh index a267aed308..5c65cd1f1d 100755 --- a/regtests/run.sh +++ b/regtests/run.sh @@ -74,7 +74,7 @@ if [[ -z "$REGTEST_ROOT_BEARER_TOKEN" ]]; then if ! output=$(curl -X POST -H "Polaris-Realm: POLARIS" "http://${POLARIS_HOST:-localhost}:8181/api/catalog/v1/oauth/tokens" \ -d "grant_type=client_credentials" \ -d "client_id=root" \ - -d "client_secret=secret" \ + -d "client_secret=s3cr3t" \ -d "scope=PRINCIPAL_ROLE:ALL"); then logred "Error: Failed to retrieve bearer token" exit 1 diff --git a/regtests/run_spark_sql.sh b/regtests/run_spark_sql.sh index 5aded43f0d..8558c94936 100755 --- a/regtests/run_spark_sql.sh +++ b/regtests/run_spark_sql.sh @@ -59,7 +59,7 @@ fi if ! output=$(curl -X POST -H "Polaris-Realm: POLARIS" "http://${POLARIS_HOST:-localhost}:8181/api/catalog/v1/oauth/tokens" \ -d "grant_type=client_credentials" \ -d "client_id=root" \ - -d "client_secret=secret" \ + -d "client_secret=s3cr3t" \ -d "scope=PRINCIPAL_ROLE:ALL"); then echo "Error: Failed to retrieve bearer token" exit 1 diff --git a/runtime/server/build.gradle.kts b/runtime/server/build.gradle.kts index d64f5c9976..aa91b85a0a 100644 --- a/runtime/server/build.gradle.kts +++ b/runtime/server/build.gradle.kts @@ -77,7 +77,7 @@ tasks.register("run") { dependsOn("quarkusRun") } tasks.named("quarkusRun") { jvmArgs = listOf( - "-Dpolaris.bootstrap.credentials=POLARIS,root,secret", + "-Dpolaris.bootstrap.credentials=POLARIS,root,s3cr3t", "-Dquarkus.console.color=true", "-Dpolaris.features.\"ALLOW_INSECURE_STORAGE_TYPES\"=true", "-Dpolaris.features.\"SUPPORTED_CATALOG_STORAGE_TYPES\"=[\"FILE\",\"S3\",\"GCS\",\"AZURE\"]",