This is an automated email from the ASF dual-hosted git repository.
collado pushed a change to branch mcollado-authn-resolve-roles
in repository https://gitbox.apache.org/repos/asf/polaris.git
omit 81445d1f Refactored active role lookup into new interface
omit 263140d6 Change authentication workflow to lookup principal roles
using security context
add 6bda0782 EclipseLink: allow reading persistence.xml from the
filesystem (#613)
add 4747bbe1 EclipseLink: create test jar on the fly (#614)
add ebfc008a Add log lines to help debug NPE in resolveLocationForPath
(#585)
add 4422de01 Clarify setting credentials for root principals when
bootstrapping (#611)
add 84b61db6 Remove map of parameters from `CallContextResolver` and
`RealmContextResolver` (#617)
add 62c23c36 EclipseLink: make test resilient to non-file classpath URLs
(#619)
add c5bacbde fix: fix JsonMappingException when defaultRealm property is
added in polaris-server.yml (#615)
add bcc97eca Make JWT brokers injectable (#570)
add f898b2c9 Add securityContext to initContainers (#602)
add 76a03986 Feature configuration to modify storage credential lifetime
(#408)
add deb1c879 Add Dmitri + Dennis as new committers (#622)
add 0e8731c3 Fix token refresh test case in
PolarisApplicationIntegrationTest (#629)
add 55645155 Fix testRefreshToken() (#632)
add 551ce873 Use HTTP status code 413 for exceedingly large payloads (#631)
add 769375a0 Add 2025-01-09 community meeting record (#636)
add 1053c921 Move renovate.json to renovate.json5 (to support schema,
comments, etc) (#635)
add b3ca89b0 main: Update dependency com.azure:azure-sdk-bom to v1.2.30
(#640)
add 529b1191 main: Update dependency
com.github.spotbugs:spotbugs-annotations to v4.8.6 (#641)
add 5821a9a4 main: Update gradle/actions digest to 0bdd871 (#639)
add c1706b3d main: Update actions/stale digest to f04443d (#638)
add 56cda89a main: Update dependency
com.gradleup.shadow:shadow-gradle-plugin to v8.3.5 (#643)
add 32ed2649 main: Update dependency
gradle.plugin.org.jetbrains.gradle.plugin.idea-ext:gradle-idea-ext to v1.1.9
(#645)
add 7d3fc432 main: Update dependency io.netty:netty-codec-http2 to
v4.1.116.Final (#646)
add b12a706e main: Update dependency commons-codec:commons-codec to
v1.17.2 (#644)
add a7cdbd71 Simplify the environment variables needed for credential
bootstrapping (#633)
add f708c4ac main: Update dependency org.testcontainers:testcontainers-bom
to v1.20.4 (#653)
add 9636fb8d main: Update docker.io/apache/spark Docker tag to v3.5.4
(#655)
add 0c45cd1b main: Update dependency org.apache.spark:spark-sql_2.12 to
v3.5.4 (#652)
add c8441678 main: Update dependency boto3 to v1.35.96 (#656)
add afff059f main: Update dependency org.xerial.snappy:snappy-java to
v1.1.10.7 (#654)
add 5e695d42 Fix deprecation warning for `ShadowExtension` (#651)
add c4c7a8fe main: Update dependency
io.prometheus:prometheus-metrics-exporter-servlet-jakarta to v1.3.5 (#647)
add 7773fc2c main: Update dependency com.github.jk1:gradle-license-report
to v2.9 (#660)
add 2818d314 main: Update dependency
com.google.cloud:google-cloud-storage-bom to v2.47.0 (#661)
add ee734c1e main: Update dependency com.fasterxml.jackson:jackson-bom to
v2.18.2 (#659)
add aec90443 main: Update dependency com.nimbusds:nimbus-jose-jwt to v9.48
(#664)
add bb98499c main: Update dependency io.opentelemetry:opentelemetry-bom to
v1.45.0 (#666)
add af35f864 main: Update dependency
com.adobe.testing:s3mock-testcontainers to v3.12.0 (#658)
add 130d5f72 main: Update dependency com.google.guava:guava to v33.4.0-jre
(#663)
add 0268b820 main: Update dependency io.micrometer:micrometer-bom to
v1.14.2 (#665)
add a8d88fe0 Make testCreateCatalogWithUnparsableJson() more generic (#667)
add 8b8ee39f main: Update dependency mypy to v1.14.1 (#671)
add e207221c main: Update dependency
jakarta.persistence:jakarta.persistence-api to v3.2.0 (#669)
add c062d3c8 main: Update dependency
io.projectreactor.netty:reactor-netty-http to v1.2.1 (#668)
add 6049a719 main: Update dependency
jakarta.validation:jakarta.validation-api to v3.1.0 (#670)
add 35c977cf main: Update dependency
net.ltgt.gradle:gradle-errorprone-plugin to v4.1.0 (#672)
add 2fe0c8d9 main: Update dependency org.junit:junit-bom to v5.11.4 (#677)
add 3d7b3957 main: Update dependency org.bouncycastle:bcprov-jdk18on to
v1.79 (#676)
add 78384b13 main: Update dependency org.assertj:assertj-core to v3.27.2
(#675)
add bbf95dec main: Update dependency
org.apache.commons:commons-configuration2 to v2.11.0 (#674)
add 2afb3a50 main: Update dependency org.apache.commons:commons-compress
to v1.27.1 (#673)
add 76d19574 main: Update dependency
com.google.errorprone:error_prone_core to v2.36.0 (#662)
add ae5f134d git- and rat-ignore - add `build-logic/.kotlin/` (#678)
add b1fc6909 main: Update dependency org.mockito:mockito-core to v5.15.2
(#679)
add ac0b1c54 main: Update dependency ubuntu to v24 (#681)
add 24f80bfd main: Update registry.access.redhat.com/ubi9/openjdk-21
Docker tag to v1.21-3.1733995526 (#682)
add 9e5d32e4 main: Update actions/setup-python action to v5 (#685)
add 212b05a6 main: Update
registry.access.redhat.com/ubi9/openjdk-21-runtime Docker tag to
v1.21-1.1733995527 (#683)
add d9ecb5cb main: Update actions/checkout action to v4 (#684)
add 95cda35a main: Update dependency software.amazon.awssdk:bom to
v2.29.49 (#687)
add ade93dd2 main: Update plugin openapi-generator to v7.10.0 (#689)
add 0bf2126f main: Update dependency pytest to ~=7.4.4 (#688)
add 5a202bc3 main: Update python Docker tag to v3.13 (#690)
add 4ea9d0fd main: Update dependency com.nimbusds:nimbus-jose-jwt to v10
(#691)
add 64cb24c2 main: Update dependency jakarta.ws.rs:jakarta.ws.rs-api to v4
(#693)
add 29fa9cf7 main: Update dependency org.jetbrains:annotations to v26
(#694)
add ba9eff51 main: Update dependency io.airlift:aircompressor to v2 (#692)
add 81de1a24 main: Update dependency pytest to v8 (#695)
add 9db2892e Fix regression test run.sh script (#698)
add 7d53b73c Bump spotless to v7 (#697)
new 5e24f64d Change authentication workflow to lookup principal roles
using security context
new 172e36cd Refactored active role lookup into new interface
new bbdcc492 Addressed PR comments
new 92797e48 Removed injected security context
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (81445d1f)
\
N -- N -- N refs/heads/mcollado-authn-resolve-roles (92797e48)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/CODEOWNERS | 2 +-
renovate.json => .github/renovate.json5 | 0
.github/workflows/gradle.yml | 2 +-
.github/workflows/stale.yml | 4 +-
.gitignore | 1 +
Dockerfile | 4 +-
LICENSE-BINARY-DIST | 3 +-
api/iceberg-service/build.gradle.kts | 2 +-
.../src/main/kotlin/polaris-java.gradle.kts | 24 ++-
.../main/kotlin/polaris-license-report.gradle.kts | 6 +-
.../src/main/kotlin/publishing/MemoizedGitInfo.kt | 2 +-
.../kotlin/publishing/PublishingHelperPlugin.kt | 4 +-
.../src/main/kotlin/publishing/configurePom.kt | 2 +-
.../src/main/kotlin/publishing/rootProject.kt | 2 +-
.../src/main/kotlin/publishing/shadowPub.kt | 8 +-
build-logic/src/main/kotlin/publishing/util.kt | 9 +-
build.gradle.kts | 9 +-
dropwizard/service/build.gradle.kts | 2 +-
.../service/dropwizard/PolarisApplication.java | 63 +-----
.../auth/PolarisPrincipalAuthenticator.java | 78 +++++++
...olarisPrincipalRoleSecurityContextProvider.java | 4 +-
.../config/PolarisApplicationConfig.java | 58 +-----
.../dropwizard/config/TokenBrokerConfig.java | 75 +++++++
.../StreamReadConstraintsExceptionMapper.java | 2 +-
.../main/resources/META-INF/hk2-locator/default | 5 +
.../PolarisApplicationIntegrationTest.java | 57 +++---
.../admin/PolarisServiceImplIntegrationTest.java | 6 +-
.../test/PolarisConnectionExtension.java | 3 +-
extension/persistence/eclipselink/build.gradle.kts | 11 +-
.../PolarisEclipseLinkMetaStoreSessionImpl.java | 119 ++---------
.../PolarisEclipseLinkPersistenceUnit.java | 224 +++++++++++++++++++++
.../PolarisEclipseLinkMetaStoreManagerTest.java | 84 ++++++--
gradle/baselibs.versions.toml | 10 +-
gradle/libs.versions.toml | 45 ++---
helm/polaris/templates/deployment.yaml | 4 +
helm/polaris/templates/job.yaml | 4 +
helm/polaris/tests/deployment_test.yaml | 24 +++
helm/polaris/tests/job_test.yaml | 26 +++
polaris-core/build.gradle.kts | 14 +-
.../apache/polaris/core/PolarisConfiguration.java | 43 ++++
.../persistence/PolarisCredentialsBootstrap.java | 110 ++++++++++
.../persistence/PrincipalSecretsGenerator.java | 42 ++--
.../storage/PolarisStorageIntegrationProvider.java | 4 +-
.../aws/AwsCredentialsStorageIntegration.java | 11 +
.../azure/AzureCredentialsStorageIntegration.java | 13 +-
.../core/storage/cache/StorageCredentialCache.java | 24 ++-
.../PolarisCredentialsBootstrapTest.java | 106 ++++++++++
.../persistence/PrincipalSecretsGeneratorTest.java | 11 +-
polaris-server.yml | 2 +
regtests/Dockerfile | 2 +-
.../client/python/.github/workflows/python.yml | 4 +-
regtests/client/python/.gitlab-ci.yml | 10 +-
regtests/client/python/poetry.lock | 93 +++++----
regtests/client/python/pyproject.toml | 4 +-
regtests/client/python/test-requirements.txt | 2 +-
regtests/run.sh | 4 +-
.../polaris/service/admin/PolarisServiceImpl.java | 8 +-
.../service/auth/DefaultActiveRolesProvider.java | 4 +-
.../polaris/service/auth/JWTRSAKeyPairFactory.java | 13 +-
.../service/auth/JWTSymmetricKeyFactory.java | 51 +++--
...airFactory.java => NoneTokenBrokerFactory.java} | 45 +++--
...dedToken.java => TokenBrokerFactoryConfig.java} | 17 +-
.../service/catalog/BasePolarisCatalog.java | 63 ++++--
.../service/context/CallContextResolver.java | 6 +-
.../context/DefaultCallContextResolver.java | 7 +-
.../context/DefaultRealmContextResolver.java | 12 +-
.../service/context/RealmContextResolver.java | 6 +-
.../PolarisStorageIntegrationProviderImpl.java | 4 +-
site/content/community/_index.adoc | 16 +-
site/content/community/meetings/_index.adoc | 13 +-
.../configuring-polaris-for-production.md | 45 ++++-
71 files changed, 1230 insertions(+), 567 deletions(-)
rename renovate.json => .github/renovate.json5 (100%)
create mode 100644
dropwizard/service/src/main/java/org/apache/polaris/service/dropwizard/auth/PolarisPrincipalAuthenticator.java
create mode 100644
dropwizard/service/src/main/java/org/apache/polaris/service/dropwizard/config/TokenBrokerConfig.java
create mode 100644
extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkPersistenceUnit.java
create mode 100644
polaris-core/src/main/java/org/apache/polaris/core/persistence/PolarisCredentialsBootstrap.java
create mode 100644
polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisCredentialsBootstrapTest.java
copy
service/common/src/main/java/org/apache/polaris/service/auth/{JWTRSAKeyPairFactory.java
=> NoneTokenBrokerFactory.java} (52%)
copy
service/common/src/main/java/org/apache/polaris/service/auth/{DecodedToken.java
=> TokenBrokerFactoryConfig.java} (75%)
