(polaris) branch main updated: Inject auth tokens into Spark sessions (#832)

Tue, 21 Jan 2025 06:54:49 -0800 

This is an automated email from the ASF dual-hosted git repository.

dimas pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git


The following commit(s) were added to refs/heads/main by this push:
     new 65c28d12 Inject auth tokens into Spark sessions (#832)
65c28d12 is described below

commit 65c28d1229774bb3b1e7c8934eb13ccc00f6aeb7
Author: Dmitri Bourlatchkov <[email protected]>
AuthorDate: Tue Jan 21 09:53:10 2025 -0500

    Inject auth tokens into Spark sessions (#832)
    
    Obtain access tokens from `PolarisAccessManager` (#789)
    before starting Spark sessions as opposed to passing
    client ID/secret to Spark and relying on the Iceberg
    REST Client to obtain access tokens.
    
    This makes all "blackbox" integration tests obtain access
    tokens the same way.
---
 .../org/apache/polaris/service/it/env/IcebergHelper.java | 10 +++-------
 .../it/test/PolarisApplicationIntegrationTest.java       | 16 +++++++---------
 .../it/test/PolarisRestCatalogIntegrationTest.java       |  6 +++++-
 .../it/test/PolarisRestCatalogViewIntegrationBase.java   |  3 ++-
 4 files changed, 17 insertions(+), 18 deletions(-)

diff --git 
a/integration-tests/src/main/java/org/apache/polaris/service/it/env/IcebergHelper.java
 
b/integration-tests/src/main/java/org/apache/polaris/service/it/env/IcebergHelper.java
index 020a12b2..f894489b 100644
--- 
a/integration-tests/src/main/java/org/apache/polaris/service/it/env/IcebergHelper.java
+++ 
b/integration-tests/src/main/java/org/apache/polaris/service/it/env/IcebergHelper.java
@@ -19,7 +19,6 @@
 package org.apache.polaris.service.it.env;
 
 import static 
org.apache.polaris.service.it.env.PolarisApiEndpoints.REALM_HEADER;
-import static 
org.apache.polaris.service.it.test.PolarisApplicationIntegrationTest.PRINCIPAL_ROLE_ALL;
 
 import com.google.common.collect.ImmutableMap;
 import java.util.Map;
@@ -33,10 +32,12 @@ public final class IcebergHelper {
   private IcebergHelper() {}
 
   public static RESTCatalog restCatalog(
+      PolarisClient client,
       PolarisApiEndpoints endpoints,
       PrincipalWithCredentials credentials,
       String catalog,
       Map<String, String> extraProperties) {
+    String authToken = client.obtainToken(credentials);
     SessionCatalog.SessionContext context = 
SessionCatalog.SessionContext.createEmpty();
     RESTCatalog restCatalog =
         new RESTCatalog(
@@ -50,12 +51,7 @@ public final class IcebergHelper {
         ImmutableMap.<String, String>builder()
             .put(
                 org.apache.iceberg.CatalogProperties.URI, 
endpoints.catalogApiEndpoint().toString())
-            .put(
-                OAuth2Properties.CREDENTIAL,
-                credentials.getCredentials().getClientId()
-                    + ":"
-                    + credentials.getCredentials().getClientSecret())
-            .put(OAuth2Properties.SCOPE, PRINCIPAL_ROLE_ALL)
+            .put(OAuth2Properties.TOKEN, authToken)
             .put(
                 org.apache.iceberg.CatalogProperties.FILE_IO_IMPL,
                 "org.apache.iceberg.inmemory.InMemoryFileIO")
diff --git 
a/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisApplicationIntegrationTest.java
 
b/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisApplicationIntegrationTest.java
index 26fbdc32..4275ba0c 100644
--- 
a/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisApplicationIntegrationTest.java
+++ 
b/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisApplicationIntegrationTest.java
@@ -106,6 +106,7 @@ public class PolarisApplicationIntegrationTest {
   private static PolarisClient client;
   private static ClientCredentials clientCredentials;
   private static ClientPrincipal admin;
+  private static String authToken;
 
   private String principalRoleName;
   private String internalCatalogName;
@@ -118,6 +119,7 @@ public class PolarisApplicationIntegrationTest {
     realm = endpoints.realm();
     admin = adminCredentials;
     clientCredentials = adminCredentials.credentials();
+    authToken = client.obtainToken(clientCredentials);
 
     testDir = Path.of("build/test_data/iceberg/" + realm);
     FileUtils.deleteQuietly(testDir.toFile());
@@ -158,7 +160,7 @@ public class PolarisApplicationIntegrationTest {
   }
 
   @AfterEach
-  public void cleanUp() throws Exception {
+  public void cleanUp() {
     client.cleanUp(clientCredentials);
   }
 
@@ -235,10 +237,8 @@ public class PolarisApplicationIntegrationTest {
         Map.of(
             "uri",
             endpoints.catalogApiEndpoint().toString(),
-            OAuth2Properties.CREDENTIAL,
-            clientCredentials.clientId() + ":" + 
clientCredentials.clientSecret(),
-            OAuth2Properties.SCOPE,
-            PRINCIPAL_ROLE_ALL,
+            OAuth2Properties.TOKEN,
+            authToken,
             "warehouse",
             catalog,
             "header." + REALM_HEADER,
@@ -579,10 +579,8 @@ public class PolarisApplicationIntegrationTest {
                       Map.of(
                           "uri",
                           endpoints.catalogApiEndpoint().toString(),
-                          OAuth2Properties.CREDENTIAL,
-                          clientCredentials.clientId() + ":" + 
clientCredentials.clientSecret(),
-                          OAuth2Properties.SCOPE,
-                          PRINCIPAL_ROLE_ALL,
+                          OAuth2Properties.TOKEN,
+                          authToken,
                           "warehouse",
                           emptyEnvironmentVariable,
                           "header." + REALM_HEADER,
diff --git 
a/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisRestCatalogIntegrationTest.java
 
b/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisRestCatalogIntegrationTest.java
index 64f3426c..87b63acc 100644
--- 
a/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisRestCatalogIntegrationTest.java
+++ 
b/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisRestCatalogIntegrationTest.java
@@ -222,7 +222,11 @@ public class PolarisRestCatalogIntegrationTest extends 
CatalogTests<RESTCatalog>
 
     restCatalog =
         IcebergHelper.restCatalog(
-            endpoints, principalCredentials, currentCatalogName, 
extraPropertiesBuilder.build());
+            client,
+            endpoints,
+            principalCredentials,
+            currentCatalogName,
+            extraPropertiesBuilder.build());
   }
 
   @AfterEach
diff --git 
a/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisRestCatalogViewIntegrationBase.java
 
b/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisRestCatalogViewIntegrationBase.java
index 4f78413e..34074bba 100644
--- 
a/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisRestCatalogViewIntegrationBase.java
+++ 
b/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisRestCatalogViewIntegrationBase.java
@@ -108,7 +108,8 @@ public abstract class PolarisRestCatalogViewIntegrationBase 
extends ViewCatalogT
             .build();
     managementApi.createCatalog(principalRoleName, catalog);
 
-    restCatalog = IcebergHelper.restCatalog(endpoints, principalCredentials, 
catalogName, Map.of());
+    restCatalog =
+        IcebergHelper.restCatalog(client, endpoints, principalCredentials, 
catalogName, Map.of());
   }
 
   @AfterEach

Reply via email to