This is an automated email from the ASF dual-hosted git repository.
yufei pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new 33bfaff2 Update Trino Getting-started example to use default
authenticator (#877)
33bfaff2 is described below
commit 33bfaff221e495abaeb2ab47edf1d65414af387c
Author: Honah J. <[email protected]>
AuthorDate: Mon Jan 27 12:19:18 2025 -0600
Update Trino Getting-started example to use default authenticator (#877)
---
getting-started/trino/README.md | 2 +-
getting-started/trino/create-polaris-catalog.sh | 18 +++++++++++++++++-
getting-started/trino/docker-compose.yml | 10 ++--------
.../trino/trino-config/catalog/iceberg.properties | 3 ++-
4 files changed, 22 insertions(+), 11 deletions(-)
diff --git a/getting-started/trino/README.md b/getting-started/trino/README.md
index 26804a77..957604b3 100644
--- a/getting-started/trino/README.md
+++ b/getting-started/trino/README.md
@@ -53,6 +53,6 @@ SELECT * FROM iceberg.tpch.test_polaris;
```
## Note
-The Polaris catalog setup script uses the credential
`principal:root;realm:default-realm`. This credential is used so users do not
need to fetch credentials from Apache Polaris' console output.
+The Polaris in this example is started with realm `default-realm` and root
credentials: `root:s3cr3t`.
An example catalog is created in Apache Polaris using the `curl` command. See
`create-polaris-catalog.sh` for details.
diff --git a/getting-started/trino/create-polaris-catalog.sh
b/getting-started/trino/create-polaris-catalog.sh
index 20b007a8..e08e1c5f 100644
--- a/getting-started/trino/create-polaris-catalog.sh
+++ b/getting-started/trino/create-polaris-catalog.sh
@@ -17,7 +17,23 @@
# under the License.
#
-PRINCIPAL_TOKEN="principal:root;realm:default-realm"
+if ! output=$(curl -X POST -H "Polaris-Realm: default-realm"
"http://polaris:8181/api/catalog/v1/oauth/tokens"; \
+ -d "grant_type=client_credentials" \
+ -d "client_id=root" \
+ -d "client_secret=s3cr3t" \
+ -d "scope=PRINCIPAL_ROLE:ALL"); then
+ logred "Error: Failed to retrieve bearer token"
+ exit 1
+fi
+
+token=$(echo "$output" | awk -F\" '{print $4}')
+
+if [ "$token" == "unauthorized_client" ]; then
+ logred "Error: Failed to retrieve bearer token"
+ exit 1
+fi
+
+PRINCIPAL_TOKEN=$token
# Use local filesystem by default
curl -i -X POST -H "Authorization: Bearer $PRINCIPAL_TOKEN" -H 'Accept:
application/json' -H 'Content-Type: application/json' \
diff --git a/getting-started/trino/docker-compose.yml
b/getting-started/trino/docker-compose.yml
index 5ea31fb4..fd438f00 100644
--- a/getting-started/trino/docker-compose.yml
+++ b/getting-started/trino/docker-compose.yml
@@ -31,14 +31,8 @@ services:
AZURE_TENANT_ID: $AZURE_TENANT_ID
AZURE_CLIENT_ID: $AZURE_CLIENT_ID
AZURE_CLIENT_SECRET: $AZURE_CLIENT_SECRET
- polaris.persistence.type: in-memory
- polaris.authentication.authenticator.type: test
- polaris.authentication.token-service.type: test
- polaris.authentication.token-broker.type: symmetric-key
- polaris.authentication.token-broker.symmetric-key.secret: polaris
- polaris.features.defaults."SUPPORTED_CATALOG_STORAGE_TYPES":
'["FILE","S3","GCS","AZURE"]'
- polaris.realm-context.realms: default-realm,realm1
- quarkus.log.file.enable: false
+ POLARIS_BOOTSTRAP_CREDENTIALS: default-realm,root,s3cr3t
+ polaris.realm-context.realms: default-realm
quarkus.otel.sdk.disabled: "true"
healthcheck:
diff --git a/getting-started/trino/trino-config/catalog/iceberg.properties
b/getting-started/trino/trino-config/catalog/iceberg.properties
index 94b8b489..1cd0a0e7 100644
--- a/getting-started/trino/trino-config/catalog/iceberg.properties
+++ b/getting-started/trino/trino-config/catalog/iceberg.properties
@@ -21,7 +21,8 @@ connector.name=iceberg
iceberg.catalog.type=rest
iceberg.rest-catalog.uri=http://polaris:8181/api/catalog
iceberg.rest-catalog.security=OAUTH2
-iceberg.rest-catalog.oauth2.token=principal:root;realm:default-realm
+iceberg.rest-catalog.oauth2.credential=root:s3cr3t
+iceberg.rest-catalog.oauth2.scope=PRINCIPAL_ROLE:ALL
iceberg.rest-catalog.warehouse=polaris
# Required to support local filesystem:
https://trino.io/docs/current/object-storage.html#configuration
fs.hadoop.enabled=true
