This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris-tools.git
The following commit(s) were added to refs/heads/main by this push:
new 735f4cb Make Principal Scope configurable in Console (#134)
735f4cb is described below
commit 735f4cba71c6ca453bbf49bf2aecfd1acdf878e3
Author: Vignesh Nayak Manel <[email protected]>
AuthorDate: Wed Jan 21 23:03:06 2026 +0530
Make Principal Scope configurable in Console (#134)
---
console/.env | 1 +
console/.env.example | 3 +++
console/README.md | 2 ++
console/docker/Dockerfile | 1 +
console/docker/generate-config.sh | 1 +
console/helm/templates/deployment.yaml | 2 ++
console/src/api/auth.ts | 3 ++-
console/src/hooks/useAuth.tsx | 6 +++---
console/src/lib/config.ts | 2 ++
console/src/pages/Login.tsx | 14 +++++++++++++-
10 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/console/.env b/console/.env
index 2edd768..50d670e 100644
--- a/console/.env
+++ b/console/.env
@@ -1,3 +1,4 @@
VITE_POLARIS_API_URL=http://localhost:8181
VITE_POLARIS_REALM=POLARIS # optional
+VITE_POLARIS_PRINCIPAL_SCOPE=PRINCIPAL_ROLE:ALL # optional
VITE_OAUTH_TOKEN_URL=http://localhost:8181/api/catalog/v1/oauth/tokens
diff --git a/console/.env.example b/console/.env.example
index a7d9e8a..36e02d7 100644
--- a/console/.env.example
+++ b/console/.env.example
@@ -6,6 +6,9 @@ VITE_POLARIS_API_URL=http://polaris-polaris-1:8181
# The realm identifier for Polaris
VITE_POLARIS_REALM=POLARIS
+# Polaris Principal Scope
+VITE_POLARIS_PRINCIPAL_SCOPE=PRINCIPAL_ROLE:ALL
+
# Docker Configuration
# Port on which the UI will be accessible (default: 3000)
PORT=3000
diff --git a/console/README.md b/console/README.md
index ee7c35a..8467fef 100644
--- a/console/README.md
+++ b/console/README.md
@@ -46,6 +46,7 @@ Create a `.env` file based on `.env.example`:
```env
VITE_POLARIS_API_URL=http://localhost:8181
VITE_POLARIS_REALM=POLARIS
+VITE_POLARIS_PRINCIPAL_SCOPE=PRINCIPAL_ROLE:ALL
VITE_POLARIS_REALM_HEADER_NAME=Polaris-Realm # optional, defaults to
"Polaris-Realm"
VITE_OAUTH_TOKEN_URL=http://localhost:8181/api/v1/oauth/tokens # optional
```
@@ -127,6 +128,7 @@ Then, you run Polaris Console using:
docker run -p 8080:80 \
-e VITE_POLARIS_API_URL=http://polaris:8181 \
-e VITE_POLARIS_REALM=POLARIS \
+ -e VITE_POLARIS_PRINCIPAL_SCOPE=PRINCIPAL_ROLE:ALL
apache/polaris-console:latest
```
diff --git a/console/docker/Dockerfile b/console/docker/Dockerfile
index 179e41c..4cf896a 100644
--- a/console/docker/Dockerfile
+++ b/console/docker/Dockerfile
@@ -21,6 +21,7 @@ FROM
registry.access.redhat.com/ubi9/nodejs-22-minimal:9.7-1767673763 AS builder
# Default environment variables (can be overridden at runtime)
ENV VITE_POLARIS_API_URL=http://polaris:8181
ENV VITE_POLARIS_REALM=POLARIS
+ENV VITE_POLARIS_PRINCIPAL_SCOPE=PRINCIPAL_ROLE:ALL
ENV VITE_OAUTH_TOKEN_URL=http://polaris:8181/api/catalog/v1/oauth/tokens
ENV VITE_POLARIS_REALM_HEADER_NAME=Polaris-Realm
diff --git a/console/docker/generate-config.sh
b/console/docker/generate-config.sh
index 2387e1a..f08663f 100644
--- a/console/docker/generate-config.sh
+++ b/console/docker/generate-config.sh
@@ -27,6 +27,7 @@ cat > /opt/app-root/src/config.js << EOF
window.APP_CONFIG = {
VITE_POLARIS_API_URL: '${VITE_POLARIS_API_URL}',
VITE_POLARIS_REALM: '${VITE_POLARIS_REALM}',
+ VITE_POLARIS_PRINCIPAL_SCOPE: '${VITE_POLARIS_PRINCIPAL_SCOPE}',
VITE_OAUTH_TOKEN_URL: '${VITE_OAUTH_TOKEN_URL}',
VITE_POLARIS_REALM_HEADER_NAME: '${VITE_POLARIS_REALM_HEADER_NAME}'
};
diff --git a/console/helm/templates/deployment.yaml
b/console/helm/templates/deployment.yaml
index 1f98613..3a8176d 100644
--- a/console/helm/templates/deployment.yaml
+++ b/console/helm/templates/deployment.yaml
@@ -48,6 +48,8 @@ spec:
value: {{ .Values.env.polarisApiUrl | quote }}
- name: VITE_POLARIS_REALM
value: {{ .Values.env.polarisRealm | quote }}
+ - name: VITE_POLARIS_PRINCIPAL_SCOPE
+ value: { { .Values.env.polarisPrincipalScope | quote } }
- name: VITE_OAUTH_TOKEN_URL
value: {{ .Values.env.oauthTokenUrl | quote }}
readinessProbe:
diff --git a/console/src/api/auth.ts b/console/src/api/auth.ts
index 8fdad7e..7344ab2 100644
--- a/console/src/api/auth.ts
+++ b/console/src/api/auth.ts
@@ -37,13 +37,14 @@ export const authApi = {
getToken: async (
clientId: string,
clientSecret: string,
+ scope: string,
realm?: string
): Promise<OAuthTokenResponse> => {
const formData = new URLSearchParams()
formData.append("grant_type", "client_credentials")
formData.append("client_id", clientId)
formData.append("client_secret", clientSecret)
- formData.append("scope", "PRINCIPAL_ROLE:ALL")
+ formData.append("scope", scope)
const headers: Record<string, string> = {
"Content-Type": "application/x-www-form-urlencoded",
diff --git a/console/src/hooks/useAuth.tsx b/console/src/hooks/useAuth.tsx
index 255da89..308177c 100644
--- a/console/src/hooks/useAuth.tsx
+++ b/console/src/hooks/useAuth.tsx
@@ -23,7 +23,7 @@ import { authApi } from "@/api/auth"
interface AuthContextType {
isAuthenticated: boolean
- login: (clientId: string, clientSecret: string, realm: string) =>
Promise<void>
+ login: (clientId: string, clientSecret: string, scope: string, realm:
string) => Promise<void>
logout: () => void
loading: boolean
}
@@ -34,13 +34,13 @@ export function AuthProvider({ children }: { children:
ReactNode }) {
const [isAuthenticated, setIsAuthenticated] = useState<boolean>(false)
const [loading] = useState<boolean>(false)
- const login = async (clientId: string, clientSecret: string, realm: string)
=> {
+ const login = async (clientId: string, clientSecret: string, scope: string,
realm: string) => {
try {
// Store realm in localStorage (non-sensitive configuration)
if (realm) {
localStorage.setItem("polaris_realm", realm)
}
- await authApi.getToken(clientId, clientSecret, realm)
+ await authApi.getToken(clientId, clientSecret, scope, realm)
setIsAuthenticated(true)
} catch (error) {
setIsAuthenticated(false)
diff --git a/console/src/lib/config.ts b/console/src/lib/config.ts
index ac418f4..fd22fd8 100644
--- a/console/src/lib/config.ts
+++ b/console/src/lib/config.ts
@@ -20,6 +20,7 @@
interface AppConfig {
VITE_POLARIS_API_URL?: string
VITE_POLARIS_REALM?: string
+ VITE_POLARIS_PRINCIPAL_SCOPE: string
VITE_OAUTH_TOKEN_URL?: string
VITE_POLARIS_REALM_HEADER_NAME?: string
}
@@ -53,6 +54,7 @@ function getConfig<T extends string | undefined>(
export const config = {
POLARIS_API_URL: getConfig('VITE_POLARIS_API_URL', ''),
POLARIS_REALM: getConfig('VITE_POLARIS_REALM', ''),
+ POLARIS_PRINCIPAL_SCOPE: getConfig('VITE_POLARIS_PRINCIPAL_SCOPE', ''),
OAUTH_TOKEN_URL: getConfig('VITE_OAUTH_TOKEN_URL', ''),
REALM_HEADER_NAME: getConfig('VITE_POLARIS_REALM_HEADER_NAME',
'Polaris-Realm'),
}
diff --git a/console/src/pages/Login.tsx b/console/src/pages/Login.tsx
index 6d0980e..97dec31 100644
--- a/console/src/pages/Login.tsx
+++ b/console/src/pages/Login.tsx
@@ -32,6 +32,7 @@ export function Login() {
const [clientSecret, setClientSecret] = useState("")
// Initialize realm with value from .env file if present
const [realm, setRealm] = useState(import.meta.env.VITE_POLARIS_REALM || "")
+ const [scope, setScope] =
useState(import.meta.env.VITE_POLARIS_PRINCIPAL_SCOPE || "")
const [error, setError] = useState("")
const [loading, setLoading] = useState(false)
const { login } = useAuth()
@@ -43,7 +44,7 @@ export function Login() {
setLoading(true)
try {
- await login(clientId, clientSecret, realm)
+ await login(clientId, clientSecret, scope, realm)
navigate("/")
} catch (err) {
setError(
@@ -100,6 +101,17 @@ export function Login() {
placeholder="Enter your realm"
/>
</div>
+ <div className="space-y-2">
+ <Label htmlFor="scope">Scope</Label>
+ <Input
+ id="scope"
+ type="text"
+ value={scope}
+ onChange={(e) => setScope(e.target.value)}
+ required
+ placeholder="Enter the scope"
+ />
+ </div>
{error && (
<div className="rounded-md bg-destructive/10 p-3 text-sm
text-destructive">
{error}
