Re: [PR] Add a flag to control whether credentials are printed during bootstrapping [polaris]

Wed, 27 Nov 2024 05:51:40 -0800 


eric-maynard commented on code in PR #461:
URL: https://github.com/apache/polaris/pull/461#discussion_r1860386984


##########
polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java:
##########
@@ -95,10 +97,26 @@ public synchronized Map<String, PrincipalSecretsResult> 
bootstrapRealms(List<Str
         RealmContext realmContext = () -> realm;
         if 
(!metaStoreManagerMap.containsKey(realmContext.getRealmIdentifier())) {
           initializeForRealm(realmContext);
+          // While bootstrapping we need to act as a fake privileged context 
since the real
+          // CallContext hasn't even been resolved yet.
+          PolarisCallContext polarisContext =
+              new PolarisCallContext(
+                  
sessionSupplierMap.get(realmContext.getRealmIdentifier()).get(), diagServices);
           PrincipalSecretsResult secretsResult =
               bootstrapServiceAndCreatePolarisPrincipalForRealm(
-                  realmContext, 
metaStoreManagerMap.get(realmContext.getRealmIdentifier()));
+                  realmContext,
+                  metaStoreManagerMap.get(realmContext.getRealmIdentifier()),
+                  polarisContext);
           results.put(realmContext.getRealmIdentifier(), secretsResult);
+          if (this.printCredentials(polarisContext)) {
+            String msg =
+                String.format(
+                    "realm: %1s root principal credentials: %2s:%3s",
+                    realmContext.getRealmIdentifier(),
+                    secretsResult.getPrincipalSecrets().getPrincipalClientId(),
+                    secretsResult.getPrincipalSecrets().getMainSecret());
+            System.out.println(msg);
+          }

Review Comment:
   Looking again, is your objection specifically to the protected method 
`printCredentials`?
   
   That only exists to support the legacy behavior of the in-memory metastore 
always printing credentials, and if possible I would very much be in favor of 
removing that. 
   
   However it feels like pushing that logic down into an existing method 
(whether `secretsGenerator`, `createMetaStoreSession`, or elsewhere) could be a 
bit hacky if it winds up somewhere it doesn't belong.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to