snazy commented on code in PR #522:
URL: https://github.com/apache/polaris/pull/522#discussion_r1878310418
##########
polaris-service/src/main/java/org/apache/polaris/service/BootstrapRealmsCommand.java:
##########
@@ -49,22 +48,24 @@ protected void run(
MetaStoreManagerFactory metaStoreManagerFactory =
configuration.findService(MetaStoreManagerFactory.class);
- PolarisConfigurationStore configurationStore =
- configuration.findService(PolarisConfigurationStore.class);
-
// Execute the bootstrap
Map<String, PrincipalSecretsResult> results =
metaStoreManagerFactory.bootstrapRealms(configuration.getDefaultRealms());
// Log any errors:
boolean success = true;
for (Map.Entry<String, PrincipalSecretsResult> result :
results.entrySet()) {
+ var realmId = result.getKey();
+ var secretsResult = result.getValue();
if (!result.getValue().isSuccess()) {
LOGGER.error(
- "Bootstrapping `{}` failed: {}",
- result.getKey(),
- result.getValue().getReturnStatus().toString());
+ "Bootstrapping `{}` failed: {}", realmId,
secretsResult.getReturnStatus().toString());
success = false;
+ } else {
+ var principalSecrets = secretsResult.getPrincipalSecrets();
+ System.out.printf(
+ "Bootstrap realm '%s' - root principal credentials: %s secret: %s",
Review Comment:
> secrets are not stored in EclipseLink anyway
The problem is, that it is possible - and before this change the clear text
secrets were passed down to EL and therefore the database, which is IMHO an
absolute no-go. But even if it was not the case, the fact that it _could_
happen is not good.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
