george-zubrienko opened a new issue, #608: URL: https://github.com/apache/polaris/issues/608
### Describe the bug Spin up Polaris server using helm chart with Eclipse Link (Postgres), but do not create a Postgres database (do not bootstrap). Run this from inside a pod (or via exposed address if you have ingress): ``` PRINCIPAL_TOKEN="principal:root;realm:default-realm" curl -i -X POST -H "Authorization: Bearer $PRINCIPAL_TOKEN" -H 'Accept: application/json' -H 'Content-Type: application/json' http://localhost:8181/api/management/v1/catalogs -d '{ "catalog": { "name": "polaris", "type": "INTERNAL", "readOnly": false, "properties": { "default-base-location": "s3://tmp/development/polaris/" }, "storageConfigInfo": { "storageType": "S3", "allowedLocations": [ "s3://tmp/development/polaris/" ], "roleArn": "arn:aws:iam::000000000000:role/polaris-access-role" } } }' ``` Receive this: ``` HTTP/1.1 500 Server Error Date: Fri, 03 Jan 2025 14:08:25 GMT Cache-Control: must-revalidate,no-cache,no-store Content-Type: application/json Content-Length: 1215 Connection: close { "cause2":"org.postgresql.util.PSQLException: FATAL: database "default-realm" does not exist", "cause1":"Exception [EclipseLink-4002] (Eclipse Persistence Services - 4.0.4.v202407190748-059428cdd2583c46f1f3e50d235854840a6fa9a7): org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception: org.postgresql.util.PSQLException: FATAL: database "default-realm" does not exist\nError Code: 0", "servlet":"jersey", "cause0":"jakarta.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 4.0.4.v202407190748-059428cdd2583c46f1f3e50d235854840a6fa9a7): org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception: org.postgresql.util.PSQLException: FATAL: database "default-realm" does not exist\nError Code: 0", "message":"jakarta.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 4.0.4.v202407190748-059428cdd2583c46f1f3e50d235854840a6fa9a7): org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception: org.postgresql.util.PSQLException: FATAL: database "default-realm" does not exist\nError Code: 0", "url":"/api/management/v1/catalogs", "status":"500" ``` In this case, two things happened: - I was allowed unauthenticated call (check polaris-server below) w/o getting 401 right away - I am able to see what backend type is configured and I can check what databases are deployed there ### To Reproduce (in describe section) ### Actual Behavior HTTP call is allowed and stack trace information reveals certain details about metastore backend ### Expected Behavior HTTP 401 - w/o any details, details logged on DEBUG level if configured for the server via values.yaml ### Additional context Polairs build commit: https://github.com/apache/polaris/commit/0f5850c8f6dd01932f758d331dce13d2bc5d0a1c EclipseLink with PSQL ### System information Polaris container sourced from repo's Dockerfile - k8s 1.29 target cluster (EKS) PSQL (Aurora) `polaris-server.yml`: ``` authenticator: class: org.apache.polaris.service.auth.DefaultPolarisAuthenticator callContextResolver: type: default cors: allowed-credentials: true allowed-headers: - '*' allowed-methods: - PATCH - POST - DELETE - GET - PUT allowed-origins: - http://localhost:8080 allowed-timing-origins: - http://localhost:8080 exposed-headers: - '*' preflight-max-age: 600 defaultRealms: - lakehouse featureConfiguration: ENFORCE_PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_CHECKING: false SUPPORTED_CATALOG_STORAGE_TYPES: - S3 io: factoryType: default logging: appenders: - logFormat: '%-5p [%d{ISO8601} - %-6r] [%t] [%X{aid}%X{sid}%X{tid}%X{wid}%X{oid}%X{srv}%X{job}%X{rid}] %c{30}: %m %kvp%n%ex' threshold: ALL type: console level: INFO loggers: org.apache.iceberg.rest: DEBUG org.apache.polaris: DEBUG maxRequestBodyBytes: -1 metaStoreManager: conf-file: /eclipselink-config/conf.jar!/persistence.xml persistence-unit: polaris type: eclipse-link oauth2: type: default rateLimiter: type: no-op realmContextResolver: type: default server: adminConnectors: - port: 8182 type: http applicationConnectors: - port: 8181 type: http maxThreads: 200 minThreads: 10 requestLog: appenders: - type: console tokenBroker: secret: ... type: symmetric-key ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
