Re: [PR] Auto-bootstrap: add verbose logging [polaris]

Thu, 24 Apr 2025 07:52:50 -0700 


dimas-b commented on code in PR #1376:
URL: https://github.com/apache/polaris/pull/1376#discussion_r2058640745


##########
quarkus/service/src/main/java/org/apache/polaris/service/quarkus/config/QuarkusProducers.java:
##########
@@ -159,9 +163,68 @@ public void maybeBootstrap(
       MetaStoreManagerFactory factory,
       QuarkusPersistenceConfiguration config,
       RealmContextConfiguration realmContextConfiguration) {
+    var rootCredentialsSet = RootCredentialsSet.fromEnvironment();
+    var rootCredentials = rootCredentialsSet.credentials();
     if (config.isAutoBootstrap()) {
-      RootCredentialsSet rootCredentialsSet = 
RootCredentialsSet.fromEnvironment();
-      factory.bootstrapRealms(realmContextConfiguration.realms(), 
rootCredentialsSet);
+      var realmIds = realmContextConfiguration.realms();
+
+      LOGGER.info(
+          "Bootstrapping realm(s) {}, if necessary, from root credentials set 
provided via the environment variable {} or Java system property {} ...",
+          realmIds.stream().map(r -> "'" + r + 
"'").collect(Collectors.joining(", ")),
+          RootCredentialsSet.ENVIRONMENT_VARIABLE,
+          RootCredentialsSet.SYSTEM_PROPERTY);
+
+      var result = factory.bootstrapRealms(realmIds, rootCredentialsSet);
+
+      result.forEach(
+          (realm, secrets) -> {
+            var principalSecrets = secrets.getPrincipalSecrets();
+
+            var log =
+                LOGGER
+                    .atInfo()
+                    .addArgument(realm)
+                    .addArgument(RootCredentialsSet.ENVIRONMENT_VARIABLE)
+                    .addArgument(RootCredentialsSet.SYSTEM_PROPERTY);
+            if (rootCredentials.containsKey(realm)) {
+              log.log(
+                  "Realm '{}' automatically bootstrapped, credentials taken 
from root credentials set provided via the environment variable {} or Java 
system property {}, not printed to stdout.");
+            } else {
+              log.log(
+                  "Realm '{}' automatically bootstrapped, credentials were not 
present in root credentials set provided via the environment variable {} or 
Java system property {}, see separate message printed to stdout.");
+              String msg =
+                  String.format(
+                      "realm: %1s root principal credentials: %2s:%3s",
+                      realm,
+                      principalSecrets.getPrincipalClientId(),
+                      principalSecrets.getMainSecret());
+              System.out.println(msg);

Review Comment:
   TBH, I do not think it's worth printing credentials to STDOUT at all. What's 
the use case for that that cannot be covered by user-provided credentials?
   
   Cf. https://github.com/apache/polaris/issues/1428#issuecomment-2825877145



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to