Re: [PR] Support for external identity providers [polaris]

via GitHub Fri, 25 Apr 2025 06:44:59 -0700


adutra commented on code in PR #1397:
URL: https://github.com/apache/polaris/pull/1397#discussion_r2060274893



##########
quarkus/service/src/main/java/org/apache/polaris/service/quarkus/config/ProductionReadinessChecks.java:
##########
@@ -109,43 +93,80 @@ public ProductionReadinessCheck 
checkTokenService(IcebergRestOAuth2ApiService se
   }
 
   @Produces
-  public ProductionReadinessCheck checkTokenBroker(
-      AuthenticationConfiguration configuration, TokenBrokerFactory factory) {
-    if (factory instanceof JWTRSAKeyPairFactory) {
-      if (configuration
-          .tokenBroker()
-          .rsaKeyPair()
-          .map(RSAKeyPairConfiguration::publicKeyFile)
-          .isEmpty()) {
-        return ProductionReadinessCheck.of(
-            Error.of(
-                "A public key file wasn't provided and will be generated.",
-                
"polaris.authentication.token-broker.rsa-key-pair.public-key-file"));
-      }
-      if (configuration
-          .tokenBroker()
-          .rsaKeyPair()
-          .map(RSAKeyPairConfiguration::privateKeyFile)
-          .isEmpty()) {
-        return ProductionReadinessCheck.of(
-            Error.of(
-                "A private key file wasn't provided and will be generated.",
-                
"polaris.authentication.token-broker.rsa-key-pair.private-key-file"));
-      }
-    }
-    if (factory instanceof JWTSymmetricKeyFactory) {
-      if (configuration
-          .tokenBroker()
-          .symmetricKey()
-          .map(SymmetricKeyConfiguration::secret)
-          .isPresent()) {
-        return ProductionReadinessCheck.of(
-            Error.of(
-                "A symmetric key secret was provided through configuration 
rather than through a secret file.",
-                "polaris.authentication.token-broker.symmetric-key.secret"));
-      }
-    }
-    return ProductionReadinessCheck.OK;
+  public ProductionReadinessCheck checkAuthenticationType(
+      AuthenticationConfiguration configuration) {
+    List<ProductionReadinessCheck.Error> errors = new ArrayList<>();
+    configuration
+        .realms()
+        .forEach(
+            (realm, config) -> {
+              AuthenticationType authenticationType = config.type();
+              if (authenticationType == AuthenticationType.INTERNAL
+                  || authenticationType == AuthenticationType.MIXED) {
+                errors.add(
+                    Error.of(
+                        "Internal authentication is deprecated since Iceberg 
1.6.0.",

Review Comment:
   I don't _need_ Iceberg 1.9 and auth manager, client credentials should still 
work, although without token refreshes. But OK to remove this.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Support for external identity providers [polaris]

Reply via email to