dimas-b commented on code in PR #1799:
URL: https://github.com/apache/polaris/pull/1799#discussion_r2124571525


##########
quarkus/admin/src/main/java/org/apache/polaris/admintool/BootstrapCommand.java:
##########
@@ -90,45 +90,41 @@ public Integer call() {
                     || inputOptions.stdinOptions.credentials.isEmpty()
                 ? RootCredentialsSet.EMPTY
                 : 
RootCredentialsSet.fromList(inputOptions.stdinOptions.credentials);
-        if (inputOptions.stdinOptions.credentials == null
-            || inputOptions.stdinOptions.credentials.isEmpty()) {
-          if (!inputOptions.stdinOptions.printCredentials) {
-            spec.commandLine()
-                .getErr()
-                .println(
-                    "Specify either `--credentials` or `--print-credentials` 
to ensure"
-                        + " the root user is accessible after bootstrapping.");
-            return EXIT_CODE_BOOTSTRAP_ERROR;
-          }
+        if (rootCredentialsSet.credentials().isEmpty()
+            && !inputOptions.stdinOptions.printCredentials) {
+          spec.commandLine()
+              .getErr()
+              .println(
+                  "Specify either `--credentials` or `--print-credentials` to 
ensure"
+                      + " the root user is accessible after bootstrapping.");
+          return EXIT_CODE_BOOTSTRAP_ERROR;
         }
       }
 
-      // Execute the bootstrap
       Map<String, PrincipalSecretsResult> results =
           metaStoreManagerFactory.bootstrapRealms(realms, rootCredentialsSet);
 
-      // Log any errors:
       boolean success = true;
       for (Map.Entry<String, PrincipalSecretsResult> result : 
results.entrySet()) {
-        if (result.getValue().isSuccess()) {
-          String realm = result.getKey();
+        String realm = result.getKey();
+        PrincipalSecretsResult secretsResult = result.getValue();
+        if (secretsResult.isSuccess()) {
           spec.commandLine().getOut().printf("Realm '%s' successfully 
bootstrapped.%n", realm);
-          if (inputOptions.stdinOptions != null && 
inputOptions.stdinOptions.printCredentials) {
-            String msg =
-                String.format(
-                    "realm: %1s root principal credentials: %2s:%3s",
-                    result.getKey(),
-                    
result.getValue().getPrincipalSecrets().getPrincipalClientId(),
-                    result.getValue().getPrincipalSecrets().getMainSecret());
-            spec.commandLine().getOut().println(msg);
+          if (inputOptions.stdinOptions != null
+              && inputOptions.stdinOptions.printCredentials
+              && !rootCredentialsSet.credentials().containsKey(realm)) {

Review Comment:
   @eric-maynard : please consider this use case:
   ```
   java -Dpolaris.persistence.type=relational-jdbc [...] -jar 
quarkus/admin/build/quarkus-app/quarkus-run.jar \
    bootstrap --realm r1 --realm r2 --credential r1,c1,s1 --print-credentials
   ```
   Current output:
   ```
   Realm 'r1' successfully bootstrapped.
   realm: r1 root principal credentials: c1:614cecf1a47a82920a2df4b86c477999
   Realm 'r2' successfully bootstrapped.
   realm: r2 root principal credentials: 
1800cece48faa5b4:dd3ae1b88675f70795b534b294992774
   Bootstrap completed successfully.
   ```
   
   Side note: the credential printed for realm `r1` is not what the user 
provided (rotated automatically).
   
   More importantly, I believe in this case the user should receive credentials 
for realm `r2` (which got auto-generated), but not for realm `r1` 
(user-provided). 
   
   The fact that `r1` credentials are rotated during bootstrap is irrelevant to 
this PR. We can probably deal with that separately.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to