Re: [PR] dont print provided creds in BootstrapCommand [polaris]

Tue, 03 Jun 2025 12:01:04 -0700 


eric-maynard commented on code in PR #1799:
URL: https://github.com/apache/polaris/pull/1799#discussion_r2124676965


##########
quarkus/admin/src/main/java/org/apache/polaris/admintool/BootstrapCommand.java:
##########
@@ -90,45 +90,41 @@ public Integer call() {
                     || inputOptions.stdinOptions.credentials.isEmpty()
                 ? RootCredentialsSet.EMPTY
                 : 
RootCredentialsSet.fromList(inputOptions.stdinOptions.credentials);
-        if (inputOptions.stdinOptions.credentials == null
-            || inputOptions.stdinOptions.credentials.isEmpty()) {
-          if (!inputOptions.stdinOptions.printCredentials) {
-            spec.commandLine()
-                .getErr()
-                .println(
-                    "Specify either `--credentials` or `--print-credentials` 
to ensure"
-                        + " the root user is accessible after bootstrapping.");
-            return EXIT_CODE_BOOTSTRAP_ERROR;
-          }
+        if (rootCredentialsSet.credentials().isEmpty()
+            && !inputOptions.stdinOptions.printCredentials) {
+          spec.commandLine()
+              .getErr()
+              .println(
+                  "Specify either `--credentials` or `--print-credentials` to 
ensure"
+                      + " the root user is accessible after bootstrapping.");
+          return EXIT_CODE_BOOTSTRAP_ERROR;
         }
       }
 
-      // Execute the bootstrap
       Map<String, PrincipalSecretsResult> results =
           metaStoreManagerFactory.bootstrapRealms(realms, rootCredentialsSet);
 
-      // Log any errors:
       boolean success = true;
       for (Map.Entry<String, PrincipalSecretsResult> result : 
results.entrySet()) {
-        if (result.getValue().isSuccess()) {
-          String realm = result.getKey();
+        String realm = result.getKey();
+        PrincipalSecretsResult secretsResult = result.getValue();
+        if (secretsResult.isSuccess()) {
           spec.commandLine().getOut().printf("Realm '%s' successfully 
bootstrapped.%n", realm);
-          if (inputOptions.stdinOptions != null && 
inputOptions.stdinOptions.printCredentials) {
-            String msg =
-                String.format(
-                    "realm: %1s root principal credentials: %2s:%3s",
-                    result.getKey(),
-                    
result.getValue().getPrincipalSecrets().getPrincipalClientId(),
-                    result.getValue().getPrincipalSecrets().getMainSecret());
-            spec.commandLine().getOut().println(msg);
+          if (inputOptions.stdinOptions != null
+              && inputOptions.stdinOptions.printCredentials
+              && !rootCredentialsSet.credentials().containsKey(realm)) {

Review Comment:
   This behavior looks completely correct to me.
   
   If the user doesn't want to print credentials for r1, they should bootstrap 
r1 without setting `--print-credentials`. It's quite straightforward.
   
   >  the credential printed for realm r1 is not what the user provided 
(rotated automatically).
   
   All the more reason that printing the credentials is valuable, no? But I 
agree that this can/should change.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to