From 65c30120da7b1823bd632d14b00140a993a12b2b Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Wed, 20 Nov 2024 19:23:31 -0800 Subject: [PATCH 01/10] initial commit --- .../polaris/core/PolarisConfiguration.java | 8 +++ .../LocalPolarisMetaStoreManagerFactory.java | 54 +++++++++++++++---- ...nMemoryPolarisMetaStoreManagerFactory.java | 26 ++++----- 3 files changed, 62 insertions(+), 26 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/PolarisConfiguration.java b/polaris-core/src/main/java/org/apache/polaris/core/PolarisConfiguration.java index 45a2f3c2a..8b0cbbbce 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/PolarisConfiguration.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/PolarisConfiguration.java @@ -206,4 +206,12 @@ public static Builder builder() { "If set to true, allows tables to be dropped with the purge parameter set to true.") .defaultValue(true) .build(); + + public static final PolarisConfiguration BOOTSTRAP_PRINT_CREDENTIALS = + PolarisConfiguration.builder() + .key("BOOTSTRAP_PRINT_CREDENTIALS") + .description( + "If set to true, credentials are printed to stdout by the bootstrap command") + .defaultValue(true) + .build(); } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java index a53c65dac..b0f2300f4 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java @@ -23,6 +23,7 @@ import java.util.Map; import java.util.function.Supplier; import org.apache.polaris.core.PolarisCallContext; +import org.apache.polaris.core.PolarisConfiguration; import org.apache.polaris.core.PolarisDefaultDiagServiceImpl; import org.apache.polaris.core.PolarisDiagnostics; import org.apache.polaris.core.auth.PolarisSecretsManager.PrincipalSecretsResult; @@ -76,17 +77,32 @@ private void initializeForRealm(RealmContext realmContext) { } @Override - public synchronized Map bootstrapRealms(List realms) { + public final synchronized Map bootstrapRealms(List realms) { Map results = new HashMap<>(); for (String realm : realms) { RealmContext realmContext = () -> realm; if (!metaStoreManagerMap.containsKey(realmContext.getRealmIdentifier())) { initializeForRealm(realmContext); - PrincipalSecretsResult secretsResult = - bootstrapServiceAndCreatePolarisPrincipalForRealm( - realmContext, metaStoreManagerMap.get(realmContext.getRealmIdentifier())); + // While bootstrapping we need to act as a fake privileged context since the real + // CallContext hasn't even been resolved yet. + PolarisCallContext polarisContext = + new PolarisCallContext( + sessionSupplierMap.get(realmContext.getRealmIdentifier()).get(), diagServices); + PrincipalSecretsResult secretsResult = bootstrapServiceAndCreatePolarisPrincipalForRealm( + realmContext, + metaStoreManagerMap.get(realmContext.getRealmIdentifier()), + polarisContext); results.put(realmContext.getRealmIdentifier(), secretsResult); + if (this.printCredentials(polarisContext)) { + String msg = + String.format( + "realm: %1s root principal credentials: %2s:%3s", + realmContext.getRealmIdentifier(), + secretsResult.getPrincipalSecrets().getPrincipalClientId(), + secretsResult.getPrincipalSecrets().getMainSecret()); + System.out.println(msg); + } } } @@ -158,12 +174,9 @@ public void setStorageIntegrationProvider(PolarisStorageIntegrationProvider stor * credentials and print them to stdout */ private PrincipalSecretsResult bootstrapServiceAndCreatePolarisPrincipalForRealm( - RealmContext realmContext, PolarisMetaStoreManager metaStoreManager) { - // While bootstrapping we need to act as a fake privileged context since the real - // CallContext hasn't even been resolved yet. - PolarisCallContext polarisContext = - new PolarisCallContext( - sessionSupplierMap.get(realmContext.getRealmIdentifier()).get(), diagServices); + RealmContext realmContext, + PolarisMetaStoreManager metaStoreManager, + PolarisCallContext polarisContext) { CallContext.setCurrentContext(CallContext.of(realmContext, polarisContext)); PolarisMetaStoreManager.EntityResult preliminaryRootPrincipalLookup = @@ -181,6 +194,17 @@ private PrincipalSecretsResult bootstrapServiceAndCreatePolarisPrincipalForRealm throw new IllegalArgumentException(overrideMessage); } + // TODO rebase onto #422, call a method like PrincipalSecretsGenerator.hasEnvironmentVariables + boolean environmentVariableCredentials = false; + if (!this.printCredentials(polarisContext) && !environmentVariableCredentials) { + String failureMessage = String.format( + "It appears that environment variables were not provided for root credentials, and that printing " + + "the root credentials is disabled via %s. If bootstrapping were to proceed, there would be no way " + + "to recover the root credentials", PolarisConfiguration.BOOTSTRAP_PRINT_CREDENTIALS.key); + LOGGER.error("\n\n {} \n\n", failureMessage); + throw new IllegalArgumentException(failureMessage); + } + metaStoreManager.bootstrapPolarisService(polarisContext); PolarisMetaStoreManager.EntityResult rootPrincipalLookup = @@ -238,4 +262,14 @@ private void checkPolarisServiceBootstrappedForRealm( "Realm is not bootstrapped, please run server in bootstrap mode."); } } + + /** + * Whether or not to print credentials after bootstrapping + */ + protected boolean printCredentials(PolarisCallContext polarisCallContext) { + return polarisCallContext + .getConfigurationStore() + .getConfiguration( + polarisCallContext, PolarisConfiguration.BOOTSTRAP_PRINT_CREDENTIALS); + } } diff --git a/polaris-service/src/main/java/org/apache/polaris/service/persistence/InMemoryPolarisMetaStoreManagerFactory.java b/polaris-service/src/main/java/org/apache/polaris/service/persistence/InMemoryPolarisMetaStoreManagerFactory.java index a268fd6a6..c979e12cf 100644 --- a/polaris-service/src/main/java/org/apache/polaris/service/persistence/InMemoryPolarisMetaStoreManagerFactory.java +++ b/polaris-service/src/main/java/org/apache/polaris/service/persistence/InMemoryPolarisMetaStoreManagerFactory.java @@ -21,9 +21,13 @@ import com.fasterxml.jackson.annotation.JsonTypeName; import java.util.Collections; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; import java.util.function.Supplier; + +import org.apache.polaris.core.PolarisCallContext; +import org.apache.polaris.core.PolarisConfiguration; import org.apache.polaris.core.PolarisDiagnostics; import org.apache.polaris.core.auth.PolarisSecretsManager.PrincipalSecretsResult; import org.apache.polaris.core.context.RealmContext; @@ -55,7 +59,7 @@ public synchronized PolarisMetaStoreManager getOrCreateMetaStoreManager( RealmContext realmContext) { String realmId = realmContext.getRealmIdentifier(); if (!bootstrappedRealms.contains(realmId)) { - bootstrapRealmAndPrintCredentials(realmId); + bootstrapRealms(List.of(realmId)); } return super.getOrCreateMetaStoreManager(realmContext); } @@ -65,24 +69,14 @@ public synchronized Supplier getOrCreateSessionSupplier RealmContext realmContext) { String realmId = realmContext.getRealmIdentifier(); if (!bootstrappedRealms.contains(realmId)) { - bootstrapRealmAndPrintCredentials(realmId); + bootstrapRealms(List.of(realmId)); } return super.getOrCreateSessionSupplier(realmContext); } - private void bootstrapRealmAndPrintCredentials(String realmId) { - Map results = - this.bootstrapRealms(Collections.singletonList(realmId)); - bootstrappedRealms.add(realmId); - - PrincipalSecretsResult principalSecrets = results.get(realmId); - - String msg = - String.format( - "realm: %1s root principal credentials: %2s:%3s", - realmId, - principalSecrets.getPrincipalSecrets().getPrincipalClientId(), - principalSecrets.getPrincipalSecrets().getMainSecret()); - System.out.println(msg); + /** {@inheritDoc} */ + @Override + protected boolean printCredentials(PolarisCallContext polarisCallContext) { + return true; } } From d9a169893986926eff4f7b32f9f7ad34bf131383 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Wed, 20 Nov 2024 19:24:54 -0800 Subject: [PATCH 02/10] autolint --- .../polaris/core/PolarisConfiguration.java | 3 +- .../LocalPolarisMetaStoreManagerFactory.java | 29 ++++++++++--------- ...nMemoryPolarisMetaStoreManagerFactory.java | 5 ---- 3 files changed, 16 insertions(+), 21 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/PolarisConfiguration.java b/polaris-core/src/main/java/org/apache/polaris/core/PolarisConfiguration.java index 8b0cbbbce..e5a337f92 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/PolarisConfiguration.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/PolarisConfiguration.java @@ -210,8 +210,7 @@ public static Builder builder() { public static final PolarisConfiguration BOOTSTRAP_PRINT_CREDENTIALS = PolarisConfiguration.builder() .key("BOOTSTRAP_PRINT_CREDENTIALS") - .description( - "If set to true, credentials are printed to stdout by the bootstrap command") + .description("If set to true, credentials are printed to stdout by the bootstrap command") .defaultValue(true) .build(); } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java index b0f2300f4..9712b7144 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java @@ -77,7 +77,8 @@ private void initializeForRealm(RealmContext realmContext) { } @Override - public final synchronized Map bootstrapRealms(List realms) { + public final synchronized Map bootstrapRealms( + List realms) { Map results = new HashMap<>(); for (String realm : realms) { @@ -89,10 +90,11 @@ public final synchronized Map bootstrapRealms(Li PolarisCallContext polarisContext = new PolarisCallContext( sessionSupplierMap.get(realmContext.getRealmIdentifier()).get(), diagServices); - PrincipalSecretsResult secretsResult = bootstrapServiceAndCreatePolarisPrincipalForRealm( - realmContext, - metaStoreManagerMap.get(realmContext.getRealmIdentifier()), - polarisContext); + PrincipalSecretsResult secretsResult = + bootstrapServiceAndCreatePolarisPrincipalForRealm( + realmContext, + metaStoreManagerMap.get(realmContext.getRealmIdentifier()), + polarisContext); results.put(realmContext.getRealmIdentifier(), secretsResult); if (this.printCredentials(polarisContext)) { String msg = @@ -197,10 +199,12 @@ private PrincipalSecretsResult bootstrapServiceAndCreatePolarisPrincipalForRealm // TODO rebase onto #422, call a method like PrincipalSecretsGenerator.hasEnvironmentVariables boolean environmentVariableCredentials = false; if (!this.printCredentials(polarisContext) && !environmentVariableCredentials) { - String failureMessage = String.format( - "It appears that environment variables were not provided for root credentials, and that printing " + - "the root credentials is disabled via %s. If bootstrapping were to proceed, there would be no way " + - "to recover the root credentials", PolarisConfiguration.BOOTSTRAP_PRINT_CREDENTIALS.key); + String failureMessage = + String.format( + "It appears that environment variables were not provided for root credentials, and that printing " + + "the root credentials is disabled via %s. If bootstrapping were to proceed, there would be no way " + + "to recover the root credentials", + PolarisConfiguration.BOOTSTRAP_PRINT_CREDENTIALS.key); LOGGER.error("\n\n {} \n\n", failureMessage); throw new IllegalArgumentException(failureMessage); } @@ -263,13 +267,10 @@ private void checkPolarisServiceBootstrappedForRealm( } } - /** - * Whether or not to print credentials after bootstrapping - */ + /** Whether or not to print credentials after bootstrapping */ protected boolean printCredentials(PolarisCallContext polarisCallContext) { return polarisCallContext .getConfigurationStore() - .getConfiguration( - polarisCallContext, PolarisConfiguration.BOOTSTRAP_PRINT_CREDENTIALS); + .getConfiguration(polarisCallContext, PolarisConfiguration.BOOTSTRAP_PRINT_CREDENTIALS); } } diff --git a/polaris-service/src/main/java/org/apache/polaris/service/persistence/InMemoryPolarisMetaStoreManagerFactory.java b/polaris-service/src/main/java/org/apache/polaris/service/persistence/InMemoryPolarisMetaStoreManagerFactory.java index c979e12cf..3d81dd465 100644 --- a/polaris-service/src/main/java/org/apache/polaris/service/persistence/InMemoryPolarisMetaStoreManagerFactory.java +++ b/polaris-service/src/main/java/org/apache/polaris/service/persistence/InMemoryPolarisMetaStoreManagerFactory.java @@ -19,17 +19,12 @@ package org.apache.polaris.service.persistence; import com.fasterxml.jackson.annotation.JsonTypeName; -import java.util.Collections; import java.util.HashSet; import java.util.List; -import java.util.Map; import java.util.Set; import java.util.function.Supplier; - import org.apache.polaris.core.PolarisCallContext; -import org.apache.polaris.core.PolarisConfiguration; import org.apache.polaris.core.PolarisDiagnostics; -import org.apache.polaris.core.auth.PolarisSecretsManager.PrincipalSecretsResult; import org.apache.polaris.core.context.RealmContext; import org.apache.polaris.core.persistence.LocalPolarisMetaStoreManagerFactory; import org.apache.polaris.core.persistence.PolarisMetaStoreManager; From 312453b9c39569cbf44b8f29350104808fb47f58 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Mon, 25 Nov 2024 11:29:42 -0800 Subject: [PATCH 03/10] autolint --- .../LocalPolarisMetaStoreManagerFactory.java | 54 +++++++++---------- .../PrincipalSecretsGenerator.java | 8 ++- 2 files changed, 33 insertions(+), 29 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java index 8191321cf..0e8d36bba 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java @@ -93,32 +93,32 @@ public final synchronized Map bootstrapRealms( bootstrap = true; try { - for (String realm : realms) { - RealmContext realmContext = () -> realm; - if (!metaStoreManagerMap.containsKey(realmContext.getRealmIdentifier())) { - initializeForRealm(realmContext); - // While bootstrapping we need to act as a fake privileged context since the real - // CallContext hasn't even been resolved yet. - PolarisCallContext polarisContext = - new PolarisCallContext( - sessionSupplierMap.get(realmContext.getRealmIdentifier()).get(), diagServices); - PrincipalSecretsResult secretsResult = - bootstrapServiceAndCreatePolarisPrincipalForRealm( - realmContext, - metaStoreManagerMap.get(realmContext.getRealmIdentifier()), - polarisContext); - results.put(realmContext.getRealmIdentifier(), secretsResult); - if (this.printCredentials(polarisContext)) { - String msg = - String.format( - "realm: %1s root principal credentials: %2s:%3s", - realmContext.getRealmIdentifier(), - secretsResult.getPrincipalSecrets().getPrincipalClientId(), - secretsResult.getPrincipalSecrets().getMainSecret()); - System.out.println(msg); + for (String realm : realms) { + RealmContext realmContext = () -> realm; + if (!metaStoreManagerMap.containsKey(realmContext.getRealmIdentifier())) { + initializeForRealm(realmContext); + // While bootstrapping we need to act as a fake privileged context since the real + // CallContext hasn't even been resolved yet. + PolarisCallContext polarisContext = + new PolarisCallContext( + sessionSupplierMap.get(realmContext.getRealmIdentifier()).get(), diagServices); + PrincipalSecretsResult secretsResult = + bootstrapServiceAndCreatePolarisPrincipalForRealm( + realmContext, + metaStoreManagerMap.get(realmContext.getRealmIdentifier()), + polarisContext); + results.put(realmContext.getRealmIdentifier(), secretsResult); + if (this.printCredentials(polarisContext)) { + String msg = + String.format( + "realm: %1s root principal credentials: %2s:%3s", + realmContext.getRealmIdentifier(), + secretsResult.getPrincipalSecrets().getPrincipalClientId(), + secretsResult.getPrincipalSecrets().getMainSecret()); + System.out.println(msg); + } } } - } } finally { bootstrap = false; } @@ -211,9 +211,9 @@ private PrincipalSecretsResult bootstrapServiceAndCreatePolarisPrincipalForRealm throw new IllegalArgumentException(overrideMessage); } - boolean environmentVariableCredentials = PrincipalSecretsGenerator.hasCredentialVariables( - realmContext.getRealmIdentifier(), - PolarisEntityConstants.getRootPrincipalName()); + boolean environmentVariableCredentials = + PrincipalSecretsGenerator.hasCredentialVariables( + realmContext.getRealmIdentifier(), PolarisEntityConstants.getRootPrincipalName()); if (!this.printCredentials(polarisContext) && !environmentVariableCredentials) { String failureMessage = String.format( diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/PrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/PrincipalSecretsGenerator.java index 627ebd130..7e5e53226 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/PrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/PrincipalSecretsGenerator.java @@ -67,7 +67,10 @@ static PrincipalSecretsGenerator bootstrap(String realmName) { return bootstrap(realmName, PrincipalSecretsGenerator::getEnvironmentVariable); } - /** Return a {@link PrincipalSecretsGenerator} either randomly-generated or from environment variables */ + /** + * Return a {@link PrincipalSecretsGenerator} either randomly-generated or from environment + * variables + */ static PrincipalSecretsGenerator bootstrap(String realmName, Function config) { return (principalName, principalId) -> { String propId = clientIdEnvironmentVariable(realmName, principalName); @@ -89,7 +92,8 @@ static boolean hasCredentialVariables(String realmName, String principalName) { Map environmentVariables = System.getenv(); String clientIdKey = clientIdEnvironmentVariable(realmName, principalName); String clientSecretKey = clientSecretEnvironmentVariable(realmName, principalName); - return environmentVariables.containsKey(clientIdKey) && environmentVariables.containsKey(clientSecretKey); + return environmentVariables.containsKey(clientIdKey) + && environmentVariables.containsKey(clientSecretKey); } /** Load a single environment variable */ From 6e145589fd26b104432c414b6168a085cb98eaec Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Tue, 26 Nov 2024 13:58:05 -0800 Subject: [PATCH 04/10] check in; not working --- ...olarisEclipseLinkMetaStoreSessionImpl.java | 2 +- ...olarisEclipseLinkMetaStoreManagerTest.java | 2 +- .../LocalPolarisMetaStoreManagerFactory.java | 11 +- .../PolarisTreeMapMetaStoreSessionImpl.java | 1 + .../PrincipalSecretsGenerator.java | 113 ------------------ .../DefaultPrincipalSecretsGenerator.java | 52 ++++++++ .../EnvVariablePrincipalSecretsGenerator.java | 71 +++++++++++ .../secrets/PrincipalSecretsGenerator.java | 84 +++++++++++++ .../RandomPrincipalSecretsGenerator.java | 42 +++++++ .../core/persistence/EntityCacheTest.java | 2 +- .../PolarisTreeMapMetaStoreManagerTest.java | 2 +- .../PrincipalSecretsGeneratorTest.java | 61 +++++----- .../core/persistence/ResolverTest.java | 2 +- .../cache/StorageCredentialCacheTest.java | 2 +- 14 files changed, 293 insertions(+), 154 deletions(-) delete mode 100644 polaris-core/src/main/java/org/apache/polaris/core/persistence/PrincipalSecretsGenerator.java create mode 100644 polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/DefaultPrincipalSecretsGenerator.java create mode 100644 polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java create mode 100644 polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java create mode 100644 polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/RandomPrincipalSecretsGenerator.java diff --git a/extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreSessionImpl.java b/extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreSessionImpl.java index 77fa0e700..26f5e38eb 100644 --- a/extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreSessionImpl.java +++ b/extension/persistence/eclipselink/src/main/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreSessionImpl.java @@ -63,13 +63,13 @@ import org.apache.polaris.core.exceptions.AlreadyExistsException; import org.apache.polaris.core.persistence.PolarisMetaStoreManagerImpl; import org.apache.polaris.core.persistence.PolarisMetaStoreSession; -import org.apache.polaris.core.persistence.PrincipalSecretsGenerator; import org.apache.polaris.core.persistence.RetryOnConcurrencyException; import org.apache.polaris.core.persistence.models.ModelEntity; import org.apache.polaris.core.persistence.models.ModelEntityActive; import org.apache.polaris.core.persistence.models.ModelEntityChangeTracking; import org.apache.polaris.core.persistence.models.ModelGrantRecord; import org.apache.polaris.core.persistence.models.ModelPrincipalSecrets; +import org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator; import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo; import org.apache.polaris.core.storage.PolarisStorageIntegration; import org.apache.polaris.core.storage.PolarisStorageIntegrationProvider; diff --git a/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java b/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java index 3b3bb9fda..82ba98213 100644 --- a/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java +++ b/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java @@ -19,7 +19,7 @@ package org.apache.polaris.extension.persistence.impl.eclipselink; import static jakarta.persistence.Persistence.createEntityManagerFactory; -import static org.apache.polaris.core.persistence.PrincipalSecretsGenerator.RANDOM_SECRETS; +import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java index 0e8d36bba..0dd668992 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java @@ -35,6 +35,8 @@ import org.apache.polaris.core.entity.PolarisEntityType; import org.apache.polaris.core.entity.PolarisPrincipalSecrets; import org.apache.polaris.core.monitor.PolarisMetricRegistry; +import org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator; +import org.apache.polaris.core.persistence.secrets.RandomPrincipalSecretsGenerator; import org.apache.polaris.core.storage.PolarisStorageIntegrationProvider; import org.apache.polaris.core.storage.cache.StorageCredentialCache; import org.jetbrains.annotations.NotNull; @@ -71,7 +73,7 @@ protected PrincipalSecretsGenerator secretsGenerator(RealmContext realmContext) if (bootstrap) { return PrincipalSecretsGenerator.bootstrap(realmContext.getRealmIdentifier()); } else { - return PrincipalSecretsGenerator.RANDOM_SECRETS; + return new RandomPrincipalSecretsGenerator(realmContext.getRealmIdentifier()); } } @@ -211,10 +213,9 @@ private PrincipalSecretsResult bootstrapServiceAndCreatePolarisPrincipalForRealm throw new IllegalArgumentException(overrideMessage); } - boolean environmentVariableCredentials = - PrincipalSecretsGenerator.hasCredentialVariables( - realmContext.getRealmIdentifier(), PolarisEntityConstants.getRootPrincipalName()); - if (!this.printCredentials(polarisContext) && !environmentVariableCredentials) { + boolean hasSystemGeneratedSecrets = secretsGenerator(realmContext) + .systemGeneratedSecrets(PolarisEntityConstants.getRootPrincipalName()); + if (!this.printCredentials(polarisContext) && hasSystemGeneratedSecrets) { String failureMessage = String.format( "It appears that environment variables were not provided for root credentials, and that printing " diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreSessionImpl.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreSessionImpl.java index 01611f3d2..6483258d2 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreSessionImpl.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreSessionImpl.java @@ -34,6 +34,7 @@ import org.apache.polaris.core.entity.PolarisEntityType; import org.apache.polaris.core.entity.PolarisGrantRecord; import org.apache.polaris.core.entity.PolarisPrincipalSecrets; +import org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator; import org.apache.polaris.core.storage.PolarisStorageConfigurationInfo; import org.apache.polaris.core.storage.PolarisStorageIntegration; import org.apache.polaris.core.storage.PolarisStorageIntegrationProvider; diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/PrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/PrincipalSecretsGenerator.java deleted file mode 100644 index 7e5e53226..000000000 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/PrincipalSecretsGenerator.java +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.polaris.core.persistence; - -import java.util.Locale; -import java.util.Map; -import java.util.function.Function; -import org.apache.polaris.core.entity.PolarisPrincipalSecrets; -import org.jetbrains.annotations.NotNull; - -/** - * An interface for generating principal secrets. It enables detaching the secret generation logic - * from services that actually manage principal objects (create, remove, rotate secrets, etc.) - * - *

The implementation statically available from {@link #bootstrap(String)} allows one-time client - * ID and secret overrides via environment variables, which can be useful for bootstrapping new - * realms. - * - *

The environment variable name follow this pattern: - * - *

    - *
  • {@code POLARIS_BOOTSTRAP___CLIENT_ID} - *
  • {@code POLARIS_BOOTSTRAP___CLIENT_SECRET} - *
- * - * For example: {@code POLARIS_BOOTSTRAP_DEFAULT-REALM_ROOT_CLIENT_ID} and {@code - * POLARIS_BOOTSTRAP_DEFAULT-REALM_ROOT_CLIENT_SECRET}. - */ -@FunctionalInterface -public interface PrincipalSecretsGenerator { - - /** - * A secret generator that produces cryptographically random client ID and client secret values. - */ - PrincipalSecretsGenerator RANDOM_SECRETS = (name, id) -> new PolarisPrincipalSecrets(id); - - /** - * Produces a new {@link PolarisPrincipalSecrets} object for the given principal ID. The returned - * secrets may or may not be random, depending on context. In bootstrapping contexts, the returned - * secrets can be predefined. After bootstrapping, the returned secrets can be expected to be - * cryptographically random. - * - * @param principalName the name of the related principal. This parameter is a hint for - * pre-defined secrets lookup during bootstrapping it is not included in the returned data. - * @param principalId the ID of the related principal. This ID is part of the returned data. - * @return a new {@link PolarisPrincipalSecrets} instance for the specified principal. - */ - PolarisPrincipalSecrets produceSecrets(@NotNull String principalName, long principalId); - - static PrincipalSecretsGenerator bootstrap(String realmName) { - return bootstrap(realmName, PrincipalSecretsGenerator::getEnvironmentVariable); - } - - /** - * Return a {@link PrincipalSecretsGenerator} either randomly-generated or from environment - * variables - */ - static PrincipalSecretsGenerator bootstrap(String realmName, Function config) { - return (principalName, principalId) -> { - String propId = clientIdEnvironmentVariable(realmName, principalName); - String propSecret = clientSecretEnvironmentVariable(realmName, principalName); - - String clientId = config.apply(propId.toUpperCase(Locale.ROOT)); - String secret = config.apply(propSecret.toUpperCase(Locale.ROOT)); - // use config values at most once (do not interfere with secret rotation) - if (clientId != null && secret != null) { - return new PolarisPrincipalSecrets(principalId, clientId, secret, secret); - } else { - return RANDOM_SECRETS.produceSecrets(principalName, principalId); - } - }; - } - - /** Return true if environment variables for client ID & secret are set */ - static boolean hasCredentialVariables(String realmName, String principalName) { - Map environmentVariables = System.getenv(); - String clientIdKey = clientIdEnvironmentVariable(realmName, principalName); - String clientSecretKey = clientSecretEnvironmentVariable(realmName, principalName); - return environmentVariables.containsKey(clientIdKey) - && environmentVariables.containsKey(clientSecretKey); - } - - /** Load a single environment variable */ - private static String getEnvironmentVariable(String key) { - return System.getenv(key); - } - - /** Build the key for the env variable used to store client ID */ - private static String clientIdEnvironmentVariable(String realmName, String principalName) { - return String.format("POLARIS_BOOTSTRAP_%s_%s_CLIENT_ID", realmName, principalName); - } - - /** Build the key for the env variable used to store client secret */ - private static String clientSecretEnvironmentVariable(String realmName, String principalName) { - return String.format("POLARIS_BOOTSTRAP_%s_%s_CLIENT_SECRET", realmName, principalName); - } -} diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/DefaultPrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/DefaultPrincipalSecretsGenerator.java new file mode 100644 index 000000000..4bf039c86 --- /dev/null +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/DefaultPrincipalSecretsGenerator.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.persistence.secrets; + +import org.apache.polaris.core.entity.PolarisPrincipalSecrets; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class DefaultPrincipalSecretsGenerator extends PrincipalSecretsGenerator { + + public DefaultPrincipalSecretsGenerator(@Nullable String realmName) { + super(realmName); + } + + private PrincipalSecretsGenerator getDelegate( + @Nullable String realmName, @NotNull String principalName) { + var envVarGenerator = new EnvVariablePrincipalSecretsGenerator(realmName); + if (envVarGenerator.systemGeneratedSecrets(principalName)) { + return new RandomPrincipalSecretsGenerator(realmName); + } else { + return envVarGenerator; + } + } + + @Override + public PolarisPrincipalSecrets produceSecrets(@NotNull String principalName, long principalId) { + PrincipalSecretsGenerator delegate = getDelegate(realmName, principalName); + return delegate.produceSecrets(principalName, principalId); + } + + @Override + public boolean systemGeneratedSecrets(@NotNull String principalName) { + PrincipalSecretsGenerator delegate = getDelegate(realmName, principalName); + return delegate.systemGeneratedSecrets(principalName); + } +} diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java new file mode 100644 index 000000000..f64fae8e0 --- /dev/null +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.persistence.secrets; + +import org.apache.polaris.core.entity.PolarisPrincipalSecrets; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class EnvVariablePrincipalSecretsGenerator extends PrincipalSecretsGenerator { + + public EnvVariablePrincipalSecretsGenerator(@Nullable String realmName) { + super(realmName); + } + + /** {@inheritDoc} */ + @Override + public PolarisPrincipalSecrets produceSecrets( + @NotNull String principalName, long principalId) { + String clientIdKey = clientIdEnvironmentVariable(realmName, principalName); + String clientSecretKey = clientSecretEnvironmentVariable(realmName, principalName); + + String clientId = getEnvironmentVariable(clientIdKey); + String clientSecret = getEnvironmentVariable(clientSecretKey); + if (clientId == null || clientSecret == null) { + return null; + } else { + return new PolarisPrincipalSecrets(principalId, clientId, clientSecret, null); + } + } + + /** {@inheritDoc} */ + @Override + public boolean systemGeneratedSecrets( + @NotNull String principalName) { + String clientIdKey = clientIdEnvironmentVariable(realmName, principalName); + String clientSecretKey = clientSecretEnvironmentVariable(realmName, principalName); + return getEnvironmentVariable(clientIdKey) != null + && getEnvironmentVariable(clientSecretKey) != null; + } + + /** Load a single environment variable */ + private static String getEnvironmentVariable(String key) { + return System.getenv(key); + } + + /** Build the key for the env variable used to store client ID */ + private static String clientIdEnvironmentVariable(String realmName, String principalName) { + return String.format("POLARIS_BOOTSTRAP_%s_%s_CLIENT_ID", realmName, principalName); + } + + /** Build the key for the env variable used to store client secret */ + private static String clientSecretEnvironmentVariable(String realmName, String principalName) { + return String.format("POLARIS_BOOTSTRAP_%s_%s_CLIENT_SECRET", realmName, principalName); + } +} diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java new file mode 100644 index 000000000..150bcd357 --- /dev/null +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.persistence.secrets; + +import org.apache.polaris.core.entity.PolarisPrincipalSecrets; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +/** + * An interface for generating principal secrets. It enables detaching the secret generation logic + * from services that actually manage principal objects (create, remove, rotate secrets, etc.) + * + *

The implementation statically available from {@link #bootstrap(String)} allows one-time client + * ID and secret overrides via environment variables, which can be useful for bootstrapping new + * realms. + * + *

The environment variable name follow this pattern: + * + *

    + *
  • {@code POLARIS_BOOTSTRAP___CLIENT_ID} + *
  • {@code POLARIS_BOOTSTRAP___CLIENT_SECRET} + *
+ * + * For example: {@code POLARIS_BOOTSTRAP_default-realm_root_CLIENT_ID} and {@code + * POLARIS_BOOTSTRAP_default-realm_root_CLIENT_SECRET}. + */ +public abstract class PrincipalSecretsGenerator { + + protected final String realmName; + + public PrincipalSecretsGenerator() { + this.realmName = null; + } + + public PrincipalSecretsGenerator(@Nullable String realmName) { + this.realmName = realmName; + } + + /** + * Produces a new {@link PolarisPrincipalSecrets} object for the given principal ID. The returned + * secrets may or may not be random, depending on context. The returned secrets can be predefined. + * + * @param principalName the name of the related principal. This parameter is a hint for + * pre-defined secrets lookup during bootstrapping it is not included in the returned data. + * @param principalId the ID of the related principal. This ID is part of the returned data. + * @return a new {@link PolarisPrincipalSecrets} instance for the specified principal. + */ + public abstract PolarisPrincipalSecrets produceSecrets( + @NotNull String principalName, long principalId); + + /** + * @param principalName the name of the related principal. This parameter is a hint for + * pre-defined secrets lookup during bootstrapping it is not included in the returned data. + * @return true if the secrets generated by this {@link PrincipalSecretsGenerator} are + * Polaris-generated as opposed to being provided by the user or another system. + */ + public abstract boolean systemGeneratedSecrets(@NotNull String principalName); + + /** + * Build a PrincipalSecretsGenerator for bootstrapping + * + * @param realmName the name of the realm + * @return A {@link PrincipalSecretsGenerator} that can generate secrets through `produceSecrets` + */ + public static PrincipalSecretsGenerator bootstrap(String realmName) { + return new DefaultPrincipalSecretsGenerator(realmName); + } +} diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/RandomPrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/RandomPrincipalSecretsGenerator.java new file mode 100644 index 000000000..fc5215880 --- /dev/null +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/RandomPrincipalSecretsGenerator.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.persistence.secrets; + +import org.apache.polaris.core.entity.PolarisPrincipalSecrets; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class RandomPrincipalSecretsGenerator extends PrincipalSecretsGenerator { + + public RandomPrincipalSecretsGenerator(@Nullable String realmName) { + super(realmName); + } + + /** {@inheritDoc} */ + @Override + public PolarisPrincipalSecrets produceSecrets(@NotNull String principalName, long principalId) { + return new PolarisPrincipalSecrets(principalId); + } + + /** {@inheritDoc} */ + @Override + public boolean systemGeneratedSecrets(@NotNull String principalName) { + return true; + } +} diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java index c47367769..1b9f9c71e 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java @@ -18,7 +18,7 @@ */ package org.apache.polaris.core.persistence; -import static org.apache.polaris.core.persistence.PrincipalSecretsGenerator.RANDOM_SECRETS; +import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; import java.util.List; import java.util.stream.Collectors; diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java index e44b45577..bb67cca5c 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java @@ -18,7 +18,7 @@ */ package org.apache.polaris.core.persistence; -import static org.apache.polaris.core.persistence.PrincipalSecretsGenerator.RANDOM_SECRETS; +import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; import java.time.ZoneId; import org.apache.polaris.core.PolarisCallContext; diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java index afbfbbbfe..dfaef02ad 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java @@ -18,41 +18,42 @@ */ package org.apache.polaris.core.persistence; -import static org.apache.polaris.core.persistence.PrincipalSecretsGenerator.bootstrap; +import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.bootstrap; import static org.assertj.core.api.Assertions.assertThat; import java.util.Map; import org.apache.polaris.core.entity.PolarisPrincipalSecrets; +import org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator; import org.junit.jupiter.api.Test; class PrincipalSecretsGeneratorTest { - - @Test - void testRandomSecrets() { - PolarisPrincipalSecrets s = bootstrap("test", (name) -> null).produceSecrets("name1", 123); - assertThat(s).isNotNull(); - assertThat(s.getPrincipalId()).isEqualTo(123); - assertThat(s.getPrincipalClientId()).isNotNull(); - assertThat(s.getMainSecret()).isNotNull(); - assertThat(s.getSecondarySecret()).isNotNull(); - } - - @Test - void testSecretOverride() { - PrincipalSecretsGenerator gen = - bootstrap( - "test-Realm", - Map.of( - "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_ID", - "client1", - "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_SECRET", - "sec2") - ::get); - PolarisPrincipalSecrets s = gen.produceSecrets("user1", 123); - assertThat(s).isNotNull(); - assertThat(s.getPrincipalId()).isEqualTo(123); - assertThat(s.getPrincipalClientId()).isEqualTo("client1"); - assertThat(s.getMainSecret()).isEqualTo("sec2"); - assertThat(s.getSecondarySecret()).isEqualTo("sec2"); - } +// +// @Test +// void testRandomSecrets() { +// PolarisPrincipalSecrets s = bootstrap("test", (name) -> null).produceSecrets("name1", 123); +// assertThat(s).isNotNull(); +// assertThat(s.getPrincipalId()).isEqualTo(123); +// assertThat(s.getPrincipalClientId()).isNotNull(); +// assertThat(s.getMainSecret()).isNotNull(); +// assertThat(s.getSecondarySecret()).isNotNull(); +// } +// +// @Test +// void testSecretOverride() { +// PrincipalSecretsGenerator gen = +// bootstrap( +// "test-Realm", +// Map.of( +// "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_ID", +// "client1", +// "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_SECRET", +// "sec2") +// ::get); +// PolarisPrincipalSecrets s = gen.produceSecrets("user1", 123); +// assertThat(s).isNotNull(); +// assertThat(s.getPrincipalId()).isEqualTo(123); +// assertThat(s.getPrincipalClientId()).isEqualTo("client1"); +// assertThat(s.getMainSecret()).isEqualTo("sec2"); +// assertThat(s.getSecondarySecret()).isEqualTo("sec2"); +// } } diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java index da4e47343..f25cf6c25 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java @@ -18,7 +18,7 @@ */ package org.apache.polaris.core.persistence; -import static org.apache.polaris.core.persistence.PrincipalSecretsGenerator.RANDOM_SECRETS; +import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; import java.util.ArrayList; import java.util.Comparator; diff --git a/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java b/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java index 357ea2e31..af55b5683 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java @@ -18,7 +18,7 @@ */ package org.apache.polaris.core.storage.cache; -import static org.apache.polaris.core.persistence.PrincipalSecretsGenerator.RANDOM_SECRETS; +import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; import com.google.common.collect.ImmutableMap; import java.util.ArrayList; From 4a3b1fd9bc4b12d974b5594d7231a9a92204ad18 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Tue, 26 Nov 2024 13:58:09 -0800 Subject: [PATCH 05/10] autolint --- .../LocalPolarisMetaStoreManagerFactory.java | 5 +- .../EnvVariablePrincipalSecretsGenerator.java | 6 +- .../secrets/PrincipalSecretsGenerator.java | 4 +- .../PrincipalSecretsGeneratorTest.java | 66 ++++++++----------- 4 files changed, 36 insertions(+), 45 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java index 0dd668992..742395949 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/LocalPolarisMetaStoreManagerFactory.java @@ -213,8 +213,9 @@ private PrincipalSecretsResult bootstrapServiceAndCreatePolarisPrincipalForRealm throw new IllegalArgumentException(overrideMessage); } - boolean hasSystemGeneratedSecrets = secretsGenerator(realmContext) - .systemGeneratedSecrets(PolarisEntityConstants.getRootPrincipalName()); + boolean hasSystemGeneratedSecrets = + secretsGenerator(realmContext) + .systemGeneratedSecrets(PolarisEntityConstants.getRootPrincipalName()); if (!this.printCredentials(polarisContext) && hasSystemGeneratedSecrets) { String failureMessage = String.format( diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java index f64fae8e0..14b178f4e 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java @@ -30,8 +30,7 @@ public EnvVariablePrincipalSecretsGenerator(@Nullable String realmName) { /** {@inheritDoc} */ @Override - public PolarisPrincipalSecrets produceSecrets( - @NotNull String principalName, long principalId) { + public PolarisPrincipalSecrets produceSecrets(@NotNull String principalName, long principalId) { String clientIdKey = clientIdEnvironmentVariable(realmName, principalName); String clientSecretKey = clientSecretEnvironmentVariable(realmName, principalName); @@ -46,8 +45,7 @@ public PolarisPrincipalSecrets produceSecrets( /** {@inheritDoc} */ @Override - public boolean systemGeneratedSecrets( - @NotNull String principalName) { + public boolean systemGeneratedSecrets(@NotNull String principalName) { String clientIdKey = clientIdEnvironmentVariable(realmName, principalName); String clientSecretKey = clientSecretEnvironmentVariable(realmName, principalName); return getEnvironmentVariable(clientIdKey) != null diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java index 150bcd357..15fc7f5db 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java @@ -66,9 +66,9 @@ public abstract PolarisPrincipalSecrets produceSecrets( /** * @param principalName the name of the related principal. This parameter is a hint for - * pre-defined secrets lookup during bootstrapping it is not included in the returned data. + * pre-defined secrets lookup during bootstrapping it is not included in the returned data. * @return true if the secrets generated by this {@link PrincipalSecretsGenerator} are - * Polaris-generated as opposed to being provided by the user or another system. + * Polaris-generated as opposed to being provided by the user or another system. */ public abstract boolean systemGeneratedSecrets(@NotNull String principalName); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java index dfaef02ad..7f241a89d 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java @@ -18,42 +18,34 @@ */ package org.apache.polaris.core.persistence; -import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.bootstrap; -import static org.assertj.core.api.Assertions.assertThat; - -import java.util.Map; -import org.apache.polaris.core.entity.PolarisPrincipalSecrets; -import org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator; -import org.junit.jupiter.api.Test; - class PrincipalSecretsGeneratorTest { -// -// @Test -// void testRandomSecrets() { -// PolarisPrincipalSecrets s = bootstrap("test", (name) -> null).produceSecrets("name1", 123); -// assertThat(s).isNotNull(); -// assertThat(s.getPrincipalId()).isEqualTo(123); -// assertThat(s.getPrincipalClientId()).isNotNull(); -// assertThat(s.getMainSecret()).isNotNull(); -// assertThat(s.getSecondarySecret()).isNotNull(); -// } -// -// @Test -// void testSecretOverride() { -// PrincipalSecretsGenerator gen = -// bootstrap( -// "test-Realm", -// Map.of( -// "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_ID", -// "client1", -// "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_SECRET", -// "sec2") -// ::get); -// PolarisPrincipalSecrets s = gen.produceSecrets("user1", 123); -// assertThat(s).isNotNull(); -// assertThat(s.getPrincipalId()).isEqualTo(123); -// assertThat(s.getPrincipalClientId()).isEqualTo("client1"); -// assertThat(s.getMainSecret()).isEqualTo("sec2"); -// assertThat(s.getSecondarySecret()).isEqualTo("sec2"); -// } + // + // @Test + // void testRandomSecrets() { + // PolarisPrincipalSecrets s = bootstrap("test", (name) -> null).produceSecrets("name1", 123); + // assertThat(s).isNotNull(); + // assertThat(s.getPrincipalId()).isEqualTo(123); + // assertThat(s.getPrincipalClientId()).isNotNull(); + // assertThat(s.getMainSecret()).isNotNull(); + // assertThat(s.getSecondarySecret()).isNotNull(); + // } + // + // @Test + // void testSecretOverride() { + // PrincipalSecretsGenerator gen = + // bootstrap( + // "test-Realm", + // Map.of( + // "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_ID", + // "client1", + // "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_SECRET", + // "sec2") + // ::get); + // PolarisPrincipalSecrets s = gen.produceSecrets("user1", 123); + // assertThat(s).isNotNull(); + // assertThat(s.getPrincipalId()).isEqualTo(123); + // assertThat(s.getPrincipalClientId()).isEqualTo("client1"); + // assertThat(s.getMainSecret()).isEqualTo("sec2"); + // assertThat(s.getSecondarySecret()).isEqualTo("sec2"); + // } } From ffcdf49267dfa2e99bc42212952114105d374424 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Wed, 27 Nov 2024 01:59:20 -0800 Subject: [PATCH 06/10] rename --- ...Generator.java => BootstrapPrincipalSecretsGenerator.java} | 4 ++-- .../core/persistence/secrets/PrincipalSecretsGenerator.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) rename polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/{DefaultPrincipalSecretsGenerator.java => BootstrapPrincipalSecretsGenerator.java} (92%) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/DefaultPrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java similarity index 92% rename from polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/DefaultPrincipalSecretsGenerator.java rename to polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java index 4bf039c86..318f62cc3 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/DefaultPrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java @@ -22,9 +22,9 @@ import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; -public class DefaultPrincipalSecretsGenerator extends PrincipalSecretsGenerator { +public class BootstrapPrincipalSecretsGenerator extends PrincipalSecretsGenerator { - public DefaultPrincipalSecretsGenerator(@Nullable String realmName) { + public BootstrapPrincipalSecretsGenerator(@Nullable String realmName) { super(realmName); } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java index 15fc7f5db..de87e02d0 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGenerator.java @@ -79,6 +79,6 @@ public abstract PolarisPrincipalSecrets produceSecrets( * @return A {@link PrincipalSecretsGenerator} that can generate secrets through `produceSecrets` */ public static PrincipalSecretsGenerator bootstrap(String realmName) { - return new DefaultPrincipalSecretsGenerator(realmName); + return new BootstrapPrincipalSecretsGenerator(realmName); } } From 910bb2a48bfe8d7ce388d12ca538a0d323e7e943 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Wed, 27 Nov 2024 11:10:01 -0800 Subject: [PATCH 07/10] rework tests --- .../BootstrapPrincipalSecretsGenerator.java | 23 +++- .../EnvVariablePrincipalSecretsGenerator.java | 4 +- .../RandomPrincipalSecretsGenerator.java | 4 + .../core/persistence/EntityCacheTest.java | 5 +- .../PolarisTreeMapMetaStoreManagerTest.java | 5 +- .../PrincipalSecretsGeneratorTest.java | 51 -------- .../core/persistence/ResolverTest.java | 5 +- .../PrincipalSecretsGeneratorTest.java | 112 ++++++++++++++++++ .../cache/StorageCredentialCacheTest.java | 5 +- 9 files changed, 144 insertions(+), 70 deletions(-) delete mode 100644 polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java create mode 100644 polaris-core/src/test/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGeneratorTest.java diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java index 318f62cc3..7746f4be2 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java @@ -21,17 +21,28 @@ import org.apache.polaris.core.entity.PolarisPrincipalSecrets; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; +import org.jetbrains.annotations.VisibleForTesting; +/** + * A {@link PrincipalSecretsGenerator} implementation used for bootstrapping that uses an + * {@link EnvVariablePrincipalSecretsGenerator} if possible and falls back to a + * {@link RandomPrincipalSecretsGenerator} otherwise + */ public class BootstrapPrincipalSecretsGenerator extends PrincipalSecretsGenerator { public BootstrapPrincipalSecretsGenerator(@Nullable String realmName) { super(realmName); } - private PrincipalSecretsGenerator getDelegate( - @Nullable String realmName, @NotNull String principalName) { - var envVarGenerator = new EnvVariablePrincipalSecretsGenerator(realmName); - if (envVarGenerator.systemGeneratedSecrets(principalName)) { + @VisibleForTesting + protected PrincipalSecretsGenerator buildEnvVariablePrincipalSecretsGenerator(String realmName) { + return new EnvVariablePrincipalSecretsGenerator(realmName); + } + + @VisibleForTesting + protected PrincipalSecretsGenerator getDelegate(@NotNull String principalName) { + var envVarGenerator = buildEnvVariablePrincipalSecretsGenerator(principalName); + if (!envVarGenerator.systemGeneratedSecrets(principalName)) { return new RandomPrincipalSecretsGenerator(realmName); } else { return envVarGenerator; @@ -40,13 +51,13 @@ private PrincipalSecretsGenerator getDelegate( @Override public PolarisPrincipalSecrets produceSecrets(@NotNull String principalName, long principalId) { - PrincipalSecretsGenerator delegate = getDelegate(realmName, principalName); + PrincipalSecretsGenerator delegate = getDelegate(principalName); return delegate.produceSecrets(principalName, principalId); } @Override public boolean systemGeneratedSecrets(@NotNull String principalName) { - PrincipalSecretsGenerator delegate = getDelegate(realmName, principalName); + PrincipalSecretsGenerator delegate = getDelegate(principalName); return delegate.systemGeneratedSecrets(principalName); } } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java index 14b178f4e..6ac9a77fb 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/EnvVariablePrincipalSecretsGenerator.java @@ -21,6 +21,7 @@ import org.apache.polaris.core.entity.PolarisPrincipalSecrets; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; +import org.jetbrains.annotations.VisibleForTesting; public class EnvVariablePrincipalSecretsGenerator extends PrincipalSecretsGenerator { @@ -53,7 +54,8 @@ public boolean systemGeneratedSecrets(@NotNull String principalName) { } /** Load a single environment variable */ - private static String getEnvironmentVariable(String key) { + @VisibleForTesting + String getEnvironmentVariable(String key) { return System.getenv(key); } diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/RandomPrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/RandomPrincipalSecretsGenerator.java index fc5215880..8c7220943 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/RandomPrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/RandomPrincipalSecretsGenerator.java @@ -28,6 +28,10 @@ public RandomPrincipalSecretsGenerator(@Nullable String realmName) { super(realmName); } + public RandomPrincipalSecretsGenerator() { + super(null); + } + /** {@inheritDoc} */ @Override public PolarisPrincipalSecrets produceSecrets(@NotNull String principalName, long principalId) { diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java index 1b9f9c71e..21cdca03b 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java @@ -18,8 +18,6 @@ */ package org.apache.polaris.core.persistence; -import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; - import java.util.List; import java.util.stream.Collectors; import org.apache.polaris.core.PolarisCallContext; @@ -34,6 +32,7 @@ import org.apache.polaris.core.persistence.cache.EntityCacheByNameKey; import org.apache.polaris.core.persistence.cache.EntityCacheEntry; import org.apache.polaris.core.persistence.cache.EntityCacheLookupResult; +import org.apache.polaris.core.persistence.secrets.RandomPrincipalSecretsGenerator; import org.assertj.core.api.Assertions; import org.junit.jupiter.api.Test; import org.mockito.Mockito; @@ -84,7 +83,7 @@ public class EntityCacheTest { public EntityCacheTest() { diagServices = new PolarisDefaultDiagServiceImpl(); store = new PolarisTreeMapStore(diagServices); - metaStore = new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), RANDOM_SECRETS); + metaStore = new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); callCtx = new PolarisCallContext(metaStore, diagServices); metaStoreManager = new PolarisMetaStoreManagerImpl(); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java index bb67cca5c..f83ca5e4f 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java @@ -18,13 +18,12 @@ */ package org.apache.polaris.core.persistence; -import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; - import java.time.ZoneId; import org.apache.polaris.core.PolarisCallContext; import org.apache.polaris.core.PolarisConfigurationStore; import org.apache.polaris.core.PolarisDefaultDiagServiceImpl; import org.apache.polaris.core.PolarisDiagnostics; +import org.apache.polaris.core.persistence.secrets.RandomPrincipalSecretsGenerator; import org.mockito.Mockito; public class PolarisTreeMapMetaStoreManagerTest extends BasePolarisMetaStoreManagerTest { @@ -34,7 +33,7 @@ public PolarisTestMetaStoreManager createPolarisTestMetaStoreManager() { PolarisTreeMapStore store = new PolarisTreeMapStore(diagServices); PolarisCallContext callCtx = new PolarisCallContext( - new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), RANDOM_SECRETS), + new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), new RandomPrincipalSecretsGenerator()), diagServices, new PolarisConfigurationStore() {}, timeSource.withZone(ZoneId.systemDefault())); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java deleted file mode 100644 index 7f241a89d..000000000 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PrincipalSecretsGeneratorTest.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.polaris.core.persistence; - -class PrincipalSecretsGeneratorTest { - // - // @Test - // void testRandomSecrets() { - // PolarisPrincipalSecrets s = bootstrap("test", (name) -> null).produceSecrets("name1", 123); - // assertThat(s).isNotNull(); - // assertThat(s.getPrincipalId()).isEqualTo(123); - // assertThat(s.getPrincipalClientId()).isNotNull(); - // assertThat(s.getMainSecret()).isNotNull(); - // assertThat(s.getSecondarySecret()).isNotNull(); - // } - // - // @Test - // void testSecretOverride() { - // PrincipalSecretsGenerator gen = - // bootstrap( - // "test-Realm", - // Map.of( - // "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_ID", - // "client1", - // "POLARIS_BOOTSTRAP_TEST-REALM_USER1_CLIENT_SECRET", - // "sec2") - // ::get); - // PolarisPrincipalSecrets s = gen.produceSecrets("user1", 123); - // assertThat(s).isNotNull(); - // assertThat(s.getPrincipalId()).isEqualTo(123); - // assertThat(s.getPrincipalClientId()).isEqualTo("client1"); - // assertThat(s.getMainSecret()).isEqualTo("sec2"); - // assertThat(s.getSecondarySecret()).isEqualTo("sec2"); - // } -} diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java index f25cf6c25..a69162258 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java @@ -18,8 +18,6 @@ */ package org.apache.polaris.core.persistence; -import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; - import java.util.ArrayList; import java.util.Comparator; import java.util.Iterator; @@ -41,6 +39,7 @@ import org.apache.polaris.core.persistence.resolver.Resolver; import org.apache.polaris.core.persistence.resolver.ResolverPath; import org.apache.polaris.core.persistence.resolver.ResolverStatus; +import org.apache.polaris.core.persistence.secrets.RandomPrincipalSecretsGenerator; import org.assertj.core.api.Assertions; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -98,7 +97,7 @@ public class ResolverTest { public ResolverTest() { diagServices = new PolarisDefaultDiagServiceImpl(); store = new PolarisTreeMapStore(diagServices); - metaStore = new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), RANDOM_SECRETS); + metaStore = new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); callCtx = new PolarisCallContext(metaStore, diagServices); metaStoreManager = new PolarisMetaStoreManagerImpl(); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGeneratorTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGeneratorTest.java new file mode 100644 index 000000000..c92e11900 --- /dev/null +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGeneratorTest.java @@ -0,0 +1,112 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.polaris.core.persistence.secrets; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.doReturn; + +import org.apache.polaris.core.entity.PolarisPrincipalSecrets; +import org.jetbrains.annotations.Nullable; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.mockito.Mockito; + +class PrincipalSecretsGeneratorTest { + + @Test + void testRandomSecrets() { + RandomPrincipalSecretsGenerator rpsg = new RandomPrincipalSecretsGenerator("realm"); + PolarisPrincipalSecrets s = rpsg.produceSecrets("name1", 123); + assertThat(s).isNotNull(); + assertThat(s.getPrincipalId()).isEqualTo(123); + assertThat(s.getPrincipalClientId()).isNotNull(); + assertThat(s.getMainSecret()).isNotNull(); + assertThat(s.getSecondarySecret()).isNotNull(); + } + + @Test + void testRandomSecretsNullRealm() { + RandomPrincipalSecretsGenerator rpsg = new RandomPrincipalSecretsGenerator(null); + PolarisPrincipalSecrets s = rpsg.produceSecrets("name1", 123); + assertThat(s).isNotNull(); + assertThat(s.getPrincipalId()).isEqualTo(123); + assertThat(s.getPrincipalClientId()).isNotNull(); + assertThat(s.getMainSecret()).isNotNull(); + assertThat(s.getSecondarySecret()).isNotNull(); + } + + @Test + void testEnvVariableSecrets() { + EnvVariablePrincipalSecretsGenerator psg = + Mockito.spy(new EnvVariablePrincipalSecretsGenerator("REALM")); + + String clientIdKey = "POLARIS_BOOTSTRAP_REALM_PRINCIPAL_CLIENT_ID"; + String clientSecretKey = "POLARIS_BOOTSTRAP_REALM_PRINCIPAL_CLIENT_SECRET"; + + doReturn("test-id").when(psg).getEnvironmentVariable(clientIdKey); + doReturn("test-secret").when(psg).getEnvironmentVariable(clientSecretKey); + + // Invoke the method + PolarisPrincipalSecrets secrets = psg.produceSecrets("PRINCIPAL", 123); + + // Verify the result + Assertions.assertNotNull(secrets); + Assertions.assertEquals(123, secrets.getPrincipalId()); + Assertions.assertEquals("test-id", secrets.getPrincipalClientId()); + Assertions.assertEquals("test-secret", secrets.getMainSecret()); + } + + @Test + void testBoostrapGeneratorDelegationToRandomPrincipalSecrets() { + EnvVariablePrincipalSecretsGenerator mockedEnvVariablePrincipalSecretsGenerator = + Mockito.spy(new EnvVariablePrincipalSecretsGenerator("REALM")); + + String clientIdKey = "POLARIS_BOOTSTRAP_REALM_PRINCIPAL_CLIENT_ID"; + String clientSecretKey = "POLARIS_BOOTSTRAP_REALM_PRINCIPAL_CLIENT_SECRET"; + + doReturn("test-id") + .when(mockedEnvVariablePrincipalSecretsGenerator) + .getEnvironmentVariable(clientIdKey); + doReturn("test-secret") + .when(mockedEnvVariablePrincipalSecretsGenerator) + .getEnvironmentVariable(clientSecretKey); + + class ExposingPrincipalSecretsGenerator extends BootstrapPrincipalSecretsGenerator { + public ExposingPrincipalSecretsGenerator(@Nullable String realmName) { + super(realmName); + } + + @Override + protected PrincipalSecretsGenerator buildEnvVariablePrincipalSecretsGenerator(String realmName) { + return mockedEnvVariablePrincipalSecretsGenerator; + } + + public PrincipalSecretsGenerator seeDelegate(String principalName) { + return this.getDelegate(principalName); + } + } + + + ExposingPrincipalSecretsGenerator fallback = new ExposingPrincipalSecretsGenerator(null); + Assertions.assertInstanceOf(RandomPrincipalSecretsGenerator.class, fallback.seeDelegate("p")); + + ExposingPrincipalSecretsGenerator hasVars = new ExposingPrincipalSecretsGenerator("REALM"); + Assertions.assertInstanceOf(EnvVariablePrincipalSecretsGenerator.class, hasVars.seeDelegate("PRINCIPAL")); + } +} diff --git a/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java b/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java index af55b5683..8867f070a 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java @@ -18,8 +18,6 @@ */ package org.apache.polaris.core.storage.cache; -import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; - import com.google.common.collect.ImmutableMap; import java.util.ArrayList; import java.util.Arrays; @@ -43,6 +41,7 @@ import org.apache.polaris.core.persistence.PolarisObjectMapperUtil; import org.apache.polaris.core.persistence.PolarisTreeMapMetaStoreSessionImpl; import org.apache.polaris.core.persistence.PolarisTreeMapStore; +import org.apache.polaris.core.persistence.secrets.RandomPrincipalSecretsGenerator; import org.apache.polaris.core.storage.PolarisCredentialProperty; import org.apache.polaris.core.storage.PolarisCredentialVendor.ScopedCredentialsResult; import org.assertj.core.api.Assertions; @@ -68,7 +67,7 @@ public StorageCredentialCacheTest() { PolarisTreeMapStore store = new PolarisTreeMapStore(diagServices); // to interact with the metastore PolarisMetaStoreSession metaStore = - new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), RANDOM_SECRETS); + new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); callCtx = new PolarisCallContext(metaStore, diagServices); metaStoreManager = Mockito.mock(PolarisMetaStoreManagerImpl.class); storageCredentialCache = new StorageCredentialCache(); From 208b8cd87dbb02f06386f9e898ce7aa5fae6c428 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Wed, 27 Nov 2024 11:10:05 -0800 Subject: [PATCH 08/10] autolint --- .../BootstrapPrincipalSecretsGenerator.java | 6 +-- .../core/persistence/EntityCacheTest.java | 4 +- .../PolarisTreeMapMetaStoreManagerTest.java | 3 +- .../core/persistence/ResolverTest.java | 4 +- .../PrincipalSecretsGeneratorTest.java | 39 ++++++++++--------- .../cache/StorageCredentialCacheTest.java | 3 +- 6 files changed, 33 insertions(+), 26 deletions(-) diff --git a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java index 7746f4be2..cc51198bc 100644 --- a/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java +++ b/polaris-core/src/main/java/org/apache/polaris/core/persistence/secrets/BootstrapPrincipalSecretsGenerator.java @@ -24,9 +24,9 @@ import org.jetbrains.annotations.VisibleForTesting; /** - * A {@link PrincipalSecretsGenerator} implementation used for bootstrapping that uses an - * {@link EnvVariablePrincipalSecretsGenerator} if possible and falls back to a - * {@link RandomPrincipalSecretsGenerator} otherwise + * A {@link PrincipalSecretsGenerator} implementation used for bootstrapping that uses an {@link + * EnvVariablePrincipalSecretsGenerator} if possible and falls back to a {@link + * RandomPrincipalSecretsGenerator} otherwise */ public class BootstrapPrincipalSecretsGenerator extends PrincipalSecretsGenerator { diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java index 21cdca03b..aa009d8da 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/EntityCacheTest.java @@ -83,7 +83,9 @@ public class EntityCacheTest { public EntityCacheTest() { diagServices = new PolarisDefaultDiagServiceImpl(); store = new PolarisTreeMapStore(diagServices); - metaStore = new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); + metaStore = + new PolarisTreeMapMetaStoreSessionImpl( + store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); callCtx = new PolarisCallContext(metaStore, diagServices); metaStoreManager = new PolarisMetaStoreManagerImpl(); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java index f83ca5e4f..49e9f1a33 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/PolarisTreeMapMetaStoreManagerTest.java @@ -33,7 +33,8 @@ public PolarisTestMetaStoreManager createPolarisTestMetaStoreManager() { PolarisTreeMapStore store = new PolarisTreeMapStore(diagServices); PolarisCallContext callCtx = new PolarisCallContext( - new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), new RandomPrincipalSecretsGenerator()), + new PolarisTreeMapMetaStoreSessionImpl( + store, Mockito.mock(), new RandomPrincipalSecretsGenerator()), diagServices, new PolarisConfigurationStore() {}, timeSource.withZone(ZoneId.systemDefault())); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java index a69162258..caf59b6a7 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/ResolverTest.java @@ -97,7 +97,9 @@ public class ResolverTest { public ResolverTest() { diagServices = new PolarisDefaultDiagServiceImpl(); store = new PolarisTreeMapStore(diagServices); - metaStore = new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); + metaStore = + new PolarisTreeMapMetaStoreSessionImpl( + store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); callCtx = new PolarisCallContext(metaStore, diagServices); metaStoreManager = new PolarisMetaStoreManagerImpl(); diff --git a/polaris-core/src/test/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGeneratorTest.java b/polaris-core/src/test/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGeneratorTest.java index c92e11900..e9a8611b5 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGeneratorTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/persistence/secrets/PrincipalSecretsGeneratorTest.java @@ -51,26 +51,26 @@ void testRandomSecretsNullRealm() { assertThat(s.getSecondarySecret()).isNotNull(); } - @Test - void testEnvVariableSecrets() { - EnvVariablePrincipalSecretsGenerator psg = - Mockito.spy(new EnvVariablePrincipalSecretsGenerator("REALM")); + @Test + void testEnvVariableSecrets() { + EnvVariablePrincipalSecretsGenerator psg = + Mockito.spy(new EnvVariablePrincipalSecretsGenerator("REALM")); - String clientIdKey = "POLARIS_BOOTSTRAP_REALM_PRINCIPAL_CLIENT_ID"; - String clientSecretKey = "POLARIS_BOOTSTRAP_REALM_PRINCIPAL_CLIENT_SECRET"; + String clientIdKey = "POLARIS_BOOTSTRAP_REALM_PRINCIPAL_CLIENT_ID"; + String clientSecretKey = "POLARIS_BOOTSTRAP_REALM_PRINCIPAL_CLIENT_SECRET"; - doReturn("test-id").when(psg).getEnvironmentVariable(clientIdKey); - doReturn("test-secret").when(psg).getEnvironmentVariable(clientSecretKey); + doReturn("test-id").when(psg).getEnvironmentVariable(clientIdKey); + doReturn("test-secret").when(psg).getEnvironmentVariable(clientSecretKey); - // Invoke the method - PolarisPrincipalSecrets secrets = psg.produceSecrets("PRINCIPAL", 123); + // Invoke the method + PolarisPrincipalSecrets secrets = psg.produceSecrets("PRINCIPAL", 123); - // Verify the result - Assertions.assertNotNull(secrets); - Assertions.assertEquals(123, secrets.getPrincipalId()); - Assertions.assertEquals("test-id", secrets.getPrincipalClientId()); - Assertions.assertEquals("test-secret", secrets.getMainSecret()); - } + // Verify the result + Assertions.assertNotNull(secrets); + Assertions.assertEquals(123, secrets.getPrincipalId()); + Assertions.assertEquals("test-id", secrets.getPrincipalClientId()); + Assertions.assertEquals("test-secret", secrets.getMainSecret()); + } @Test void testBoostrapGeneratorDelegationToRandomPrincipalSecrets() { @@ -93,7 +93,8 @@ public ExposingPrincipalSecretsGenerator(@Nullable String realmName) { } @Override - protected PrincipalSecretsGenerator buildEnvVariablePrincipalSecretsGenerator(String realmName) { + protected PrincipalSecretsGenerator buildEnvVariablePrincipalSecretsGenerator( + String realmName) { return mockedEnvVariablePrincipalSecretsGenerator; } @@ -102,11 +103,11 @@ public PrincipalSecretsGenerator seeDelegate(String principalName) { } } - ExposingPrincipalSecretsGenerator fallback = new ExposingPrincipalSecretsGenerator(null); Assertions.assertInstanceOf(RandomPrincipalSecretsGenerator.class, fallback.seeDelegate("p")); ExposingPrincipalSecretsGenerator hasVars = new ExposingPrincipalSecretsGenerator("REALM"); - Assertions.assertInstanceOf(EnvVariablePrincipalSecretsGenerator.class, hasVars.seeDelegate("PRINCIPAL")); + Assertions.assertInstanceOf( + EnvVariablePrincipalSecretsGenerator.class, hasVars.seeDelegate("PRINCIPAL")); } } diff --git a/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java b/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java index 8867f070a..88cb11233 100644 --- a/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java +++ b/polaris-core/src/test/java/org/apache/polaris/core/storage/cache/StorageCredentialCacheTest.java @@ -67,7 +67,8 @@ public StorageCredentialCacheTest() { PolarisTreeMapStore store = new PolarisTreeMapStore(diagServices); // to interact with the metastore PolarisMetaStoreSession metaStore = - new PolarisTreeMapMetaStoreSessionImpl(store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); + new PolarisTreeMapMetaStoreSessionImpl( + store, Mockito.mock(), new RandomPrincipalSecretsGenerator()); callCtx = new PolarisCallContext(metaStore, diagServices); metaStoreManager = Mockito.mock(PolarisMetaStoreManagerImpl.class); storageCredentialCache = new StorageCredentialCache(); From 3b32662c95f99329f918ab320efe4a8baebf7702 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Wed, 27 Nov 2024 11:16:22 -0800 Subject: [PATCH 09/10] stable --- .../eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java b/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java index 82ba98213..937e9f61a 100644 --- a/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java +++ b/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java @@ -19,7 +19,6 @@ package org.apache.polaris.extension.persistence.impl.eclipselink; import static jakarta.persistence.Persistence.createEntityManagerFactory; -import static org.apache.polaris.core.persistence.secrets.PrincipalSecretsGenerator.RANDOM_SECRETS; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -36,6 +35,7 @@ import org.apache.polaris.core.persistence.PolarisMetaStoreManagerImpl; import org.apache.polaris.core.persistence.PolarisTestMetaStoreManager; import org.apache.polaris.core.persistence.models.ModelPrincipalSecrets; +import org.apache.polaris.core.persistence.secrets.RandomPrincipalSecretsGenerator; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtensionContext; @@ -58,7 +58,7 @@ protected PolarisTestMetaStoreManager createPolarisTestMetaStoreManager() { PolarisEclipseLinkStore store = new PolarisEclipseLinkStore(diagServices); PolarisEclipseLinkMetaStoreSessionImpl session = new PolarisEclipseLinkMetaStoreSessionImpl( - store, Mockito.mock(), () -> "realm", null, "polaris", RANDOM_SECRETS); + store, Mockito.mock(), () -> "realm", null, "polaris", new RandomPrincipalSecretsGenerator()); return new PolarisTestMetaStoreManager( new PolarisMetaStoreManagerImpl(), new PolarisCallContext( @@ -79,7 +79,7 @@ void testCreateStoreSession(String confFile, boolean success) { try { var session = new PolarisEclipseLinkMetaStoreSessionImpl( - store, Mockito.mock(), () -> "realm", confFile, "polaris", RANDOM_SECRETS); + store, Mockito.mock(), () -> "realm", confFile, "polaris", new RandomPrincipalSecretsGenerator()); assertNotNull(session); assertTrue(success); } catch (Exception e) { From a7a4e677631ed39444eb1cfcf76c20160e2ac5b7 Mon Sep 17 00:00:00 2001 From: Eric Maynard Date: Wed, 27 Nov 2024 11:16:26 -0800 Subject: [PATCH 10/10] autolint --- .../PolarisEclipseLinkMetaStoreManagerTest.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java b/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java index 937e9f61a..1523ba63e 100644 --- a/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java +++ b/extension/persistence/eclipselink/src/test/java/org/apache/polaris/extension/persistence/impl/eclipselink/PolarisEclipseLinkMetaStoreManagerTest.java @@ -58,7 +58,12 @@ protected PolarisTestMetaStoreManager createPolarisTestMetaStoreManager() { PolarisEclipseLinkStore store = new PolarisEclipseLinkStore(diagServices); PolarisEclipseLinkMetaStoreSessionImpl session = new PolarisEclipseLinkMetaStoreSessionImpl( - store, Mockito.mock(), () -> "realm", null, "polaris", new RandomPrincipalSecretsGenerator()); + store, + Mockito.mock(), + () -> "realm", + null, + "polaris", + new RandomPrincipalSecretsGenerator()); return new PolarisTestMetaStoreManager( new PolarisMetaStoreManagerImpl(), new PolarisCallContext( @@ -79,7 +84,12 @@ void testCreateStoreSession(String confFile, boolean success) { try { var session = new PolarisEclipseLinkMetaStoreSessionImpl( - store, Mockito.mock(), () -> "realm", confFile, "polaris", new RandomPrincipalSecretsGenerator()); + store, + Mockito.mock(), + () -> "realm", + confFile, + "polaris", + new RandomPrincipalSecretsGenerator()); assertNotNull(session); assertTrue(success); } catch (Exception e) {