diff --git a/getting-started/trino/README.md b/getting-started/trino/README.md index 26804a77a..267f4020d 100644 --- a/getting-started/trino/README.md +++ b/getting-started/trino/README.md @@ -24,7 +24,7 @@ This getting started guide provides a `docker-compose` file to set up [Trino](ht ## Build Polaris Image Build Polaris Image while Docker is running ``` -./gradlew :polaris-quarkus-server:assemble -Dquarkus.container-image.build=true +./gradlew clean :polaris-quarkus-server:assemble -Dquarkus.container-image.build=true ``` ## Run the `docker-compose` file @@ -53,6 +53,6 @@ SELECT * FROM iceberg.tpch.test_polaris; ``` ## Note -The Polaris catalog setup script uses the credential `principal:root;realm:default-realm`. This credential is used so users do not need to fetch credentials from Apache Polaris' console output. +The Polaris in this example is started with realm `default-realm` and root credentials: `root:s3cr3t`. An example catalog is created in Apache Polaris using the `curl` command. See `create-polaris-catalog.sh` for details. diff --git a/getting-started/trino/create-polaris-catalog.sh b/getting-started/trino/create-polaris-catalog.sh index 20b007a82..e08e1c5f8 100644 --- a/getting-started/trino/create-polaris-catalog.sh +++ b/getting-started/trino/create-polaris-catalog.sh @@ -17,7 +17,23 @@ # under the License. # -PRINCIPAL_TOKEN="principal:root;realm:default-realm" +if ! output=$(curl -X POST -H "Polaris-Realm: default-realm" "http://polaris:8181/api/catalog/v1/oauth/tokens" \ + -d "grant_type=client_credentials" \ + -d "client_id=root" \ + -d "client_secret=s3cr3t" \ + -d "scope=PRINCIPAL_ROLE:ALL"); then + logred "Error: Failed to retrieve bearer token" + exit 1 +fi + +token=$(echo "$output" | awk -F\" '{print $4}') + +if [ "$token" == "unauthorized_client" ]; then + logred "Error: Failed to retrieve bearer token" + exit 1 +fi + +PRINCIPAL_TOKEN=$token # Use local filesystem by default curl -i -X POST -H "Authorization: Bearer $PRINCIPAL_TOKEN" -H 'Accept: application/json' -H 'Content-Type: application/json' \ diff --git a/getting-started/trino/docker-compose.yml b/getting-started/trino/docker-compose.yml index 5ea31fb41..fd438f009 100644 --- a/getting-started/trino/docker-compose.yml +++ b/getting-started/trino/docker-compose.yml @@ -31,14 +31,8 @@ services: AZURE_TENANT_ID: $AZURE_TENANT_ID AZURE_CLIENT_ID: $AZURE_CLIENT_ID AZURE_CLIENT_SECRET: $AZURE_CLIENT_SECRET - polaris.persistence.type: in-memory - polaris.authentication.authenticator.type: test - polaris.authentication.token-service.type: test - polaris.authentication.token-broker.type: symmetric-key - polaris.authentication.token-broker.symmetric-key.secret: polaris - polaris.features.defaults."SUPPORTED_CATALOG_STORAGE_TYPES": '["FILE","S3","GCS","AZURE"]' - polaris.realm-context.realms: default-realm,realm1 - quarkus.log.file.enable: false + POLARIS_BOOTSTRAP_CREDENTIALS: default-realm,root,s3cr3t + polaris.realm-context.realms: default-realm quarkus.otel.sdk.disabled: "true" healthcheck: diff --git a/getting-started/trino/trino-config/catalog/iceberg.properties b/getting-started/trino/trino-config/catalog/iceberg.properties index 94b8b489e..1cd0a0e7a 100644 --- a/getting-started/trino/trino-config/catalog/iceberg.properties +++ b/getting-started/trino/trino-config/catalog/iceberg.properties @@ -21,7 +21,8 @@ connector.name=iceberg iceberg.catalog.type=rest iceberg.rest-catalog.uri=http://polaris:8181/api/catalog iceberg.rest-catalog.security=OAUTH2 -iceberg.rest-catalog.oauth2.token=principal:root;realm:default-realm +iceberg.rest-catalog.oauth2.credential=root:s3cr3t +iceberg.rest-catalog.oauth2.scope=PRINCIPAL_ROLE:ALL iceberg.rest-catalog.warehouse=polaris # Required to support local filesystem: https://trino.io/docs/current/object-storage.html#configuration fs.hadoop.enabled=true