Update Trino Getting-started example to use default authenticator (#877)

HonahX · web-flow · commit 33bfaff221e4 · 2025-01-27T10:19:18.000-08:00
diff --git a/getting-started/trino/README.md b/getting-started/trino/README.md
@@ -53,6 +53,6 @@ SELECT * FROM iceberg.tpch.test_polaris;
 ```
 
 ## Note
-The Polaris catalog setup script uses the credential `principal:root;realm:default-realm`. This credential is used so users do not need to fetch credentials from Apache Polaris' console output.
+The Polaris in this example is started with realm `default-realm` and root credentials: `root:s3cr3t`.
 
 An example catalog is created in Apache Polaris using the `curl` command. See `create-polaris-catalog.sh` for details.
diff --git a/getting-started/trino/create-polaris-catalog.sh b/getting-started/trino/create-polaris-catalog.sh
@@ -17,7 +17,23 @@
 # under the License.
 #
 
-PRINCIPAL_TOKEN="principal:root;realm:default-realm"
+if ! output=$(curl -X POST -H "Polaris-Realm: default-realm" "http://polaris:8181/api/catalog/v1/oauth/tokens" \
+  -d "grant_type=client_credentials" \
+  -d "client_id=root" \
+  -d "client_secret=s3cr3t" \
+  -d "scope=PRINCIPAL_ROLE:ALL"); then
+  logred "Error: Failed to retrieve bearer token"
+  exit 1
+fi
+
+token=$(echo "$output" | awk -F\" '{print $4}')
+
+if [ "$token" == "unauthorized_client" ]; then
+  logred "Error: Failed to retrieve bearer token"
+  exit 1
+fi
+
+PRINCIPAL_TOKEN=$token
 
 # Use local filesystem by default
 curl -i -X POST -H "Authorization: Bearer $PRINCIPAL_TOKEN" -H 'Accept: application/json' -H 'Content-Type: application/json' \
diff --git a/getting-started/trino/docker-compose.yml b/getting-started/trino/docker-compose.yml
@@ -31,14 +31,8 @@ services:
       AZURE_TENANT_ID: $AZURE_TENANT_ID
       AZURE_CLIENT_ID: $AZURE_CLIENT_ID
       AZURE_CLIENT_SECRET: $AZURE_CLIENT_SECRET
-      polaris.persistence.type: in-memory
-      polaris.authentication.authenticator.type: test
-      polaris.authentication.token-service.type: test
-      polaris.authentication.token-broker.type: symmetric-key
-      polaris.authentication.token-broker.symmetric-key.secret: polaris
-      polaris.features.defaults."SUPPORTED_CATALOG_STORAGE_TYPES": '["FILE","S3","GCS","AZURE"]'
-      polaris.realm-context.realms: default-realm,realm1
-      quarkus.log.file.enable: false
+      POLARIS_BOOTSTRAP_CREDENTIALS: default-realm,root,s3cr3t
+      polaris.realm-context.realms: default-realm
       quarkus.otel.sdk.disabled: "true"
 
     healthcheck:
diff --git a/getting-started/trino/trino-config/catalog/iceberg.properties b/getting-started/trino/trino-config/catalog/iceberg.properties
@@ -21,7 +21,8 @@ connector.name=iceberg
 iceberg.catalog.type=rest
 iceberg.rest-catalog.uri=http://polaris:8181/api/catalog
 iceberg.rest-catalog.security=OAUTH2
-iceberg.rest-catalog.oauth2.token=principal:root;realm:default-realm
+iceberg.rest-catalog.oauth2.credential=root:s3cr3t
+iceberg.rest-catalog.oauth2.scope=PRINCIPAL_ROLE:ALL
 iceberg.rest-catalog.warehouse=polaris
 # Required to support local filesystem: https://trino.io/docs/current/object-storage.html#configuration
 fs.hadoop.enabled=true
