Skip to content

Fix Keycloak getting-started example #2349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 14, 2025
Merged

Fix Keycloak getting-started example #2349

merged 1 commit into from
Aug 14, 2025

Conversation

@adutra
Copy link
Contributor

@adutra adutra commented Aug 14, 2025

The polaris-setup container was erroneously including a non-existent scope when fetching a token from Keycloak.

@adutra
Fix Keycloak getting-started example
6b62c72 
The `polaris-setup` container was erroneously including a non-existent scope when fetching a token from Keycloak.
@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board Aug 14, 2025
@adutra
Copy link
Contributor Author

adutra commented Aug 14, 2025

@singhpk234 would you mind having a look again? I don't know how this bug slipped through the cracks 😄

adutra
adutra commented Aug 14, 2025
View reviewed changes
getting-started/keycloak/docker-compose.yml
- >-
apk add --no-cache jq &&
chmod +x /polaris/create-catalog.sh &&
token=$$(curl http://keycloak:8080/realms/iceberg/protocol/openid-connect/token --user client1:s3cr3t -d 'grant_type=client_credentials' | jq -r .access_token) &&
Copy link
Contributor Author

@adutra adutra Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only real difference is the removal of -d 'scope=catalog' – the rest is formatting.

singhpk234
singhpk234 approved these changes Aug 14, 2025
View reviewed changes
Copy link
Contributor

@singhpk234 singhpk234 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank @adutra ~

Not sure how this got missed, i did get a 200 from keycloak, and do remeber we discussed removing the scopes.
for my understanding how does the error shows up ?

@github-project-automation github-project-automation bot moved this from PRs In Progress to Ready to merge in Basic Kanban Board Aug 14, 2025
@adutra
Copy link
Contributor Author

adutra commented Aug 14, 2025

Not sure how this got missed, i did get a 200 from keycloak, and do remeber we discussed removing the scopes.
for my understanding how does the error shows up ?

The create-catalog.sh script fails to create the catalog.

What I think happened is that at some point I removed the catalog scope from Keycloak config (since it was unused), but I already had a Keycloak container created, so when I started the container again, it started with the old config, and it worked.

@adutra adutra merged commit b1f7eed into apache:main Aug 14, 2025
12 checks passed
@github-project-automation github-project-automation bot moved this from Ready to merge to Done in Basic Kanban Board Aug 14, 2025
@adutra adutra deleted the keycloak-getting-started-fix branch August 14, 2025 12:51
snazy added a commit to snazy/polaris that referenced this pull request Nov 20, 2025
@snazy @adutra
@renovate-bot @XN137 @poojanilangekar @eric-maynard @dimas-b @XJDKC
Dremio merge 2025 08 18 11 02 (apache#104)
da546bd 
* Fix Keycloak getting-started example (apache#2349)

The `polaris-setup` container was erroneously including a non-existent scope when fetching a token from Keycloak.

* fix(deps): update dependency com.nimbusds:nimbus-jose-jwt to v10.4.2 (apache#2350)

* Use PolarisTaskConstants (apache#2346)

* Add a regression test for Catalog Federation (apache#2286)

* Add a regression test for Catalog Federation

* Install jq dependency

* Fix token issues

* Update regtests/README.md

Co-authored-by: Eric Maynard <[email protected]>

* Update README.md

---------

Co-authored-by: Eric Maynard <[email protected]>

* Modularize federation (Option 2) (apache#2332)

* Modularize federation (Option 2)

* Move polaris-extensions-federation-hadoop dependency

* Change identifier to lowerCase

* Change identifiers to constants

* Replace CallContext with RealmConfig in enforceFeatureEnabledOrThrow (apache#2348)

* Replace CallContext with RealmConfig in CatalogEntity (apache#2336)

* chore(deps): update registry.access.redhat.com/ubi9/openjdk-21-runtime docker tag to v1.23-6 (apache#2353)

* fix(deps): update dependency com.gradleup.shadow:shadow-gradle-plugin to v9.0.2 (apache#2358)

* chore(deps): update postgres docker tag to v17.6 (apache#2354)

* Add integration tests with Keycloak (apache#2343)

* Fix REST responses for failed Admin operations (apache#2291)

* Fix REST responses for failed Admin operations

the `boolean` return values of many methods in `PolarisAdminService`
were often simply not getting used at all, thus the REST api returned
success in those cases even though the `PrivilegeResult` was marked
as failed.
due to this fix a silently failing test now needs to be adjusted.

we return the `PrivilegeResult` instead of a `boolean` to give the
client at least some indication of what has gone wrong on the server
side.

note that some of the other operations were throwing Expcetions already,
which are already reported back correctly to the client.

* review: use http 400 BAD_REQUEST

* Make PolarisAuthorizer RequestScoped (apache#2340)

all methods in `PolarisAuthorizer` currently have a `CallContext`
parameter.
in its only implementation only `CallContext.getRealmConfig` is getting
used.

so since `PolarisAuthorizer` cant be used outside a request, we can
simply make it request-scoped and inject the request-scoped `RealmConfig`
directly.

* fix(deps): update mockito monorepo to v5.19.0 (apache#2360)

* Fix soft-merge conflict on `main` (apache#2364)

* feat(docs): Add Getting Stated guide for MinIO (apache#2227)

* feat(docs): Add Getting Stated guide for MinIO

A simple page of step-by-step instructions for setting
up a local environment with Polaris, MinIO and Spark.

Closes apache#1530

* IntelliJ: fix project icon in IJ project list (apache#2366)

... copy source has changed

* Use asMap property helpers (apache#2347)

seems like these helpers existed for a long time but were just not
getting used consistently

* SigV4 Auth Support for Catalog Federation - Part 2: Connection Config Persistence (apache#2190)

* Add SigV4 related DPOs

* Rename UserSecretReference to SecretReference and fix some small issues

* fix(deps): update dependency software.amazon.awssdk:bom to v2.32.24 (apache#2371)

* Rat-check: exclude venv, cleanup excludes, include .svg (apache#2363)

* `.svg` files are XML files and can contain a license header
* Re-grouped the exclusion rat patterns
* Added exclude for `.venv`
* Added exclude for `.ruff_cache`

* NoSQL: Async-impls: add some safeguards + javadoc spelling

* NoSQL: spelling

* NoSQL: dependency updates

* Last merged commit: 5a7686b

---------

Co-authored-by: Alexandre Dutra <[email protected]>
Co-authored-by: Mend Renovate <[email protected]>
Co-authored-by: Christopher Lambert <[email protected]>
Co-authored-by: Pooja Nilangekar <[email protected]>
Co-authored-by: Eric Maynard <[email protected]>
Co-authored-by: Dmitri Bourlatchkov <[email protected]>
Co-authored-by: Rulin Xing <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@singhpk234 singhpk234 singhpk234 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adutra @singhpk234