Make regression tests use default authentication

[adutra]

... and align realm names to use POLARIS consistently.

Using default authenticators with real JWT tokens, the regression tests are better aligned with a production-like setup.

[adutra]

@MonkeyCanCode @flyrain @HonahX with this PR we should get regression tests running with production-like profile. This should supersede #866 and fix #865. Let me know what you think.

[HonahX]

@adutra Thanks for updating these!

[HonahX]

Since the authenticator is default now, do we still need this token default value, principal:root;realm:POLARIS. Seems we will need to run the added script in run.sh to get a token using root credential first before running run_spark_sql.sh.

Additionally, is run_spark_sql.sh expected to work without first running run.sh? If so, may be we should consider adding code to get a token within this script to make it work out-of-box.

[adutra]

do we still need this token default value

Indeed I thought about removing the default values everywhere, but I wasn't sure whether all these scripts are always executed from the run.sh entrypoint. Do you think we should remove the default values?

may be we should consider adding code to get a token within this script to make it work out-of-box.

Good catch! The script is definitely meant to be executed individually. I will add support for default auth in that script as well.

[adutra]

I will add support for default auth in that script as well.

Done, let me know what you think!

[HonahX]

Done, let me know what you think!

Thanks for adding that! Look great!

but I wasn't sure whether all these scripts are always executed from the run.sh entrypoint. Do you think we should remove the default values?

My understanding is that the default values will always fail since default authenticator reject principal:root:realm:* token anyway. We will need to either execute run.sh to store a real token in env or adding the default auth like run_spark_sql.sh to make scripts able to be executed without run.sh.

Keeping default values there will have no affect on tests but I feel it will cause additional work if we want to change realm name for regression test in the future. WDYT?

[adutra]

I think I agree. Should I remove the default values in this PR or as a follow-up?

[HonahX]

I am ok with either way. As you pointed out in #865 (comment), we will need some follow-up PRs to clean-up/fix things so I think that could also be a good place to remove these values

[adutra]

Okay, I took note to open a follow-up PR for that 👍

[HonahX]

This can also help simplify the docker-compose.yml in getting-started examples: e.g. #868

I am happy to update that PR if this one goes in first : )

[HonahX]

LGTM! Thanks for updating these

[flyrain]

Do we need to keep -principal:root;realm:POLARIS as token will be fetched by run.sh? Given the direction that we want to to is to use the default authenticator always for reggresstion test, I think we should remove them to avoid confusion, as principal:root;realm:POLARIS doesn't work for default athenticator.

[adutra]

With @HonahX we decided to postpone that, but I think you are right: leaving this default value will create confusion. So I went ahead and removed them.

[flyrain]

I'm not familiar with Quarkus conventions, but "with profile prod" seems a bit odd to me, it is no way close to a prod deployment. Is "with the default profile" more accurate? Or we don't even have to mention it in that case.

[adutra]

You are right. Rephrased.

[flyrain]

I think we should also remove this line,

polaris/getting-started/trino/README.md

Line 56 in 7d854f2

The Polaris catalog setup script uses the credential `principal:root;realm:default-realm`. This credential is used so users do not need to fetch credentials from Apache Polaris' console output.

, as we changed the way it works. cc @HonahX

[adutra]

Rebased (to get the tox removal commit) and addressed feedback.

I am now able to run the regression tests both locally and with docker-compose. I am also able to run ./regtests/run_spark_sql.sh and play interactively with a running Polaris server.

[flyrain]

+1

[flyrain]

Thanks a lot for the fix @adutra ! Thanks for the review @HonahX!