in polaris-core/src/testFixtures/java/org/apache/polaris/core/persistence/PolarisTestMetaStoreManager.java [409:610]
PolarisBaseEntity createPrincipal(String name) {
// create new principal identity
PolarisBaseEntity principalEntity =
new PolarisBaseEntity(
PolarisEntityConstants.getNullId(),
polarisMetaStoreManager.generateNewEntityId(this.polarisCallContext).getId(),
PolarisEntityType.PRINCIPAL,
PolarisEntitySubType.NULL_SUBTYPE,
PolarisEntityConstants.getRootEntityId(),
name);
principalEntity.setInternalProperties(
PolarisObjectMapperUtil.serializeProperties(
this.polarisCallContext,
Map.of(PolarisEntityConstants.PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_STATE, "true")));
CreatePrincipalResult createPrincipalResult =
polarisMetaStoreManager.createPrincipal(this.polarisCallContext, principalEntity);
Assertions.assertThat(createPrincipalResult).isNotNull();
// ensure well created
this.ensureExistsById(
null,
createPrincipalResult.getPrincipal().getId(),
true,
name,
PolarisEntityType.PRINCIPAL,
PolarisEntitySubType.NULL_SUBTYPE);
// the client id
PolarisPrincipalSecrets secrets = createPrincipalResult.getPrincipalSecrets();
String clientId = secrets.getPrincipalClientId();
// ensure secrets are properly populated
Assertions.assertThat(secrets.getMainSecret()).isNotNull();
Assertions.assertThat(secrets.getMainSecret().length()).isGreaterThanOrEqualTo(32);
Assertions.assertThat(secrets.getSecondarySecret()).isNotNull();
Assertions.assertThat(secrets.getSecondarySecret().length()).isGreaterThanOrEqualTo(32);
// should be same principal id
Assertions.assertThat(secrets.getPrincipalId()).isEqualTo(principalEntity.getId());
// ensure that the secrets have been properly saved and match
PolarisPrincipalSecrets reloadSecrets =
polarisMetaStoreManager
.loadPrincipalSecrets(this.polarisCallContext, clientId)
.getPrincipalSecrets();
Assertions.assertThat(reloadSecrets).isNotNull();
Assertions.assertThat(reloadSecrets.getPrincipalId()).isEqualTo(secrets.getPrincipalId());
Assertions.assertThat(reloadSecrets.getPrincipalClientId())
.isEqualTo(secrets.getPrincipalClientId());
Assertions.assertThat(reloadSecrets.getMainSecretHash()).isEqualTo(secrets.getMainSecretHash());
Assertions.assertThat(reloadSecrets.getSecondarySecretHash())
.isEqualTo(secrets.getSecondarySecretHash());
Map<String, String> internalProperties =
PolarisObjectMapperUtil.deserializeProperties(
this.polarisCallContext, createPrincipalResult.getPrincipal().getInternalProperties());
Assertions.assertThat(
internalProperties.get(
PolarisEntityConstants.PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_STATE))
.isNotNull();
// simulate retry if we are asked to
if (this.doRetry) {
// simulate that we retried
CreatePrincipalResult newCreatePrincipalResult =
polarisMetaStoreManager.createPrincipal(this.polarisCallContext, principalEntity);
Assertions.assertThat(newCreatePrincipalResult).isNotNull();
// ensure same
Assertions.assertThat(newCreatePrincipalResult.getPrincipal().getId())
.isEqualTo(createPrincipalResult.getPrincipal().getId());
PolarisPrincipalSecrets newSecrets = newCreatePrincipalResult.getPrincipalSecrets();
Assertions.assertThat(newSecrets.getPrincipalId()).isEqualTo(secrets.getPrincipalId());
Assertions.assertThat(newSecrets.getPrincipalClientId())
.isEqualTo(secrets.getPrincipalClientId());
Assertions.assertThat(newSecrets.getMainSecretHash()).isEqualTo(secrets.getMainSecretHash());
Assertions.assertThat(newSecrets.getMainSecretHash()).isEqualTo(secrets.getMainSecretHash());
}
secrets =
polarisMetaStoreManager
.rotatePrincipalSecrets(
this.polarisCallContext,
clientId,
principalEntity.getId(),
false,
secrets.getMainSecretHash())
.getPrincipalSecrets();
Assertions.assertThat(secrets.getMainSecret()).isNotEqualTo(reloadSecrets.getMainSecret());
PolarisBaseEntity reloadPrincipal =
polarisMetaStoreManager
.loadEntity(
this.polarisCallContext,
0L,
createPrincipalResult.getPrincipal().getId(),
createPrincipalResult.getPrincipal().getType())
.getEntity();
internalProperties =
PolarisObjectMapperUtil.deserializeProperties(
this.polarisCallContext, reloadPrincipal.getInternalProperties());
Assertions.assertThat(
internalProperties.get(
PolarisEntityConstants.PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_STATE))
.isNull();
// rotate the secrets, twice!
polarisMetaStoreManager.rotatePrincipalSecrets(
this.polarisCallContext,
clientId,
principalEntity.getId(),
false,
secrets.getMainSecretHash());
polarisMetaStoreManager.rotatePrincipalSecrets(
this.polarisCallContext,
clientId,
principalEntity.getId(),
false,
secrets.getMainSecretHash());
// reload and check that now the main should be secondary
reloadSecrets =
polarisMetaStoreManager
.loadPrincipalSecrets(this.polarisCallContext, clientId)
.getPrincipalSecrets();
Assertions.assertThat(reloadSecrets).isNotNull();
Assertions.assertThat(reloadSecrets.getPrincipalId()).isEqualTo(secrets.getPrincipalId());
Assertions.assertThat(reloadSecrets.getPrincipalClientId())
.isEqualTo(secrets.getPrincipalClientId());
Assertions.assertThat(reloadSecrets.getSecondarySecretHash())
.isEqualTo(secrets.getMainSecretHash());
String newMainSecretHash = reloadSecrets.getMainSecretHash();
// reset - the previous main secret is no longer one of the secrets
polarisMetaStoreManager.rotatePrincipalSecrets(
this.polarisCallContext,
clientId,
principalEntity.getId(),
true,
reloadSecrets.getMainSecretHash());
reloadSecrets =
polarisMetaStoreManager
.loadPrincipalSecrets(this.polarisCallContext, clientId)
.getPrincipalSecrets();
Assertions.assertThat(reloadSecrets).isNotNull();
Assertions.assertThat(reloadSecrets.getPrincipalId()).isEqualTo(secrets.getPrincipalId());
Assertions.assertThat(reloadSecrets.getPrincipalClientId())
.isEqualTo(secrets.getPrincipalClientId());
Assertions.assertThat(reloadSecrets.getMainSecretHash()).isNotEqualTo(newMainSecretHash);
Assertions.assertThat(reloadSecrets.getSecondarySecretHash()).isNotEqualTo(newMainSecretHash);
PolarisBaseEntity newPrincipal =
polarisMetaStoreManager
.loadEntity(
this.polarisCallContext, 0L, principalEntity.getId(), principalEntity.getType())
.getEntity();
internalProperties =
PolarisObjectMapperUtil.deserializeProperties(
this.polarisCallContext, newPrincipal.getInternalProperties());
Assertions.assertThat(
internalProperties.get(
PolarisEntityConstants.PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_STATE))
.isNotNull();
// reset again. we should get new secrets and the CREDENTIAL_ROTATION_REQUIRED flag should be
// gone
polarisMetaStoreManager.rotatePrincipalSecrets(
this.polarisCallContext,
clientId,
principalEntity.getId(),
true,
reloadSecrets.getMainSecretHash());
PolarisPrincipalSecrets postResetCredentials =
polarisMetaStoreManager
.loadPrincipalSecrets(this.polarisCallContext, clientId)
.getPrincipalSecrets();
Assertions.assertThat(reloadSecrets).isNotNull();
Assertions.assertThat(postResetCredentials.getPrincipalId())
.isEqualTo(reloadSecrets.getPrincipalId());
Assertions.assertThat(postResetCredentials.getPrincipalClientId())
.isEqualTo(reloadSecrets.getPrincipalClientId());
Assertions.assertThat(postResetCredentials.getMainSecretHash())
.isNotEqualTo(reloadSecrets.getMainSecretHash());
Assertions.assertThat(postResetCredentials.getSecondarySecretHash())
.isNotEqualTo(reloadSecrets.getSecondarySecretHash());
PolarisBaseEntity finalPrincipal =
polarisMetaStoreManager
.loadEntity(
this.polarisCallContext, 0L, principalEntity.getId(), principalEntity.getType())
.getEntity();
internalProperties =
PolarisObjectMapperUtil.deserializeProperties(
this.polarisCallContext, finalPrincipal.getInternalProperties());
Assertions.assertThat(
internalProperties.get(
PolarisEntityConstants.PRINCIPAL_CREDENTIAL_ROTATION_REQUIRED_STATE))
.isNull();
// return it
return finalPrincipal;
}