public void maybeBootstrap()

in quarkus/service/src/main/java/org/apache/polaris/service/quarkus/config/QuarkusProducers.java [185:253]

• 62 lines of code
• 5 McCabe index (conditional complexity)

  public void maybeBootstrap(
      @Observes Startup event,
      MetaStoreManagerFactory factory,
      QuarkusPersistenceConfiguration config,
      RealmContextConfiguration realmContextConfiguration) {
    var rootCredentialsSet = RootCredentialsSet.fromEnvironment();
    var rootCredentials = rootCredentialsSet.credentials();
    if (config.isAutoBootstrap()) {
      var realmIds = realmContextConfiguration.realms();

      LOGGER.info(
          "Bootstrapping realm(s) {}, if necessary, from root credentials set provided via the environment variable {} or Java system property {} ...",
          realmIds.stream().map(r -> "'" + r + "'").collect(Collectors.joining(", ")),
          RootCredentialsSet.ENVIRONMENT_VARIABLE,
          RootCredentialsSet.SYSTEM_PROPERTY);

      var result = factory.bootstrapRealms(realmIds, rootCredentialsSet);

      result.forEach(
          (realm, secrets) -> {
            var principalSecrets = secrets.getPrincipalSecrets();

            var log =
                LOGGER
                    .atInfo()
                    .addArgument(realm)
                    .addArgument(RootCredentialsSet.ENVIRONMENT_VARIABLE)
                    .addArgument(RootCredentialsSet.SYSTEM_PROPERTY);
            if (rootCredentials.containsKey(realm)) {
              log.log(
                  "Realm '{}' automatically bootstrapped, credentials taken from root credentials set provided via the environment variable {} or Java system property {}, not printed to stdout.");
            } else {
              log.log(
                  "Realm '{}' automatically bootstrapped, credentials were not present in root credentials set provided via the environment variable {} or Java system property {}, see separate message printed to stdout.");
              String msg =
                  String.format(
                      "realm: %1s root principal credentials: %2s:%3s",
                      realm,
                      principalSecrets.getPrincipalClientId(),
                      principalSecrets.getMainSecret());
              System.out.println(msg);
            }
          });

      var unusedRealmSecrets =
          realmIds.stream()
              .filter(rootCredentials::containsKey)
              .filter(r -> !result.containsKey(r))
              .map(r -> "'" + r + "'")
              .collect(Collectors.joining(", "));
      if (!unusedRealmSecrets.isEmpty()) {
        // This is intentionally an error to highlight the importance of the situation.
        LOGGER.error(
            "The realms {} are already fully bootstrapped but the secrets are still available via the environment variable {} or Java system property {}. "
                + "Remove this security sensitive information from the environment / Java system properties!",
            unusedRealmSecrets,
            RootCredentialsSet.ENVIRONMENT_VARIABLE,
            RootCredentialsSet.SYSTEM_PROPERTY);
      }
    } else if (!rootCredentials.isEmpty()) {
      // This is intentionally an error to highlight the importance of the situation.
      LOGGER.error(
          "Secrets for the realms {} are available via the environment variable {} or Java system property {}. "
              + "Remove this security sensitive information from the environment / Java system properties!",
          rootCredentials.keySet(),
          RootCredentialsSet.ENVIRONMENT_VARIABLE,
          RootCredentialsSet.SYSTEM_PROPERTY);
    }
  }