Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/23156 )
Change subject: IMPALA-14018: Configure OAUTH2 with Lakekeeper and fix Impala's config handling ...................................................................... IMPALA-14018: Configure OAUTH2 with Lakekeeper and fix Impala's config handling This patch adds Keycloak as Identity Provider for Lakekeeper, so now we can test Impala's Iceberg REST Catalog with an OAuth2 authentication (Client-Credential) flow. The Keycloak instance is pre-configured with a Lakekeeper realm that contain the necessary clients, users, scopes and roles. Manual testing also revealed that our Iceberg REST Catalog configuration is incomplete. This patch refactors config handling in a way that both Iceberg native configuration options and Trino-specific configuration options can be used with Impala. This will help users use their Trino connectors with Impala. By default Impala uses Iceberg 1.3 which assumes that the Iceberg REST server is also the authentication server. It is not always true, e.g. Lakekeeper cannot even function as the authententication server, but it can work with external authentication servers. Btw, this is why we needed Keycloak in the first place. It means if someone wants to try out Lakekeeper+Impala with Oauth2, they need to configure Impala with Iceberg 1.5. Testing * manual testing with Iceberg 1.5 Change-Id: Ie5785cb72773e188b1de7c7924cc6f0b1f96de33 (cherry picked from commit a9cb94986a5791be2adcb2f7c576272a9c22e79c) Reviewed-on: http://gerrit.cloudera.org:8080/23156 Reviewed-by: Impala Public Jenkins <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- M fe/src/main/java/org/apache/impala/catalog/iceberg/IcebergRESTCatalog.java A fe/src/main/java/org/apache/impala/catalog/iceberg/RESTCatalogProperties.java A fe/src/test/java/org/apache/impala/catalog/iceberg/TestRESTCatalogProperties.java R testdata/bin/kill-lakekeeper.sh A testdata/bin/minicluster_lakekeeper/Dockerfile M testdata/bin/minicluster_lakekeeper/README.md M testdata/bin/minicluster_lakekeeper/docker-compose.yaml A testdata/bin/minicluster_lakekeeper/realm-config.json A testdata/bin/minicluster_lakekeeper/setup.sh M testdata/bin/minicluster_trino/iceberg_lakekeeper.properties M testdata/bin/run-lakekeeper.sh 11 files changed, 820 insertions(+), 120 deletions(-) Approvals: Impala Public Jenkins: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/23156 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Ie5785cb72773e188b1de7c7924cc6f0b1f96de33 Gerrit-Change-Number: 23156 Gerrit-PatchSet: 8 Gerrit-Owner: Zoltan Borok-Nagy <[email protected]> Gerrit-Reviewer: Daniel Becker <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Mihaly Szjatinya <[email protected]> Gerrit-Reviewer: Peter Rozsa <[email protected]> Gerrit-Reviewer: Riza Suminto <[email protected]> Gerrit-Reviewer: Zoltan Borok-Nagy <[email protected]>
