MonkeyCanCode opened a new pull request, #3929: URL: https://github.com/apache/polaris/pull/3929
<!-- ๐ Describe what changes you're proposing, especially breaking or user-facing changes. ๐ See https://github.com/apache/polaris/blob/main/CONTRIBUTING.md for more. --> ML: https://lists.apache.org/thread/opsr8dw9tsy0p3qskw2yst9gzcn3swyc This PR adds `setup` support for CLI to allow users to quickly bootstrap their polaris envs by creating various entities such as principal, principal role, catalog, catalog role, policy, etc. Users can also perform a export to dump the existed setup and use that to quickly bootstrap more environment. As discussed in ML above, the current implementation is not declarative. Current known limitations: 1. As it is not declarative, if an entities already existed, the setup command will skip the modification on that entity 2. Export policy attachments is not currently supported due to performance considerations 3. Testing to external catalog (this can be done but I will need to setup some resources such as HMS locally to be able to test it, the current code does supports this) Sample outputs: 1. Export from refresh setup: ``` โ polaris git:(client_setup_cli) โ ./polaris --profile dev setup export 2026-03-04 01:07:08,208 INFO --- Exporting Polaris Configuration --- 2026-03-04 01:07:08,208 WARNING Exporting policy attachments is not currently supported due to performance considerations. Attachments will be omitted from the exported configuration. principals: root: type: service roles: - service_admin principal_roles: - service_admin catalogs: [] 2026-03-04 01:07:08,298 INFO --- Finished Exporting Polaris Configuration --- ``` 2. Setup with sample config but on dry-run mode: ``` โ polaris git:(client_setup_cli) ./polaris --profile dev setup apply --dry-run site/content/guides/assets/polaris/simple-setup-config.yaml 2026-03-04 01:20:57,315 INFO === Starting Setup Dry-Run === 2026-03-04 01:20:57,317 INFO --- Processing principal roles --- 2026-03-04 01:20:57,323 INFO DRY-RUN: Would create principal role quickstart_user_role 2026-03-04 01:20:57,323 INFO --- Finished processing principal roles --- 2026-03-04 01:20:57,323 INFO --- Processing principals --- 2026-03-04 01:20:57,326 INFO DRY-RUN: Would create principal quickstart_user with details: roles: - quickstart_user_role 2026-03-04 01:20:57,326 INFO DRY-RUN: Would assign principal 'quickstart_user' to role 'quickstart_user_role' 2026-03-04 01:20:57,326 INFO --- Finished processing principals --- 2026-03-04 01:20:57,326 INFO --- Processing catalog: quickstart_catalog --- 2026-03-04 01:20:57,326 INFO --- Processing catalogs --- 2026-03-04 01:20:57,330 INFO DRY-RUN: Would create catalog quickstart_catalog with details: storage_type: file default_base_location: file:///var/tmp/quickstart_catalog/ allowed_locations: - file:///var/tmp/quickstart_catalog/ roles: quickstart_catalog_role: assign_to: - quickstart_user_role privileges: catalog: - CATALOG_MANAGE_CONTENT namespaces: - dev_namespace 2026-03-04 01:20:57,330 INFO --- Finished processing catalogs --- 2026-03-04 01:20:57,330 INFO --- Processing namespaces for catalog: quickstart_catalog --- 2026-03-04 01:20:57,334 INFO DRY-RUN: Would create namespace dev_namespace with details: catalog: quickstart_catalog 2026-03-04 01:20:57,334 INFO --- Finished processing namespaces for catalog: quickstart_catalog --- 2026-03-04 01:20:57,334 INFO --- Processing catalog roles for catalog: quickstart_catalog --- 2026-03-04 01:20:57,338 INFO DRY-RUN: Would create catalog role quickstart_catalog_role with details: catalog: quickstart_catalog 2026-03-04 01:20:57,338 INFO DRY-RUN: Would assign catalog role 'quickstart_catalog_role' to principal role 'quickstart_user_role' with details: catalog: quickstart_catalog 2026-03-04 01:20:57,338 INFO DRY-RUN: Would grant privilege 'CATALOG_MANAGE_CONTENT' on catalog 'quickstart_catalog' to role 'quickstart_catalog_role' 2026-03-04 01:20:57,338 INFO --- Finished processing catalog roles for catalog: quickstart_catalog --- 2026-03-04 01:20:57,338 INFO --- Processing policies for catalog: quickstart_catalog --- 2026-03-04 01:20:57,338 INFO --- Finished processing policies for catalog: quickstart_catalog --- 2026-03-04 01:20:57,338 INFO --- Finished processing catalog: quickstart_catalog --- 2026-03-04 01:20:57,338 INFO === Dry-Run Finished === ``` 3. Setup with sample config: ``` โ polaris git:(client_setup_cli) ./polaris --profile dev setup apply site/content/guides/assets/polaris/simple-setup-config.yaml 2026-03-04 01:21:56,825 INFO === Starting Setup Apply Process === 2026-03-04 01:21:56,827 INFO --- Processing principal roles --- 2026-03-04 01:21:56,888 INFO Creating principal role: quickstart_user_role 2026-03-04 01:21:56,915 INFO Principal role 'quickstart_user_role' created successfully. 2026-03-04 01:21:56,916 INFO --- Finished processing principal roles --- 2026-03-04 01:21:56,916 INFO --- Processing principals --- 2026-03-04 01:21:56,924 INFO Creating principal: quickstart_user {"clientId": "2542df8c078b16ac", "clientSecret": "cec2313e9a63bf19d82eda65db591021"} 2026-03-04 01:21:56,934 INFO Principal 'quickstart_user' created successfully. 2026-03-04 01:21:56,934 INFO Assigning principal 'quickstart_user' to role 'quickstart_user_role' 2026-03-04 01:21:56,944 INFO Assigned principal 'quickstart_user' to role 'quickstart_user_role' successfully. 2026-03-04 01:21:56,944 INFO --- Finished processing principals --- 2026-03-04 01:21:56,944 INFO --- Processing catalog: quickstart_catalog --- 2026-03-04 01:21:56,944 INFO --- Processing catalogs --- 2026-03-04 01:21:56,954 INFO Creating catalog: quickstart_catalog 2026-03-04 01:21:56,986 INFO Catalog 'quickstart_catalog' created successfully. 2026-03-04 01:21:56,986 INFO --- Finished processing catalogs --- 2026-03-04 01:21:56,986 INFO --- Processing namespaces for catalog: quickstart_catalog --- 2026-03-04 01:21:57,039 INFO Creating namespace: 'dev_namespace' in catalog: 'quickstart_catalog' 2026-03-04 01:21:57,059 INFO Namespace 'dev_namespace' created successfully in catalog 'quickstart_catalog'. 2026-03-04 01:21:57,059 INFO --- Finished processing namespaces for catalog: quickstart_catalog --- 2026-03-04 01:21:57,059 INFO --- Processing catalog roles for catalog: quickstart_catalog --- 2026-03-04 01:21:57,066 INFO Creating catalog role: quickstart_catalog_role in catalog: quickstart_catalog 2026-03-04 01:21:57,073 INFO Catalog role 'quickstart_catalog_role' created successfully in catalog 'quickstart_catalog'. 2026-03-04 01:21:57,073 INFO Assigning catalog role 'quickstart_catalog_role' to principal role 'quickstart_user_role' in catalog 'quickstart_catalog' 2026-03-04 01:21:57,079 INFO Assigned catalog role 'quickstart_catalog_role' to principal role 'quickstart_user_role' successfully. 2026-03-04 01:21:57,080 INFO Granting privilege 'CATALOG_MANAGE_CONTENT' on catalog 'quickstart_catalog' to role 'quickstart_catalog_role' 2026-03-04 01:21:57,094 INFO Successfully granted privilege 'CATALOG_MANAGE_CONTENT' on catalog 'quickstart_catalog' to role 'quickstart_catalog_role' 2026-03-04 01:21:57,094 INFO --- Finished processing catalog roles for catalog: quickstart_catalog --- 2026-03-04 01:21:57,094 INFO --- Processing policies for catalog: quickstart_catalog --- 2026-03-04 01:21:57,094 INFO --- Finished processing policies for catalog: quickstart_catalog --- 2026-03-04 01:21:57,094 INFO --- Finished processing catalog: quickstart_catalog --- 2026-03-04 01:21:57,094 INFO === Setup Apply Process Completed Successfully === ``` 4. Export ``` โ polaris git:(client_setup_cli) ./polaris --profile dev setup export 2026-03-04 01:23:20,574 INFO --- Exporting Polaris Configuration --- 2026-03-04 01:23:20,574 WARNING Exporting policy attachments is not currently supported due to performance considerations. Attachments will be omitted from the exported configuration. principals: quickstart_user: type: service roles: - quickstart_user_role root: type: service roles: - service_admin principal_roles: - quickstart_user_role - service_admin catalogs: - name: quickstart_catalog type: internal storage_type: file default_base_location: file:///var/tmp/quickstart_catalog/ allowed_locations: - file:///var/tmp/quickstart_catalog/ roles: catalog_admin: assign_to: - service_admin privileges: catalog: - CATALOG_MANAGE_ACCESS - CATALOG_MANAGE_METADATA quickstart_catalog_role: assign_to: - quickstart_user_role privileges: catalog: - CATALOG_MANAGE_CONTENT namespaces: - name: dev_namespace properties: location: file:///var/tmp/quickstart_catalog/dev_namespace/ 2026-03-04 01:23:20,657 INFO --- Finished Exporting Polaris Configuration --- ``` ## Checklist - [x] ๐ก๏ธ Don't disclose security issues! (contact [email protected]) - [x] ๐ Clearly explained why the changes are needed, or linked related issues: Fixes # - [x] ๐งช Added/updated tests with good coverage, or manually tested (and explained how) - [x] ๐ก Added comments for complex logic - [x] ๐งพ Updated `CHANGELOG.md` (if needed) - [x] ๐ Updated documentation in `site/content/in-dev/unreleased` (if needed) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
