dont print provided creds in BootstrapCommand

XN137 · XN137 · commit ebd63c7c5d13 · 2025-06-03T15:32:32.000+02:00
`bootstrapRealms` is called from `BootstrapCommand.call` and
`QuarkusProducers.maybeBootstrap`. The latter is already only printing
credentials that were not in the provided `RootCredentialsSet`.
we adjust `BootstrapCommand` to do the same.

the general idea is to only print credentials that were generated as
part of the bootstrap.
diff --git a/quarkus/admin/src/main/java/org/apache/polaris/admintool/BootstrapCommand.java b/quarkus/admin/src/main/java/org/apache/polaris/admintool/BootstrapCommand.java
@@ -90,45 +90,41 @@ public Integer call() {
                     || inputOptions.stdinOptions.credentials.isEmpty()
                 ? RootCredentialsSet.EMPTY
                 : RootCredentialsSet.fromList(inputOptions.stdinOptions.credentials);
-        if (inputOptions.stdinOptions.credentials == null
-            || inputOptions.stdinOptions.credentials.isEmpty()) {
-          if (!inputOptions.stdinOptions.printCredentials) {
-            spec.commandLine()
-                .getErr()
-                .println(
-                    "Specify either `--credentials` or `--print-credentials` to ensure"
-                        + " the root user is accessible after bootstrapping.");
-            return EXIT_CODE_BOOTSTRAP_ERROR;
-          }
+        if (rootCredentialsSet.credentials().isEmpty()
+            && !inputOptions.stdinOptions.printCredentials) {
+          spec.commandLine()
+              .getErr()
+              .println(
+                  "Specify either `--credentials` or `--print-credentials` to ensure"
+                      + " the root user is accessible after bootstrapping.");
+          return EXIT_CODE_BOOTSTRAP_ERROR;
         }
       }
 
-      // Execute the bootstrap
       Map<String, PrincipalSecretsResult> results =
           metaStoreManagerFactory.bootstrapRealms(realms, rootCredentialsSet);
 
-      // Log any errors:
       boolean success = true;
       for (Map.Entry<String, PrincipalSecretsResult> result : results.entrySet()) {
-        if (result.getValue().isSuccess()) {
-          String realm = result.getKey();
+        String realm = result.getKey();
+        PrincipalSecretsResult secretsResult = result.getValue();
+        if (secretsResult.isSuccess()) {
           spec.commandLine().getOut().printf("Realm '%s' successfully bootstrapped.%n", realm);
-          if (inputOptions.stdinOptions != null && inputOptions.stdinOptions.printCredentials) {
-            String msg =
-                String.format(
-                    "realm: %1s root principal credentials: %2s:%3s",
-                    result.getKey(),
-                    result.getValue().getPrincipalSecrets().getPrincipalClientId(),
-                    result.getValue().getPrincipalSecrets().getMainSecret());
-            spec.commandLine().getOut().println(msg);
+          if (inputOptions.stdinOptions != null
+              && inputOptions.stdinOptions.printCredentials
+              && !rootCredentialsSet.credentials().containsKey(realm)) {
+            spec.commandLine()
+                .getOut()
+                .printf(
+                    "realm: %s root principal credentials: %s:%s%n",
+                    realm,
+                    secretsResult.getPrincipalSecrets().getPrincipalClientId(),
+                    secretsResult.getPrincipalSecrets().getMainSecret());
           }
         } else {
-          String realm = result.getKey();
           spec.commandLine()
               .getErr()
-              .printf(
-                  "Bootstrapping '%s' failed: %s%n",
-                  realm, result.getValue().getReturnStatus().toString());
+              .printf("Bootstrapping '%s' failed: %s%n", realm, secretsResult.getReturnStatus());
           success = false;
         }
       }
diff --git a/quarkus/admin/src/test/java/org/apache/polaris/admintool/BootstrapCommandTestBase.java b/quarkus/admin/src/test/java/org/apache/polaris/admintool/BootstrapCommandTestBase.java
@@ -127,14 +127,16 @@ public void testBootstrapFromInvalidFile(QuarkusMainLauncher launcher) {
   @Test
   @Launch(
       value = {"bootstrap", "-r", "realm1", "-c", "realm1,client1d,s3cr3t", "--print-credentials"})
-  public void testPrintCredentials(LaunchResult result) {
+  public void testPrintCredentialsProvided(LaunchResult result) {
+    assertThat(result.exitCode()).isEqualTo(0);
     assertThat(result.getOutput()).contains("Bootstrap completed successfully.");
-    assertThat(result.getOutput()).contains("realm: realm1 root principal credentials: client1d:");
+    assertThat(result.getOutput()).doesNotContain("root principal credentials");
   }
 
   @Test
   @Launch(value = {"bootstrap", "-r", "realm1", "--print-credentials"})
   public void testPrintCredentialsSystemGenerated(LaunchResult result) {
+    assertThat(result.exitCode()).isEqualTo(0);
     assertThat(result.getOutput()).contains("Bootstrap completed successfully.");
     assertThat(result.getOutput()).contains("realm: realm1 root principal credentials: ");
   }
