mirror of
https://github.com/apache/impala.git
synced 2025-12-19 18:12:08 -05:00
062ba4071a
This patch adds Keycloak as Identity Provider for Lakekeeper, so now we can test Impala's Iceberg REST Catalog with an OAuth2 authentication (Client-Credential) flow. The Keycloak instance is pre-configured with a Lakekeeper realm that contain the necessary clients, users, scopes and roles. Manual testing also revealed that our Iceberg REST Catalog configuration is incomplete. This patch refactors config handling in a way that both Iceberg native configuration options and Trino-specific configuration options can be used with Impala. This will help users use their Trino connectors with Impala. By default Impala uses Iceberg 1.3 which assumes that the Iceberg REST server is also the authentication server. It is not always true, e.g. Lakekeeper cannot even function as the authententication server, but it can work with external authentication servers. Btw, this is why we needed Keycloak in the first place. It means if someone wants to try out Lakekeeper+Impala with Oauth2, they need to configure Impala with Iceberg 1.5. Testing * manual testing with Iceberg 1.5 Change-Id: Ie5785cb72773e188b1de7c7924cc6f0b1f96de33 (cherry picked from commit a9cb94986a5791be2adcb2f7c576272a9c22e79c) Reviewed-on: http://gerrit.cloudera.org:8080/23156 Reviewed-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>