[PR] [feat](auth) support querying authentication integrations from system table [doris]

Wed, 11 Mar 2026 23:13:25 -0700 


CalvinKirs opened a new pull request, #61246:
URL: https://github.com/apache/doris/pull/61246

   ### What problem does this PR solve?
   
     `AUTHENTICATION INTEGRATION` currently has no system-table query entry, so 
users cannot inspect existing integrations through SQL in a consistent way with 
other metadata objects.
   
     At the same time, upstream has already introduced unified audit metadata 
for `AuthenticationIntegrationMeta`, including:
     - `createUser`
     - `createTime`
     - `alterUser`
     - `modifyTime`
   
     But these fields are not exposed through a queryable metadata path yet.
   
     This PR adds a system table for querying authentication integrations and 
synchronizes the query result with the new audit metadata.
   
     ### What is changed
   
     - Add `information_schema.authentication_integrations`
     - Wire the schema table through FE/BE/Thrift
     - Expose the following columns:
       - `NAME`
       - `TYPE`
       - `PROPERTIES`
       - `COMMENT`
       - `CREATE_USER`
       - `CREATE_TIME`
       - `ALTER_USER`
       - `MODIFY_TIME`
     - Mask sensitive properties in query results
       - existing password/secret/token/keytab-style keys remain masked
       - keys with prefix `secret.` are also masked
     - Add FE unit tests and regression coverage for querying this system table
   
     ### Example
   
     ```sql
     SELECT *
     FROM information_schema.authentication_integrations;
   
     SELECT
         name,
         type,
         comment,
         create_user,
         create_time,
         alter_user,
         modify_time,
         properties
     FROM information_schema.authentication_integrations
     ORDER BY name;
   
     ### Why is this safe?
   
     - This change only adds metadata query capability
     - It does not change existing CREATE/ALTER/DROP AUTHENTICATION INTEGRATION 
semantics
     - Sensitive properties are masked only in display/query results, not 
modified in persisted metadata
   
     ### Test
   
     - FE unit test:
         - org.apache.doris.service.FrontendServiceImplTest
         - org.apache.doris.catalog.SchemaTableTest
     - Regression test:
         - 
regression-test/suites/auth_p0/test_authentication_integration_auth.groovy


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to