diqiu50 opened a new pull request, #11149: URL: https://github.com/apache/gravitino/pull/11149
### What changes were proposed in this pull request? - Mark `jdbc-user` and `jdbc-password` as `hidden` in `JdbcCatalogPropertiesMetadata` - Override `propertiesWithCredentialProviders()` in `JdbcCatalog` to use raw entity properties so the credential manager can access hidden credentials - Override `JdbcCatalog.properties()` to support backfill via server config `gravitino.catalog.credential.backfillToProperties` for rolling upgrades - Add `applyJdbcCredential()` in `GravitinoJdbcCatalog` to fetch credentials via `SupportsCredentials.getCredentials()` and inject into Spark JDBC properties ### Why are the changes needed? JDBC credentials were returned in plaintext in catalog properties. This change hides them and delivers credentials via the credential vending API. Fix: #11148 ### Does this PR introduce _any_ user-facing change? `jdbc-user` and `jdbc-password` are no longer returned in catalog properties by default. Set `gravitino.catalog.credential.backfillToProperties=true` during rolling upgrades for backward compatibility. ### How was this patch tested? Unit tests added for `JdbcCatalog` and `GravitinoJdbcCatalog`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
