[refactor](credential) Refactor vended credentials system with unified architecture

[zy-kkk]

What problem does this PR solve?

related: #56004

Overview:

This PR refactors the vended credentials system by introducing a unified architecture to support multiple data sources (Iceberg, Paimon) with better abstraction and
extensibility.

Key Changes:

New Architecture:

• AbstractVendedCredentialsProvider: Abstract base class providing unified credential handling workflow
• VendedCredentialsFactory: Factory pattern for creating appropriate credential providers
• CredentialUtils: Utility class for cloud storage property filtering and backend property extraction

Removed Components:

• CredentialExtractor interface and its implementations (IcebergS3CredentialExtractor, PaimonOssCredentialExtractor)
• Scattered credential handling logic across different modules

Enhanced Features:

• Cloud storage property filtering with support for s3, oss, cos, obs, gs, azure prefixes
• Unified use StorageProperties.createAll() integration for consistent format conversion
• Improved error handling and graceful degradation
• Thread-safe singleton pattern for credential providers

Updated Components:

• IcebergVendedCredentialsProvider: Now extends AbstractVendedCredentialsProvider
• PaimonVendedCredentialsProvider: Now extends AbstractVendedCredentialsProvider
• IcebergScanNode、IcebergTableSink、PaimonScanNode: Updated to use unified credential system

Benefits:

• Simplified credential management across data sources
• Better code maintainability and extensibility
• Consistent behavior and error handling
• Reduced code duplication

Test:

• Iceberg(Polaris):

Doris > CREATE CATALOG `polaris_vended_test` PROPERTIES (
    -> "warehouse" = "doris_test",
    -> "type" = "iceberg",
    -> "iceberg.rest.vended-credentials-enabled" = "true",
    -> "iceberg.rest.uri" = "http://127.0.0.1:20181/api/catalog",
    -> "iceberg.rest.security.type" = "oauth2",
    -> "iceberg.rest.oauth2.server-uri" = "http://127.0.0.1:20181/api/catalog/v1/oauth/tokens",
    -> "iceberg.rest.oauth2.scope" = "PRINCIPAL_ROLE:ALL",
    -> "iceberg.rest.oauth2.credential" = "root:secret123",
    -> "iceberg.catalog.type" = "rest"
    -> );
Query OK, 0 rows affected (0.05 sec)

Doris > use polaris_vended_test.test;
Database changed
Doris > select * from test;
+------+------+
| id   | name |
+------+------+
|    1 | a    |
|    2 | b    |
+------+------+
2 rows in set (0.92 sec)

• Glue Rest S3Table

Doris > CREATE CATALOG glue_s3_vended PROPERTIES (
    ->     'type' = 'iceberg',
    ->     'warehouse' = '<account_id>:s3tablescatalog/s3-table-bucket-hk-glue-test',
    ->     'iceberg.catalog.type' = 'rest',
    ->     'iceberg.rest.uri' = 'https://glue.ap-east-1.amazonaws.com/iceberg',
    ->     'iceberg.rest.sigv4-enabled' = 'true',
    ->     'iceberg.rest.signing-name' = 'glue',
    ->     'iceberg.rest.access-key-id' = 'ak',
    ->     'iceberg.rest.secret-access-key' = 'sk',
    ->     'iceberg.rest.signing-region' = 'ap-east-1',
    ->     "iceberg.rest.vended-credentials-enabled" = "true"
    -> );
Query OK, 0 rows affected (0.07 sec)

Doris > use glue_s3_vended.athena_ns;
Database changed
Doris > select * from test;
+------+------+
| id   | name |
+------+------+
|    1 | a    |
+------+------+
1 row in set (0.20 sec)

• Paimon:

Doris > CREATE CATALOG paimon_dlf_test PROPERTIES (
    ->     'type' = 'paimon',
    ->     'paimon.catalog.type' = 'rest',
    ->     'uri' = 'http://cn-beijing-vpc.dlf.aliyuncs.com',
    ->     'warehouse' = 'xxx',
    ->     'paimon.rest.token.provider' = 'dlf',
    ->     'paimon.rest.dlf.access-key-id' = 'xxx,
    ->     'paimon.rest.dlf.access-key-secret' = 'xxx'
    -> );
Query OK, 0 rows affected (0.02 sec)

Doris > use paimon_dlf_test.new_dlf_paimon_db;
Database changed
Doris > select * from users_samples;
+---------+-----------+-------------------+------+
| user_id | age_level | final_gender_code | clk  |
+---------+-----------+-------------------+------+
|       1 | 25-34     | M                 |    1 |
|       5 | 25-34     | M                 |    1 |
|       3 | 25-34     | M                 |    1 |
|       2 | 18-24     | F                 |    0 |
|       4 | 18-24     | F                 |    0 |
|       6 | 18-24     | F                 |    0 |
+---------+-----------+-------------------+------+
6 rows in set (0.90 sec)

Release note

None

Check List (For Author)

• Test

  • Regression test
  • Unit Test
  • Manual test (add detailed scripts or steps below)
  • No need to test or manual test. Explain why:
    • This is a refactor/code format and no logic has been changed.
    • Previous test can cover this change.
    • No code files have been changed.
    • Other reason

• Behavior changed:

  • No.
  • Yes.

• Does this need documentation?

  • No.
  • Yes.

Check List (For Reviewer who merge this PR)

• Confirm the release note
• Confirm test cases
• Confirm document
• Add branch pick label

[hello-stephen]

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
3. What features were added. Why was this function added?
4. Which code was refactored and why was this part of the code refactored?
5. Which functions were optimized and what is the difference before and after the optimization?

[Copilot]

Pull Request Overview

This PR refactors the vended credentials system with a unified architecture to support multiple data sources (Iceberg, Paimon) through better abstraction and extensibility.

• Introduces abstract base class AbstractVendedCredentialsProvider with unified credential handling workflow
• Adds VendedCredentialsFactory using factory pattern for creating appropriate credential providers
• Replaces scattered credential handling logic with CredentialUtils for consistent property filtering and backend property extraction
• Updates existing providers to extend the abstract base and removes the old CredentialExtractor interface system

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
PaimonVendedCredentialsProviderTest.java	Updates tests to work with new unified provider architecture and test methods
IcebergVendedCredentialsProviderTest.java	Updates tests for new provider pattern and removes old extractor tests
IcebergTableSink.java	Updates to use VendedCredentialsFactory and store properties map for consistency
S3Properties.java	Adds new property name mappings for credential keys to support vended credentials
PaimonScanNode.java	Updates to use factory pattern and CredentialUtils for backend properties
PaimonVendedCredentialsProvider.java	Refactored to extend AbstractVendedCredentialsProvider
PaimonOssCredentialExtractor.java	Removed as part of old extractor interface elimination
IcebergScanNode.java	Updates to use factory pattern and CredentialUtils for backend properties
IcebergVendedCredentialsProvider.java	Refactored to extend AbstractVendedCredentialsProvider
IcebergS3CredentialExtractor.java	Removed as part of old extractor interface elimination
VendedCredentialsFactory.java	New factory class for creating appropriate credential providers
CredentialUtils.java	New utility class for cloud storage property filtering and backend property extraction
CredentialExtractor.java	Removed interface as part of architecture refactoring
AbstractVendedCredentialsProvider.java	New abstract base class providing unified credential handling workflow

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[zy-kkk]

run buildall

[doris-robot]

TPC-H: Total hot run time: 34828 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit aca11487e10ab4f6b55f9cab0859886591d92a84, data reload: false

------ Round 1 ----------------------------------
q1	17634	5226	5075	5075
q2	2029	317	215	215
q3	10254	1304	766	766
q4	10223	1028	532	532
q5	7538	2558	2360	2360
q6	190	167	136	136
q7	965	770	640	640
q8	9343	1348	1169	1169
q9	6871	5072	5140	5072
q10	6990	2381	1989	1989
q11	491	312	280	280
q12	365	368	225	225
q13	17785	3661	3049	3049
q14	251	243	223	223
q15	570	495	492	492
q16	1022	1017	954	954
q17	616	873	372	372
q18	7379	7220	7140	7140
q19	1270	949	583	583
q20	343	343	232	232
q21	3950	3192	2352	2352
q22	1069	1041	972	972
Total cold run time: 107148 ms
Total hot run time: 34828 ms

----- Round 2, with runtime_filter_mode=off -----
q1	5203	5120	5363	5120
q2	246	327	227	227
q3	2188	2668	2316	2316
q4	1323	1792	1432	1432
q5	4252	4549	4638	4549
q6	228	178	141	141
q7	2061	2050	1875	1875
q8	2641	2659	2581	2581
q9	7346	7367	7222	7222
q10	3232	3282	2900	2900
q11	573	508	514	508
q12	722	772	613	613
q13	3616	3823	3425	3425
q14	316	311	280	280
q15	525	497	494	494
q16	1074	1129	1063	1063
q17	1278	1632	1371	1371
q18	7949	7587	7290	7290
q19	840	861	968	861
q20	1891	1962	1812	1812
q21	4868	4381	4293	4293
q22	1081	1051	987	987
Total cold run time: 53453 ms
Total hot run time: 51360 ms

[doris-robot]

TPC-DS: Total hot run time: 189716 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit aca11487e10ab4f6b55f9cab0859886591d92a84, data reload: false

query1	1059	429	463	429
query2	6578	1678	1682	1678
query3	6752	226	232	226
query4	26298	23730	22975	22975
query5	4398	647	506	506
query6	350	264	232	232
query7	4656	522	309	309
query8	320	271	259	259
query9	8663	2954	2932	2932
query10	486	360	306	306
query11	16094	15672	15047	15047
query12	180	123	119	119
query13	1680	566	427	427
query14	11731	9174	9174	9174
query15	208	187	183	183
query16	7673	644	508	508
query17	1308	757	640	640
query18	2049	443	344	344
query19	201	200	168	168
query20	132	125	134	125
query21	214	130	113	113
query22	4066	4154	3976	3976
query23	33722	32987	33028	32987
query24	8194	2395	2458	2395
query25	629	565	491	491
query26	1236	284	176	176
query27	2737	519	366	366
query28	4401	2314	2248	2248
query29	834	650	530	530
query30	294	233	201	201
query31	955	842	740	740
query32	91	83	84	83
query33	581	402	353	353
query34	804	876	546	546
query35	841	829	751	751
query36	963	996	931	931
query37	128	120	139	120
query38	3480	3500	3516	3500
query39	1490	1425	1451	1425
query40	225	134	133	133
query41	68	62	62	62
query42	140	119	129	119
query43	507	501	454	454
query44	1357	881	865	865
query45	183	186	169	169
query46	865	1024	646	646
query47	1779	1828	1759	1759
query48	422	447	340	340
query49	773	534	412	412
query50	670	699	413	413
query51	3937	3996	3925	3925
query52	119	119	113	113
query53	247	276	206	206
query54	633	621	544	544
query55	98	93	87	87
query56	356	342	320	320
query57	1209	1219	1139	1139
query58	296	281	285	281
query59	2691	2715	2649	2649
query60	370	360	347	347
query61	166	190	163	163
query62	829	743	656	656
query63	239	203	202	202
query64	4476	1140	835	835
query65	4079	4009	3961	3961
query66	1105	441	338	338
query67	15643	15248	15259	15248
query68	8207	949	586	586
query69	487	340	313	313
query70	1353	1288	1328	1288
query71	593	358	330	330
query72	5850	5044	5051	5044
query73	685	626	362	362
query74	9017	9027	8756	8756
query75	3926	3272	2940	2940
query76	3498	1189	766	766
query77	818	410	345	345
query78	9700	9849	8887	8887
query79	2066	852	599	599
query80	703	586	562	562
query81	520	268	222	222
query82	234	169	135	135
query83	259	254	261	254
query84	267	104	98	98
query85	864	469	422	422
query86	394	341	312	312
query87	3775	3747	3632	3632
query88	2867	2250	2286	2250
query89	393	350	302	302
query90	1882	233	230	230
query91	163	171	138	138
query92	81	78	74	74
query93	1348	1033	646	646
query94	652	427	338	338
query95	420	341	335	335
query96	488	604	280	280
query97	2970	2978	2843	2843
query98	242	210	218	210
query99	1332	1418	1312	1312
Total cold run time: 276012 ms
Total hot run time: 189716 ms

[doris-robot]

ClickBench: Total hot run time: 30.33 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit aca11487e10ab4f6b55f9cab0859886591d92a84, data reload: false

query1	0.05	0.05	0.05
query2	0.09	0.05	0.06
query3	0.25	0.08	0.09
query4	1.61	0.13	0.12
query5	0.29	0.26	0.25
query6	1.20	0.66	0.64
query7	0.04	0.03	0.03
query8	0.05	0.05	0.04
query9	0.63	0.53	0.52
query10	0.59	0.57	0.60
query11	0.16	0.12	0.11
query12	0.16	0.12	0.12
query13	0.63	0.62	0.62
query14	1.05	1.04	1.02
query15	0.88	0.86	0.87
query16	0.41	0.41	0.39
query17	1.04	1.05	1.03
query18	0.23	0.20	0.20
query19	1.91	1.80	1.85
query20	0.01	0.02	0.01
query21	15.39	0.94	0.60
query22	0.80	1.18	0.77
query23	14.80	1.41	0.70
query24	6.66	1.44	1.08
query25	0.52	0.21	0.14
query26	0.69	0.19	0.13
query27	0.06	0.05	0.06
query28	9.28	0.94	0.42
query29	12.55	3.91	3.22
query30	0.28	0.14	0.11
query31	2.84	0.58	0.39
query32	3.24	0.56	0.48
query33	3.21	3.05	3.03
query34	16.04	5.46	4.91
query35	4.91	4.92	4.89
query36	0.69	0.53	0.52
query37	0.10	0.07	0.08
query38	0.06	0.05	0.05
query39	0.04	0.03	0.03
query40	0.19	0.15	0.14
query41	0.09	0.03	0.03
query42	0.04	0.03	0.03
query43	0.04	0.04	0.03
Total cold run time: 103.8 s
Total hot run time: 30.33 s

[hello-stephen]

FE UT Coverage Report

Increment line coverage 61.32% (65/106) 🎉
Increment coverage report
Complete coverage report

[github-actions]

PR approved by at least one committer and no changes requested.

[github-actions]

PR approved by anyone and no changes requested.

[morningman]

run buildall

[github-actions]

PR approved by at least one committer and no changes requested.

[doris-robot]

TPC-H: Total hot run time: 34608 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 998304178218f2d32b6dfd206cca9042612cca23, data reload: false

------ Round 1 ----------------------------------
q1	17613	5193	5064	5064
q2	2008	314	206	206
q3	10279	1274	710	710
q4	10227	1018	531	531
q5	7552	2417	2323	2323
q6	180	167	134	134
q7	939	758	666	666
q8	9354	1332	1125	1125
q9	6894	5189	5166	5166
q10	6948	2395	1971	1971
q11	495	312	282	282
q12	351	379	237	237
q13	17775	3649	3034	3034
q14	244	241	230	230
q15	574	486	505	486
q16	1024	995	966	966
q17	598	864	343	343
q18	7589	7077	7046	7046
q19	1435	951	543	543
q20	340	351	226	226
q21	3771	3188	2341	2341
q22	1083	1015	978	978
Total cold run time: 107273 ms
Total hot run time: 34608 ms

----- Round 2, with runtime_filter_mode=off -----
q1	5211	5112	5090	5090
q2	252	329	228	228
q3	2157	2679	2292	2292
q4	1352	1766	1339	1339
q5	4183	4524	4538	4524
q6	224	181	135	135
q7	2005	2031	1938	1938
q8	2681	2515	2490	2490
q9	7509	7418	7328	7328
q10	3148	3265	2856	2856
q11	592	538	516	516
q12	738	803	641	641
q13	3662	3901	3234	3234
q14	296	318	312	312
q15	542	486	498	486
q16	1084	1103	1068	1068
q17	1181	1566	1381	1381
q18	7922	8000	7580	7580
q19	788	802	824	802
q20	1992	1929	1826	1826
q21	4708	4383	4260	4260
q22	1084	1044	1034	1034
Total cold run time: 53311 ms
Total hot run time: 51360 ms

[doris-robot]

TPC-DS: Total hot run time: 188947 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 998304178218f2d32b6dfd206cca9042612cca23, data reload: false

query1	1068	454	403	403
query2	6578	1714	1735	1714
query3	6760	225	224	224
query4	26237	23423	22966	22966
query5	4458	641	539	539
query6	350	235	218	218
query7	4646	510	300	300
query8	293	270	254	254
query9	8635	2909	2903	2903
query10	507	359	290	290
query11	15484	14948	14741	14741
query12	169	120	118	118
query13	1668	554	443	443
query14	10316	9228	9187	9187
query15	205	216	177	177
query16	7350	652	490	490
query17	1218	734	630	630
query18	2018	441	331	331
query19	206	195	179	179
query20	129	124	127	124
query21	217	132	121	121
query22	4106	4271	4142	4142
query23	33947	33029	32911	32911
query24	8194	2382	2402	2382
query25	625	565	487	487
query26	1241	288	175	175
query27	2710	525	363	363
query28	4418	2261	2234	2234
query29	857	650	530	530
query30	301	238	197	197
query31	898	812	734	734
query32	91	88	94	88
query33	581	406	361	361
query34	799	865	552	552
query35	843	866	787	787
query36	950	1033	923	923
query37	133	116	102	102
query38	3495	3546	3619	3546
query39	1483	1446	1452	1446
query40	220	140	127	127
query41	68	61	62	61
query42	134	125	126	125
query43	517	509	463	463
query44	1345	880	877	877
query45	184	175	173	173
query46	845	1019	657	657
query47	1773	1824	1732	1732
query48	386	427	328	328
query49	751	510	423	423
query50	642	698	402	402
query51	4013	3891	3913	3891
query52	118	117	111	111
query53	247	273	199	199
query54	617	599	544	544
query55	99	87	91	87
query56	340	339	326	326
query57	1176	1222	1166	1166
query58	293	280	277	277
query59	2602	2741	2563	2563
query60	359	352	348	348
query61	163	151	162	151
query62	821	726	675	675
query63	235	194	195	194
query64	4542	1151	835	835
query65	4059	4009	3966	3966
query66	1169	437	361	361
query67	15298	15370	15013	15013
query68	9255	949	578	578
query69	502	330	304	304
query70	1408	1293	1236	1236
query71	561	352	324	324
query72	5893	4953	5034	4953
query73	742	601	361	361
query74	8940	9126	8824	8824
query75	4398	3249	2766	2766
query76	3680	1157	746	746
query77	833	408	339	339
query78	9614	9843	8936	8936
query79	2175	819	598	598
query80	685	581	539	539
query81	474	257	232	232
query82	461	170	137	137
query83	292	271	251	251
query84	296	120	103	103
query85	875	461	431	431
query86	349	340	327	327
query87	3734	3712	3639	3639
query88	2836	2224	2270	2224
query89	411	340	299	299
query90	1912	227	227	227
query91	161	166	131	131
query92	89	79	73	73
query93	1164	984	662	662
query94	702	416	329	329
query95	407	341	326	326
query96	481	597	284	284
query97	2944	2987	2866	2866
query98	246	224	213	213
query99	1444	1412	1302	1302
Total cold run time: 275164 ms
Total hot run time: 188947 ms

[doris-robot]

ClickBench: Total hot run time: 30.04 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit 998304178218f2d32b6dfd206cca9042612cca23, data reload: false

query1	0.05	0.05	0.05
query2	0.10	0.06	0.06
query3	0.26	0.08	0.08
query4	1.61	0.12	0.11
query5	0.28	0.27	0.25
query6	1.17	0.66	0.63
query7	0.03	0.03	0.03
query8	0.06	0.05	0.05
query9	0.62	0.52	0.53
query10	0.59	0.58	0.58
query11	0.16	0.11	0.12
query12	0.15	0.12	0.12
query13	0.63	0.63	0.63
query14	1.04	1.03	1.04
query15	0.85	0.86	0.86
query16	0.41	0.39	0.39
query17	1.04	1.03	1.01
query18	0.22	0.23	0.20
query19	1.92	1.86	1.83
query20	0.02	0.01	0.02
query21	15.40	0.92	0.57
query22	0.76	1.23	0.70
query23	14.88	1.37	0.62
query24	6.66	0.86	1.34
query25	0.51	0.17	0.14
query26	0.59	0.16	0.14
query27	0.07	0.05	0.05
query28	10.27	0.93	0.43
query29	12.64	3.96	3.29
query30	0.29	0.13	0.11
query31	2.84	0.60	0.38
query32	3.24	0.55	0.49
query33	3.12	3.08	3.16
query34	16.04	5.45	4.84
query35	4.94	4.95	4.92
query36	0.73	0.52	0.49
query37	0.11	0.08	0.07
query38	0.07	0.05	0.04
query39	0.03	0.03	0.03
query40	0.18	0.14	0.14
query41	0.09	0.03	0.03
query42	0.04	0.04	0.03
query43	0.04	0.04	0.04
Total cold run time: 104.75 s
Total hot run time: 30.04 s

[hello-stephen]

FE Regression Coverage Report

Increment line coverage 61.32% (65/106) 🎉
Increment coverage report
Complete coverage report