branch-3.1: [refactor](credential) Refactor vended credentials system with unified architecture #55912

zy-kkk · 2025-09-11T07:19:52Z

…d architecture (apache#55760) This PR refactors the vended credentials system by introducing a unified architecture to support multiple data sources (Iceberg, Paimon) with better abstraction and extensibility. - **`AbstractVendedCredentialsProvider`**: Abstract base class providing unified credential handling workflow - **`VendedCredentialsFactory`**: Factory pattern for creating appropriate credential providers - **`CredentialUtils`**: Utility class for cloud storage property filtering and backend property extraction - `CredentialExtractor` interface and its implementations (`IcebergS3CredentialExtractor`, `PaimonOssCredentialExtractor`) - Scattered credential handling logic across different modules - Cloud storage property filtering with support for s3, oss, cos, obs, gs, azure prefixes - Unified use` StorageProperties.createAll()` integration for consistent format conversion - Improved error handling and graceful degradation - Thread-safe singleton pattern for credential providers ##### Updated Components: - `IcebergVendedCredentialsProvider`: Now extends AbstractVendedCredentialsProvider - `PaimonVendedCredentialsProvider`: Now extends AbstractVendedCredentialsProvider - `IcebergScanNode`、`IcebergTableSink`、`PaimonScanNode`: Updated to use unified credential system - Simplified credential management across data sources - Better code maintainability and extensibility - Consistent behavior and error handling - Reduced code duplication - Iceberg(Polaris): ``` Doris > CREATE CATALOG `polaris_vended_test` PROPERTIES ( -> "warehouse" = "doris_test", -> "type" = "iceberg", -> "iceberg.rest.vended-credentials-enabled" = "true", -> "iceberg.rest.uri" = "http://127.0.0.1:20181/api/catalog", -> "iceberg.rest.security.type" = "oauth2", -> "iceberg.rest.oauth2.server-uri" = "http://127.0.0.1:20181/api/catalog/v1/oauth/tokens", -> "iceberg.rest.oauth2.scope" = "PRINCIPAL_ROLE:ALL", -> "iceberg.rest.oauth2.credential" = "root:secret123", -> "iceberg.catalog.type" = "rest" -> ); Query OK, 0 rows affected (0.05 sec) Doris > use polaris_vended_test.test; Database changed Doris > select * from test; +------+------+ | id | name | +------+------+ | 1 | a | | 2 | b | +------+------+ 2 rows in set (0.92 sec) ``` - Glue Rest S3Table ``` Doris > CREATE CATALOG glue_s3_vended PROPERTIES ( -> 'type' = 'iceberg', -> 'warehouse' = '<account_id>:s3tablescatalog/s3-table-bucket-hk-glue-test', -> 'iceberg.catalog.type' = 'rest', -> 'iceberg.rest.uri' = 'https://glue.ap-east-1.amazonaws.com/iceberg', -> 'iceberg.rest.sigv4-enabled' = 'true', -> 'iceberg.rest.signing-name' = 'glue', -> 'iceberg.rest.access-key-id' = 'ak', -> 'iceberg.rest.secret-access-key' = 'sk', -> 'iceberg.rest.signing-region' = 'ap-east-1', -> "iceberg.rest.vended-credentials-enabled" = "true" -> ); Query OK, 0 rows affected (0.07 sec) Doris > use glue_s3_vended.athena_ns; Database changed Doris > select * from test; +------+------+ | id | name | +------+------+ | 1 | a | +------+------+ 1 row in set (0.20 sec) ``` - Paimon: ``` Doris > CREATE CATALOG paimon_dlf_test PROPERTIES ( -> 'type' = 'paimon', -> 'paimon.catalog.type' = 'rest', -> 'uri' = 'http://cn-beijing-vpc.dlf.aliyuncs.com', -> 'warehouse' = 'xxx', -> 'paimon.rest.token.provider' = 'dlf', -> 'paimon.rest.dlf.access-key-id' = 'xxx, -> 'paimon.rest.dlf.access-key-secret' = 'xxx' -> ); Query OK, 0 rows affected (0.02 sec) Doris > use paimon_dlf_test.new_dlf_paimon_db; Database changed Doris > select * from users_samples; +---------+-----------+-------------------+------+ | user_id | age_level | final_gender_code | clk | +---------+-----------+-------------------+------+ | 1 | 25-34 | M | 1 | | 5 | 25-34 | M | 1 | | 3 | 25-34 | M | 1 | | 2 | 18-24 | F | 0 | | 4 | 18-24 | F | 0 | | 6 | 18-24 | F | 0 | +---------+-----------+-------------------+------+ 6 rows in set (0.90 sec) ```

Thearas · 2025-09-11T07:19:57Z

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

What problem was fixed (it's best to include specific error reporting information). How it was fixed.
Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
What features were added. Why was this function added?
Which code was refactored and why was this part of the code refactored?
Which functions were optimized and what is the difference before and after the optimization?

zy-kkk · 2025-09-11T07:20:00Z

run buildall

doris-robot · 2025-09-11T07:43:12Z

TPC-H: Total hot run time: 32743 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 9097df3594413df91fb44097435a55e3d6b71341, data reload: false

------ Round 1 ----------------------------------
q1	17592	5598	5447	5447
q2	2029	408	279	279
q3	12531	1243	727	727
q4	10547	879	454	454
q5	9687	2403	2139	2139
q6	201	162	131	131
q7	910	739	598	598
q8	9335	1472	1187	1187
q9	5289	4936	4940	4936
q10	6746	2285	1815	1815
q11	502	282	260	260
q12	339	356	209	209
q13	17784	3602	3025	3025
q14	229	240	213	213
q15	522	455	463	455
q16	430	421	373	373
q17	575	862	353	353
q18	6972	6441	6505	6441
q19	1200	948	559	559
q20	334	345	205	205
q21	2733	2132	1936	1936
q22	1064	1040	1001	1001
Total cold run time: 107551 ms
Total hot run time: 32743 ms

----- Round 2, with runtime_filter_mode=off -----
q1	6111	5447	5505	5447
q2	232	323	247	247
q3	2213	2683	2303	2303
q4	1380	1829	1369	1369
q5	4433	5139	4984	4984
q6	169	161	129	129
q7	2116	2023	1822	1822
q8	2685	2804	2737	2737
q9	7313	7310	7252	7252
q10	3060	3206	2750	2750
q11	591	527	513	513
q12	682	799	599	599
q13	3446	3803	3148	3148
q14	287	297	266	266
q15	512	479	472	472
q16	442	481	433	433
q17	1231	1770	1255	1255
q18	7643	7365	7363	7363
q19	805	1172	1091	1091
q20	2029	2052	1939	1939
q21	5407	4899	4708	4708
q22	1100	1061	1027	1027
Total cold run time: 53887 ms
Total hot run time: 51854 ms

doris-robot · 2025-09-11T07:55:25Z

TPC-DS: Total hot run time: 191765 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 9097df3594413df91fb44097435a55e3d6b71341, data reload: false

query1	968	408	404	404
query2	6120	1942	1829	1829
query3	8686	205	202	202
query4	33391	23848	23500	23500
query5	3524	607	468	468
query6	298	200	180	180
query7	4202	498	325	325
query8	312	255	247	247
query9	9602	2648	2633	2633
query10	479	333	263	263
query11	18527	15410	15354	15354
query12	169	112	104	104
query13	1560	558	428	428
query14	10481	7533	6580	6580
query15	234	191	180	180
query16	8003	662	474	474
query17	1557	732	577	577
query18	2144	439	319	319
query19	226	184	157	157
query20	125	122	119	119
query21	208	126	106	106
query22	4842	4638	4499	4499
query23	34966	34293	33746	33746
query24	7873	2645	2711	2645
query25	524	484	464	464
query26	1007	291	177	177
query27	1966	493	365	365
query28	5574	2253	2194	2194
query29	752	589	477	477
query30	248	207	188	188
query31	1031	930	825	825
query32	87	68	62	62
query33	503	385	331	331
query34	781	900	533	533
query35	790	815	751	751
query36	1053	1067	978	978
query37	112	98	71	71
query38	4008	4047	3962	3962
query39	1596	1493	1473	1473
query40	223	119	111	111
query41	52	49	54	49
query42	126	118	107	107
query43	518	515	492	492
query44	1338	853	835	835
query45	198	180	175	175
query46	896	1090	704	704
query47	1991	2014	1949	1949
query48	422	454	370	370
query49	804	520	435	435
query50	679	717	448	448
query51	7474	7405	7210	7210
query52	104	99	88	88
query53	225	267	187	187
query54	548	535	469	469
query55	79	79	81	79
query56	275	275	246	246
query57	1285	1291	1226	1226
query58	241	213	226	213
query59	3081	3087	3009	3009
query60	298	292	284	284
query61	112	115	108	108
query62	795	760	681	681
query63	236	195	194	194
query64	4568	1024	653	653
query65	3420	3334	3337	3334
query66	1034	417	318	318
query67	16257	15975	15596	15596
query68	7803	816	536	536
query69	480	312	296	296
query70	1183	1113	1148	1113
query71	371	312	265	265
query72	5760	3710	3761	3710
query73	631	750	356	356
query74	10139	9363	8879	8879
query75	3220	3175	2657	2657
query76	3132	1170	771	771
query77	536	372	279	279
query78	10520	10456	9581	9581
query79	4103	874	584	584
query80	774	534	424	424
query81	510	263	230	230
query82	599	126	88	88
query83	187	162	149	149
query84	291	98	77	77
query85	777	374	310	310
query86	385	321	296	296
query87	4397	4385	4232	4232
query88	5277	2431	2416	2416
query89	422	342	313	313
query90	1810	195	188	188
query91	141	146	112	112
query92	66	55	54	54
query93	2819	856	541	541
query94	686	401	299	299
query95	348	274	271	271
query96	487	609	289	289
query97	3192	3285	3178	3178
query98	229	207	207	207
query99	1545	1434	1304	1304
Total cold run time: 298628 ms
Total hot run time: 191765 ms

doris-robot · 2025-09-11T08:00:42Z

ClickBench: Total hot run time: 29.6 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit 9097df3594413df91fb44097435a55e3d6b71341, data reload: false

query1	0.03	0.02	0.03
query2	0.07	0.03	0.02
query3	0.24	0.07	0.07
query4	1.62	0.10	0.11
query5	0.52	0.51	0.50
query6	1.13	0.75	0.74
query7	0.03	0.02	0.02
query8	0.04	0.03	0.02
query9	0.60	0.50	0.49
query10	0.55	0.55	0.55
query11	0.15	0.11	0.11
query12	0.14	0.11	0.11
query13	0.62	0.60	0.60
query14	0.78	0.81	0.81
query15	0.83	0.83	0.83
query16	0.39	0.40	0.38
query17	1.04	1.06	1.09
query18	0.24	0.23	0.22
query19	1.96	1.83	1.87
query20	0.01	0.01	0.01
query21	15.38	0.92	0.58
query22	0.74	0.76	0.62
query23	15.17	1.43	0.53
query24	3.11	1.58	1.68
query25	0.13	0.12	0.04
query26	0.32	0.14	0.13
query27	0.05	0.04	0.03
query28	14.05	1.03	0.44
query29	12.56	3.96	3.28
query30	0.26	0.10	0.06
query31	2.82	0.61	0.40
query32	3.21	0.55	0.47
query33	3.01	3.05	3.05
query34	16.77	5.23	4.56
query35	4.56	4.62	4.56
query36	0.67	0.50	0.48
query37	0.09	0.07	0.06
query38	0.04	0.03	0.03
query39	0.03	0.02	0.02
query40	0.16	0.13	0.13
query41	0.08	0.03	0.02
query42	0.03	0.02	0.02
query43	0.04	0.03	0.02
Total cold run time: 104.27 s
Total hot run time: 29.6 s

zy-kkk requested a review from morrySnow as a code owner September 11, 2025 07:19

morrySnow approved these changes Sep 11, 2025

View reviewed changes

zy-kkk merged commit 8acbf29 into apache:branch-3.1 Sep 11, 2025
23 checks passed

zy-kkk deleted the pick-55760-to-3.1 branch September 11, 2025 10:29

morrySnow mentioned this pull request Sep 22, 2025

Release Note 3.1.1 #56289

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

branch-3.1: [refactor](credential) Refactor vended credentials system with unified architecture #55912

branch-3.1: [refactor](credential) Refactor vended credentials system with unified architecture #55912

Uh oh!

zy-kkk commented Sep 11, 2025

Uh oh!

Thearas commented Sep 11, 2025

Uh oh!

zy-kkk commented Sep 11, 2025

Uh oh!

doris-robot commented Sep 11, 2025

Uh oh!

doris-robot commented Sep 11, 2025

Uh oh!

doris-robot commented Sep 11, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

branch-3.1: [refactor](credential) Refactor vended credentials system with unified architecture #55912

branch-3.1: [refactor](credential) Refactor vended credentials system with unified architecture #55912

Uh oh!

Conversation

zy-kkk commented Sep 11, 2025

Uh oh!

Thearas commented Sep 11, 2025

Uh oh!

zy-kkk commented Sep 11, 2025

Uh oh!

doris-robot commented Sep 11, 2025

Uh oh!

doris-robot commented Sep 11, 2025

Uh oh!

doris-robot commented Sep 11, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants