Skip to content

[#10960] feat(authn): Implement built-in IdP storage#11023

Open
lasdf1234 wants to merge 11 commits into
apache:mainfrom
lasdf1234:add-built-in-idp-storage
Open

[#10960] feat(authn): Implement built-in IdP storage#11023
lasdf1234 wants to merge 11 commits into
apache:mainfrom
lasdf1234:add-built-in-idp-storage

Conversation

@lasdf1234
Copy link
Copy Markdown
Contributor

@lasdf1234 lasdf1234 commented May 10, 2026

What changes were proposed in this pull request?

This PR moves the built-in IdP storage implementation classes from the original core addition set into the plugins:idp-basic module, including relational POs, MyBatis mappers, SQL providers, and the corresponding plugin-local tests.

Why are the changes needed?

The built-in IdP storage implementation should live with the idp-basic plugin instead of being introduced directly as new implementation classes in core.

Fix: #10960

Does this PR introduce any user-facing change?

No.

How was this patch tested?

./gradlew :plugins:idp-basic:test \
  --tests org.apache.gravitino.storage.relational.po.TestIdpGroupPO \
  --tests org.apache.gravitino.storage.relational.po.TestIdpGroupUserRelPO \
  --tests org.apache.gravitino.storage.relational.po.TestIdpUserPO \
  --tests org.apache.gravitino.storage.relational.mapper.TestIdpGroupMetaMySQLProvider \
  --tests org.apache.gravitino.storage.relational.mapper.TestIdpGroupUserRelMySQLProvider \
  --tests org.apache.gravitino.storage.relational.mapper.TestIdpUserMetaMySQLProvider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.base.TestIdpGroupMetaBaseSQLProvider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.base.TestIdpGroupUserRelBaseSQLProvider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.base.TestIdpUserMetaBaseSQLProvider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.h2.TestIdpGroupMetaH2Provider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.h2.TestIdpGroupUserRelH2Provider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.h2.TestIdpUserMetaH2Provider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.postgresql.TestIdpGroupMetaPostgreSQLProvider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.postgresql.TestIdpGroupUserRelPostgreSQLProvider \
  --tests org.apache.gravitino.storage.relational.mapper.provider.postgresql.TestIdpUserMetaPostgreSQLProvider \
  -PskipWeb=true

lasdf1234 and others added 2 commits May 10, 2026 18:25
@lasdf1234
Move IdP DTOs into idp-basic plugin
ebfa199 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lasdf1234
Move IdP storage implementation into idp-basic
6ea1c49 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 10, 2026 10:57
@lasdf1234
Restore remaining built-in IdP core changes
488f8b6 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI reviewed May 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR relocates the built-in IdP storage implementation into the plugins:idp-basic module by adding the IdP relational persistence layer (POs, MyBatis mappers, SQL providers) plus plugin-local DTOs and tests.

Changes:

  • Added relational persistence artifacts for built-in IdP users/groups (POs, mappers, SQL provider factories, and backend-specific providers).
  • Added built-in IdP REST DTOs (requests/responses) with validation and JSON SerDe tests.
  • Updated plugins:idp-basic Gradle dependencies to support the added storage/DTO code and tests.

Reviewed changes

Copilot reviewed 52 out of 52 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/po/TestIdpUserPO.java Adds unit tests for IdpUserPO builder/equals/hashCode.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/po/TestIdpGroupUserRelPO.java Adds unit tests for IdpGroupUserRelPO builder/equals/hashCode.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/po/TestIdpGroupPO.java Adds unit tests for IdpGroupPO builder/equals/hashCode.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/TestIdpUserMetaMySQLProvider.java Wires MySQL provider into shared SQL-provider test base.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/TestIdpGroupUserRelMySQLProvider.java Wires MySQL provider into shared SQL-provider test base.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/TestIdpGroupMetaMySQLProvider.java Wires MySQL provider into shared SQL-provider test base.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/postgresql/TestIdpUserMetaPostgreSQLProvider.java PostgreSQL-specific SQL-provider expectations for user meta.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/postgresql/TestIdpGroupUserRelPostgreSQLProvider.java PostgreSQL-specific SQL-provider expectations for group-user relation.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/postgresql/TestIdpGroupMetaPostgreSQLProvider.java PostgreSQL-specific SQL-provider expectations for group meta.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/h2/TestIdpUserMetaH2Provider.java H2 provider coverage via shared SQL-provider test base.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/h2/TestIdpGroupUserRelH2Provider.java H2 provider coverage via shared SQL-provider test base.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/h2/TestIdpGroupMetaH2Provider.java H2 provider coverage via shared SQL-provider test base.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/base/TestIdpUserMetaBaseSQLProvider.java Tests generated SQL for IdP user meta base provider.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/base/TestIdpGroupUserRelBaseSQLProvider.java Tests generated SQL/scripts for IdP group-user relation base provider.
plugins/idp-basic/src/test/java/org/apache/gravitino/storage/relational/mapper/provider/base/TestIdpGroupMetaBaseSQLProvider.java Tests generated SQL for IdP group meta base provider.
plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/TestIdpUserDTO.java JSON SerDe + validation tests for IdpUserDTO.
plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/TestIdpGroupDTO.java JSON SerDe + validation tests for IdpGroupDTO.
plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/responses/TestIdpUserResponse.java JSON SerDe + validation tests for IdpUserResponse.
plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/responses/TestIdpGroupResponse.java JSON SerDe + validation tests for IdpGroupResponse.
plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/requests/TestUpdateGroupUsersRequest.java JSON SerDe + validation tests for UpdateGroupUsersRequest.
plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/requests/TestResetPasswordRequest.java JSON SerDe + validation + password redaction tests for ResetPasswordRequest.
plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/requests/TestCreateUserRequest.java JSON SerDe + validation + password redaction tests for CreateUserRequest.
plugins/idp-basic/src/test/java/org/apache/gravitino/idp/basic/dto/requests/TestCreateGroupRequest.java JSON SerDe + validation tests for CreateGroupRequest.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/service/IdpUserMetaService.java Adds IdP user metadata service coordinating mapper operations.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/service/IdpGroupMetaService.java Adds IdP group metadata service coordinating mapper operations.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/po/IdpUserPO.java Adds relational PO for IdP users with builder + equals/hashCode.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/po/IdpGroupUserRelPO.java Adds relational PO for group-user relationship rows.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/po/IdpGroupPO.java Adds relational PO for IdP groups with builder + equals/hashCode.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/postgresql/IdpUserMetaPostgreSQLProvider.java PostgreSQL overrides for IdP user SQL generation.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/postgresql/IdpGroupUserRelPostgreSQLProvider.java PostgreSQL overrides for relation SQL generation (incl. guarded IN clause).
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/postgresql/IdpGroupMetaPostgreSQLProvider.java PostgreSQL overrides for IdP group SQL generation.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/h2/IdpUserMetaH2Provider.java H2 provider (inherits base SQL behavior).
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/h2/IdpGroupUserRelH2Provider.java H2 provider (inherits base SQL behavior).
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/h2/IdpGroupMetaH2Provider.java H2 provider (inherits base SQL behavior).
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/base/IdpUserMetaBaseSQLProvider.java Base SQL provider for IdP user meta operations.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/base/IdpGroupUserRelBaseSQLProvider.java Base SQL provider for group-user relation operations.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/provider/base/IdpGroupMetaBaseSQLProvider.java Base SQL provider for IdP group meta operations.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/IdpUserMetaSQLProviderFactory.java Backend dispatch factory for IdP user SQL providers.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/IdpUserMetaMapper.java MyBatis mapper for IdP user metadata table.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/IdpGroupUserRelSQLProviderFactory.java Backend dispatch factory for group-user relation SQL providers.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/IdpGroupUserRelMapper.java MyBatis mapper for group-user relation table.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/IdpGroupMetaSQLProviderFactory.java Backend dispatch factory for IdP group SQL providers.
plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/mapper/IdpGroupMetaMapper.java MyBatis mapper for IdP group metadata table.
plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/responses/IdpUserResponse.java Adds REST response wrapper + validation for built-in IdP user.
plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/responses/IdpGroupResponse.java Adds REST response wrapper + validation for built-in IdP group.
plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/requests/UpdateGroupUsersRequest.java Adds REST request DTO + validation for updating group users.
plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/requests/ResetPasswordRequest.java Adds REST request DTO + validation for resetting passwords (with redacted toString).
plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/requests/CreateUserRequest.java Adds REST request DTO + validation for user creation (with redacted toString).
plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/requests/CreateGroupRequest.java Adds REST request DTO + validation for group creation.
plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/IdpUserDTO.java Adds built-in IdP user DTO + builder validation.
plugins/idp-basic/src/main/java/org/apache/gravitino/idp/basic/dto/IdpGroupDTO.java Adds built-in IdP group DTO + builder validation.
plugins/idp-basic/build.gradle.kts Adds required module/library dependencies for the new IdP storage + DTO code and tests.

Comment thread ...org/apache/gravitino/storage/relational/mapper/provider/base/IdpUserMetaBaseSQLProvider.java
Comment on lines +82 to +86
public String softDeleteIdpUser(
@Param("userId") Long userId, @Param("deletedAt") Long deletedAt) {
return "UPDATE "
+ IdpUserMetaMapper.IDP_USER_TABLE_NAME
+ " SET deleted_at = #{deletedAt},"
Comment thread ...rg/apache/gravitino/storage/relational/mapper/provider/base/IdpGroupMetaBaseSQLProvider.java
Comment on lines +50 to +54
public String softDeleteIdpGroup(
@Param("groupId") Long groupId, @Param("deletedAt") Long deletedAt) {
return "UPDATE "
+ IdpGroupMetaMapper.IDP_GROUP_TABLE_NAME
+ " SET deleted_at = #{deletedAt},"
Comment thread ...apache/gravitino/storage/relational/mapper/provider/base/IdpGroupUserRelBaseSQLProvider.java
Comment on lines +91 to +100
public String softDeleteIdpGroupUsers(
@Param("groupId") Long groupId,
@Param("userIds") List<Long> userIds,
@Param("deletedAt") Long deletedAt) {
return "<script>"
+ "UPDATE "
+ IdpGroupUserRelMapper.IDP_GROUP_USER_REL_TABLE_NAME
+ " SET deleted_at = #{deletedAt},"
+ " current_version = current_version + 1,"
+ " last_version = last_version + 1"
Comment thread plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/po/IdpUserPO.java
Comment on lines +64 to +70
IdpUserPO tablePO = (IdpUserPO) o;
return Objects.equal(getUserId(), tablePO.getUserId())
&& Objects.equal(getUserName(), tablePO.getUserName())
&& Objects.equal(getPasswordHash(), tablePO.getPasswordHash())
&& Objects.equal(getCurrentVersion(), tablePO.getCurrentVersion())
&& Objects.equal(getLastVersion(), tablePO.getLastVersion())
&& Objects.equal(getDeletedAt(), tablePO.getDeletedAt());
Comment thread plugins/idp-basic/src/main/java/org/apache/gravitino/storage/relational/po/IdpGroupPO.java
Comment on lines +59 to +64
IdpGroupPO tablePO = (IdpGroupPO) o;
return Objects.equal(getGroupId(), tablePO.getGroupId())
&& Objects.equal(getGroupName(), tablePO.getGroupName())
&& Objects.equal(getCurrentVersion(), tablePO.getCurrentVersion())
&& Objects.equal(getLastVersion(), tablePO.getLastVersion())
&& Objects.equal(getDeletedAt(), tablePO.getDeletedAt());
Comment thread ...-basic/src/main/java/org/apache/gravitino/storage/relational/service/IdpUserMetaService.java Outdated
Comment on lines +30 to +38
/** The service class for user metadata. It provides the basic database operations for user. */
public class IdpUserMetaService {
private static final IdpUserMetaService INSTANCE = new IdpUserMetaService();

public static IdpUserMetaService getInstance() {
return INSTANCE;
}

private IdpUserMetaService() {}
Comment thread ...basic/src/main/java/org/apache/gravitino/storage/relational/service/IdpGroupMetaService.java Outdated
Comment on lines +30 to +38
/** The service class for group metadata. It provides the basic database operations for group. */
public class IdpGroupMetaService {
private static final IdpGroupMetaService INSTANCE = new IdpGroupMetaService();

public static IdpGroupMetaService getInstance() {
return INSTANCE;
}

private IdpGroupMetaService() {}
lasdf1234 and others added 8 commits May 10, 2026 19:16
@lasdf1234
Complete remaining core IdP updates
a14de74 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lasdf1234
Remove duplicated IdP storage classes
63b9454 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lasdf1234
Restore IdP legacy cleanup dispatch
8b1a9f0 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lasdf1234
Refine IdP legacy cleanup integration
b49ca08 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lasdf1234
Refactor built-in IdP metadata provider SPI
fab9645 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lasdf1234
Refactor built-in IdP metadata abstractions
acf8e49 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lasdf1234
Refactor idp-basic storage packages
b2fbb13 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@lasdf1234
[#0] Remove idp basic dto classes
1ecddbb 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced May 11, 2026
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Subtask] Implement built-in Idp storage

2 participants

@lasdf1234