[#10962] feat(authentication): Add local IdP metadata schema#10969
Open
lasdf1234 wants to merge 1 commit intoapache:mainfrom
Open
[#10962] feat(authentication): Add local IdP metadata schema#10969lasdf1234 wants to merge 1 commit intoapache:mainfrom
lasdf1234 wants to merge 1 commit intoapache:mainfrom
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds the local IdP persistence schema needed for upcoming basic/local authentication work by introducing global user, group, and group-membership tables across the supported JDBC backends.
Changes:
- Added
idp_user_meta,idp_group_meta, andidp_group_user_relto the 1.3.0 full schema for PostgreSQL, MySQL, and H2. - Added the same three tables to the 1.2.0 → 1.3.0 upgrade scripts for PostgreSQL, MySQL, and H2.
- Kept the new tables aligned with existing metadata-table patterns such as soft delete and version columns.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/postgresql/upgrade-1.2.0-to-1.3.0-postgresql.sql | Adds local IdP tables to the PostgreSQL migration script. |
| scripts/postgresql/schema-1.3.0-postgresql.sql | Adds local IdP tables to the PostgreSQL baseline schema. |
| scripts/mysql/upgrade-1.2.0-to-1.3.0-mysql.sql | Adds local IdP tables to the MySQL migration script. |
| scripts/mysql/schema-1.3.0-mysql.sql | Adds local IdP tables to the MySQL baseline schema. |
| scripts/h2/upgrade-1.2.0-to-1.3.0-h2.sql | Adds local IdP tables to the H2 migration script. |
| scripts/h2/schema-1.3.0-h2.sql | Adds local IdP tables to the H2 baseline schema. |
Comment on lines
+67
to
+118
| CREATE TABLE IF NOT EXISTS idp_user_meta ( | ||
| user_id BIGINT NOT NULL, | ||
| user_name VARCHAR(128) NOT NULL, | ||
| password_hash VARCHAR(1024) NOT NULL, | ||
| audit_info TEXT NOT NULL, | ||
| current_version INT NOT NULL DEFAULT 1, | ||
| last_version INT NOT NULL DEFAULT 1, | ||
| deleted_at BIGINT NOT NULL DEFAULT 0, | ||
| PRIMARY KEY (user_id), | ||
| UNIQUE (user_name, deleted_at) | ||
| ); | ||
| COMMENT ON TABLE idp_user_meta IS 'local IdP user metadata'; | ||
|
|
||
| COMMENT ON COLUMN idp_user_meta.user_id IS 'idp user id'; | ||
| COMMENT ON COLUMN idp_user_meta.user_name IS 'idp username'; | ||
| COMMENT ON COLUMN idp_user_meta.password_hash IS 'idp user password hash'; | ||
| COMMENT ON COLUMN idp_user_meta.audit_info IS 'idp user audit info'; | ||
| COMMENT ON COLUMN idp_user_meta.current_version IS 'idp user current version'; | ||
| COMMENT ON COLUMN idp_user_meta.last_version IS 'idp user last version'; | ||
| COMMENT ON COLUMN idp_user_meta.deleted_at IS 'idp user deleted at'; | ||
|
|
||
| CREATE TABLE IF NOT EXISTS idp_group_meta ( | ||
| group_id BIGINT NOT NULL, | ||
| group_name VARCHAR(128) NOT NULL, | ||
| audit_info TEXT NOT NULL, | ||
| current_version INT NOT NULL DEFAULT 1, | ||
| last_version INT NOT NULL DEFAULT 1, | ||
| deleted_at BIGINT NOT NULL DEFAULT 0, | ||
| PRIMARY KEY (group_id), | ||
| UNIQUE (group_name, deleted_at) | ||
| ); | ||
| COMMENT ON TABLE idp_group_meta IS 'local IdP group metadata'; | ||
|
|
||
| COMMENT ON COLUMN idp_group_meta.group_id IS 'idp group id'; | ||
| COMMENT ON COLUMN idp_group_meta.group_name IS 'idp group name'; | ||
| COMMENT ON COLUMN idp_group_meta.audit_info IS 'idp group audit info'; | ||
| COMMENT ON COLUMN idp_group_meta.current_version IS 'idp group current version'; | ||
| COMMENT ON COLUMN idp_group_meta.last_version IS 'idp group last version'; | ||
| COMMENT ON COLUMN idp_group_meta.deleted_at IS 'idp group deleted at'; | ||
|
|
||
| CREATE TABLE IF NOT EXISTS idp_group_user_rel ( | ||
| id BIGINT NOT NULL GENERATED BY DEFAULT AS IDENTITY, | ||
| group_id BIGINT NOT NULL, | ||
| user_id BIGINT NOT NULL, | ||
| audit_info TEXT NOT NULL, | ||
| current_version INT NOT NULL DEFAULT 1, | ||
| last_version INT NOT NULL DEFAULT 1, | ||
| deleted_at BIGINT NOT NULL DEFAULT 0, | ||
| PRIMARY KEY (id), | ||
| UNIQUE (group_id, user_id, deleted_at) | ||
| ); | ||
| CREATE INDEX IF NOT EXISTS idp_group_user_rel_idx_user_id ON idp_group_user_rel (user_id); |
Comment on lines
+54
to
+88
| CREATE TABLE IF NOT EXISTS `idp_user_meta` ( | ||
| `user_id` BIGINT(20) UNSIGNED NOT NULL COMMENT 'idp user id', | ||
| `user_name` VARCHAR(128) NOT NULL COMMENT 'idp username', | ||
| `password_hash` VARCHAR(1024) NOT NULL COMMENT 'idp user password hash', | ||
| `audit_info` MEDIUMTEXT NOT NULL COMMENT 'idp user audit info', | ||
| `current_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp user current version', | ||
| `last_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp user last version', | ||
| `deleted_at` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'idp user deleted at', | ||
| PRIMARY KEY (`user_id`), | ||
| UNIQUE KEY `uk_iun_del` (`user_name`, `deleted_at`) | ||
| ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin COMMENT 'local IdP user metadata'; | ||
|
|
||
| CREATE TABLE IF NOT EXISTS `idp_group_meta` ( | ||
| `group_id` BIGINT(20) UNSIGNED NOT NULL COMMENT 'idp group id', | ||
| `group_name` VARCHAR(128) NOT NULL COMMENT 'idp group name', | ||
| `audit_info` MEDIUMTEXT NOT NULL COMMENT 'idp group audit info', | ||
| `current_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp group current version', | ||
| `last_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp group last version', | ||
| `deleted_at` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'idp group deleted at', | ||
| PRIMARY KEY (`group_id`), | ||
| UNIQUE KEY `uk_ign_del` (`group_name`, `deleted_at`) | ||
| ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin COMMENT 'local IdP group metadata'; | ||
|
|
||
| CREATE TABLE IF NOT EXISTS `idp_group_user_rel` ( | ||
| `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT COMMENT 'auto increment id', | ||
| `group_id` BIGINT(20) UNSIGNED NOT NULL COMMENT 'idp group id', | ||
| `user_id` BIGINT(20) UNSIGNED NOT NULL COMMENT 'idp user id', | ||
| `audit_info` MEDIUMTEXT NOT NULL COMMENT 'idp group user relation audit info', | ||
| `current_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp relation current version', | ||
| `last_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp relation last version', | ||
| `deleted_at` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'idp relation deleted at', | ||
| PRIMARY KEY (`id`), | ||
| UNIQUE KEY `uk_igiu_del` (`group_id`, `user_id`, `deleted_at`), | ||
| KEY `idx_iug_uid` (`user_id`) | ||
| ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin COMMENT 'local IdP group user relation'; |
Comment on lines
+50
to
+84
| CREATE TABLE IF NOT EXISTS `idp_user_meta` ( | ||
| `user_id` BIGINT(20) UNSIGNED NOT NULL COMMENT 'idp user id', | ||
| `user_name` VARCHAR(128) NOT NULL COMMENT 'idp username', | ||
| `password_hash` VARCHAR(1024) NOT NULL COMMENT 'idp user password hash', | ||
| `audit_info` CLOB NOT NULL COMMENT 'idp user audit info', | ||
| `current_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp user current version', | ||
| `last_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp user last version', | ||
| `deleted_at` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'idp user deleted at', | ||
| PRIMARY KEY (`user_id`), | ||
| CONSTRAINT `uk_iun_del` UNIQUE (`user_name`, `deleted_at`) | ||
| ) ENGINE=InnoDB; | ||
|
|
||
| CREATE TABLE IF NOT EXISTS `idp_group_meta` ( | ||
| `group_id` BIGINT(20) UNSIGNED NOT NULL COMMENT 'idp group id', | ||
| `group_name` VARCHAR(128) NOT NULL COMMENT 'idp group name', | ||
| `audit_info` CLOB NOT NULL COMMENT 'idp group audit info', | ||
| `current_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp group current version', | ||
| `last_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp group last version', | ||
| `deleted_at` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'idp group deleted at', | ||
| PRIMARY KEY (`group_id`), | ||
| CONSTRAINT `uk_ign_del` UNIQUE (`group_name`, `deleted_at`) | ||
| ) ENGINE=InnoDB; | ||
|
|
||
| CREATE TABLE IF NOT EXISTS `idp_group_user_rel` ( | ||
| `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT COMMENT 'auto increment id', | ||
| `group_id` BIGINT(20) UNSIGNED NOT NULL COMMENT 'idp group id', | ||
| `user_id` BIGINT(20) UNSIGNED NOT NULL COMMENT 'idp user id', | ||
| `audit_info` CLOB NOT NULL COMMENT 'idp group user relation audit info', | ||
| `current_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp relation current version', | ||
| `last_version` INT UNSIGNED NOT NULL DEFAULT 1 COMMENT 'idp relation last version', | ||
| `deleted_at` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0 COMMENT 'idp relation deleted at', | ||
| PRIMARY KEY (`id`), | ||
| CONSTRAINT `uk_igiu_del` UNIQUE (`group_id`, `user_id`, `deleted_at`), | ||
| KEY `idx_iug_uid` (`user_id`) | ||
| ) ENGINE=InnoDB; |
lasdf1234
added a commit
to lasdf1234/gravitino
that referenced
this pull request
May 5, 2026
lasdf1234
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
This PR adds the local IdP metadata schema for H2, MySQL, and PostgreSQL by introducing
idp_user_meta,idp_group_meta, andidp_group_user_relto both the full schema scripts and the 1.2.0-to-1.3.0 upgrade scripts. The change is limited to JDBC SQL scripts only.Why are the changes needed?
The local authenticator needs dedicated metadata tables to persist built-in IdP users, groups, and group memberships with soft-delete support.
Fix: #10962
Does this PR introduce any user-facing change?
No.
How was this patch tested?