Yeah, maybe NONE is misleading and so UNMANAGED or IMPLICIT could be better. In some cases it's conceivable that there really is no "auth" as such -- like with HADOOP -- and so I wonder if IMPLICIT over-promises a bit?
--EM On Wed, Jul 2, 2025 at 1:10 PM Dmitri Bourlatchkov <di...@apache.org> wrote: > How about using the enum name IMPLICIT in this case? > > YAML comments will briefly mention runtime env. implications. Documentation > will (later) explain how it works in detail. > > From my POV, "NONE" means strictly no auth. > > Cheers, > Dmitri. > > > > On Wed, Jul 2, 2025 at 4:04 PM Eric Maynard <eric.w.mayn...@gmail.com> > wrote: > > > > When the new NONE (or any proposed alternative name) is used as the > > authentication type in an External Catalog, what kind of auth flow will > > actually happen in runtime? > > > > This question really gets to the core of what we are discussing. From my > > perspective in implementing HADOOP, we can interpret NONE in two ways: > > > > 1. Polaris does no auth whatsoever > > 2. The EXTERNAL catalog connection config does not describe any kind of > > auth > > > > My interpretation of NONE is (2). > > > > While it's true that Polaris doesn't explicitly do any kind of auth for > > Hadoop and relies on the fact that new Configuration() happens to load > from > > some env vars, I do not believe that it's really accurate to say we are > in > > situation (1). Polaris may still be doing some auth, even if it's not > > obvious from a quick pass over the code. > > > > Rather, NONE indicates that the ConnectionConfigInfo itself does not > > contain any authentication credentials or mechanism. Consider another > > example -- if the auth type is configured as OAUTH, that doesn't mean > that > > the remote catalog isn't additionally using mTLS. It just means that the > > ConnectionConfigInfo attached to the EXTERNAL catalog in Polaris contains > > OAUTH-related information. > > > > --EM > > >
