[feat](authentication)Support AuthenticationIntegration DDL

fe/fe-core/src/main/antlr4/org/apache/doris/nereids/DorisLexer.g4

@@ -86,6 +86,7 @@ AS: 'AS';
 ASC: 'ASC';
 AT: 'AT';
 AUTHORS: 'AUTHORS';
+AUTHENTICATION: 'AUTHENTICATION';
 AUTO: 'AUTO';
 AUTO_INCREMENT: 'AUTO_INCREMENT';
 ALWAYS: 'ALWAYS';
@@ -294,6 +295,7 @@ IGNORE: 'IGNORE';
 IMMEDIATE: 'IMMEDIATE';
 IN: 'IN';
 INCREMENTAL: 'INCREMENTAL';
+INTEGRATION: 'INTEGRATION';
 INDEX: 'INDEX';
 INDEXES: 'INDEXES';
 INFILE: 'INFILE';

fe/fe-core/src/main/antlr4/org/apache/doris/nereids/DorisParser.g4

@@ -208,6 +208,8 @@ supportedCreateStatement
         LIKE existedTable=multipartIdentifier
         (WITH ROLLUP (rollupNames=identifierList)?)?                      #createTableLike
     | CREATE ROLE (IF NOT EXISTS)? name=identifierOrText (COMMENT STRING_LITERAL)?    #createRole
+    | CREATE AUTHENTICATION INTEGRATION integrationName=identifier
+        WITH PROPERTIES LEFT_PAREN propertyItemList RIGHT_PAREN commentSpec?   #createAuthenticationIntegration
     | CREATE WORKLOAD GROUP (IF NOT EXISTS)?
         name=identifierOrText (FOR computeGroup=identifierOrText)? properties=propertyClause? #createWorkloadGroup
     | CREATE CATALOG (IF NOT EXISTS)? catalogName=identifier
@@ -292,6 +294,10 @@ supportedAlterStatement
         properties=propertyClause?                                                          #alterComputeGroup
     | ALTER CATALOG name=identifier SET PROPERTIES
         LEFT_PAREN propertyItemList RIGHT_PAREN                                             #alterCatalogProperties        
+    | ALTER AUTHENTICATION INTEGRATION integrationName=identifier
+        SET PROPERTIES LEFT_PAREN propertyItemList RIGHT_PAREN                              #alterAuthenticationIntegrationProperties
+    | ALTER AUTHENTICATION INTEGRATION integrationName=identifier
+        SET COMMENT comment=STRING_LITERAL                                                   #alterAuthenticationIntegrationComment
     | ALTER WORKLOAD POLICY name=identifierOrText
         properties=propertyClause?                                                          #alterWorkloadPolicy
     | ALTER SQL_BLOCK_RULE name=identifier properties=propertyClause?                       #alterSqlBlockRule
@@ -335,6 +341,7 @@ supportedDropStatement
     | DROP STORAGE POLICY (IF EXISTS)? name=identifier                          #dropStoragePolicy
     | DROP WORKLOAD GROUP (IF EXISTS)? name=identifierOrText (FOR computeGroup=identifierOrText)?                    #dropWorkloadGroup
     | DROP CATALOG (IF EXISTS)? name=identifier                                 #dropCatalog
+    | DROP AUTHENTICATION INTEGRATION (IF EXISTS)? name=identifier              #dropAuthenticationIntegration
     | DROP FILE name=STRING_LITERAL
         ((FROM | IN) database=identifier)? properties=propertyClause            #dropFile
     | DROP WORKLOAD POLICY (IF EXISTS)? name=identifierOrText                   #dropWorkloadPolicy
@@ -1955,6 +1962,7 @@ nonReserved
     | ARRAY
     | AT
     | AUTHORS
+    | AUTHENTICATION
     | AUTO_INCREMENT
     | BACKENDS
     | BACKUP
@@ -2106,6 +2114,7 @@ nonReserved
     | IGNORE
     | IMMEDIATE
     | INCREMENTAL
+    | INTEGRATION
     | INDEXES
     | INSERT
     | INVERTED

fe/fe-core/src/main/java/org/apache/doris/authentication/AuthenticationIntegrationMeta.java

@@ -0,0 +1,144 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.authentication;
+
+import org.apache.doris.common.DdlException;
+import org.apache.doris.common.io.Text;
+import org.apache.doris.common.io.Writable;
+import org.apache.doris.persist.gson.GsonUtils;
+
+import com.google.gson.annotations.SerializedName;
+
+import java.io.DataInput;
+import java.io.DataOutput;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * Persistent metadata for AUTHENTICATION INTEGRATION.
+ */
+public class AuthenticationIntegrationMeta implements Writable {
+    public static final String TYPE_PROPERTY = "type";
+
+    @SerializedName(value = "name")
+    private String name;
+    @SerializedName(value = "type")
+    private String type;
+    @SerializedName(value = "properties")
+    private Map<String, String> properties;
+    @SerializedName(value = "comment")
+    private String comment;
+
+    private AuthenticationIntegrationMeta() {
+        this.name = "";
+        this.type = "";
+        this.properties = Collections.emptyMap();
+        this.comment = null;
+    }
+
+    public AuthenticationIntegrationMeta(String name, String type, Map<String, String> properties, String comment) {
+        this.name = Objects.requireNonNull(name, "name can not be null");
+        this.type = Objects.requireNonNull(type, "type can not be null");
+        this.properties = Collections.unmodifiableMap(
+                new LinkedHashMap<>(Objects.requireNonNull(properties, "properties can not be null")));
+        this.comment = comment;
+    }
+
+    /**
+     * Build metadata from CREATE SQL arguments.
+     */
+    public static AuthenticationIntegrationMeta fromCreateSql(
+            String integrationName, Map<String, String> properties, String comment) throws DdlException {
+        if (properties == null || properties.isEmpty()) {
+            throw new DdlException("Property 'type' is required in CREATE AUTHENTICATION INTEGRATION");
+        }
+        String type = null;
+        Map<String, String> copiedProperties = new LinkedHashMap<>();
+        for (Map.Entry<String, String> entry : properties.entrySet()) {
+            String key = Objects.requireNonNull(entry.getKey(), "property key can not be null");
+            if (TYPE_PROPERTY.equalsIgnoreCase(key)) {
+                if (type != null) {
+                    throw new DdlException("Property 'type' is duplicated in CREATE AUTHENTICATION INTEGRATION");
+                }
+                type = entry.getValue();
+                continue;
+            }
+            copiedProperties.put(key, entry.getValue());
+        }
+        if (type == null || type.isEmpty()) {
+            throw new DdlException("Property 'type' is required in CREATE AUTHENTICATION INTEGRATION");
+        }
+        return new AuthenticationIntegrationMeta(integrationName, type, copiedProperties, comment);
+    }
+
+    /**
+     * Build a new metadata object after ALTER ... SET PROPERTIES.
+     */
+    public AuthenticationIntegrationMeta withAlterProperties(Map<String, String> propertiesDelta) throws DdlException {
+        if (propertiesDelta == null || propertiesDelta.isEmpty()) {
+            throw new DdlException("ALTER AUTHENTICATION INTEGRATION should contain at least one property");
+        }
+        for (String key : propertiesDelta.keySet()) {
+            if (TYPE_PROPERTY.equalsIgnoreCase(key)) {
+                throw new DdlException("ALTER AUTHENTICATION INTEGRATION does not allow modifying property 'type'");
+            }
+        }
+        Map<String, String> mergedProperties = new LinkedHashMap<>(properties);
+        mergedProperties.putAll(propertiesDelta);
+        return new AuthenticationIntegrationMeta(name, type, mergedProperties, comment);
+    }
+
+    public AuthenticationIntegrationMeta withComment(String newComment) {
+        return new AuthenticationIntegrationMeta(name, type, properties, newComment);
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public Map<String, String> getProperties() {
+        return properties;
+    }
+
+    public String getComment() {
+        return comment;
+    }
+
+    public Map<String, String> toSqlPropertiesView() {
+        Map<String, String> allProperties = new LinkedHashMap<>();
+        allProperties.put(TYPE_PROPERTY, type);
+        allProperties.putAll(properties);
+        return allProperties;
+    }
+
+    @Override
+    public void write(DataOutput out) throws IOException {
+        Text.writeString(out, GsonUtils.GSON.toJson(this));
+    }
+
+    public static AuthenticationIntegrationMeta read(DataInput in) throws IOException {
+        return GsonUtils.GSON.fromJson(Text.readString(in), AuthenticationIntegrationMeta.class);
+    }
+}

fe/fe-core/src/main/java/org/apache/doris/authentication/AuthenticationIntegrationMgr.java

@@ -0,0 +1,177 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.authentication;
+
+import org.apache.doris.catalog.Env;
+import org.apache.doris.common.DdlException;
+import org.apache.doris.common.io.Text;
+import org.apache.doris.common.io.Writable;
+import org.apache.doris.persist.DropAuthenticationIntegrationOperationLog;
+import org.apache.doris.persist.gson.GsonUtils;
+
+import com.google.gson.annotations.SerializedName;
+
+import java.io.DataInput;
+import java.io.DataOutput;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+/**
+ * Manager for AUTHENTICATION INTEGRATION metadata.
+ */
+public class AuthenticationIntegrationMgr implements Writable {
+    private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock(true);
+
+    @SerializedName(value = "nameToIntegration")
+    private Map<String, AuthenticationIntegrationMeta> nameToIntegration = new LinkedHashMap<>();
+
+    private void readLock() {
+        lock.readLock().lock();
+    }
+
+    private void readUnlock() {
+        lock.readLock().unlock();
+    }
+
+    private void writeLock() {
+        lock.writeLock().lock();
+    }
+
+    private void writeUnlock() {
+        lock.writeLock().unlock();
+    }
+
+    public void createAuthenticationIntegration(
+            String integrationName, Map<String, String> properties, String comment) throws DdlException {
+        AuthenticationIntegrationMeta meta =
+                AuthenticationIntegrationMeta.fromCreateSql(integrationName, properties, comment);
+        writeLock();
+        try {
+            if (nameToIntegration.containsKey(integrationName)) {
+                throw new DdlException("Authentication integration " + integrationName + " already exists");
+            }
+            nameToIntegration.put(integrationName, meta);
+            Env.getCurrentEnv().getEditLog().logCreateAuthenticationIntegration(meta);
+        } finally {
+            writeUnlock();
+        }
+    }
+
+    public void alterAuthenticationIntegrationProperties(
+            String integrationName, Map<String, String> properties) throws DdlException {
+        writeLock();
+        try {
+            AuthenticationIntegrationMeta current = getOrThrow(integrationName);
+            AuthenticationIntegrationMeta updated = current.withAlterProperties(properties);
+            nameToIntegration.put(integrationName, updated);
+            Env.getCurrentEnv().getEditLog().logAlterAuthenticationIntegration(updated);
+        } finally {
+            writeUnlock();
+        }
+    }
+
+    public void alterAuthenticationIntegrationComment(String integrationName, String comment) throws DdlException {
+        writeLock();
+        try {
+            AuthenticationIntegrationMeta current = getOrThrow(integrationName);
+            AuthenticationIntegrationMeta updated = current.withComment(comment);
+            nameToIntegration.put(integrationName, updated);
+            Env.getCurrentEnv().getEditLog().logAlterAuthenticationIntegration(updated);
+        } finally {
+            writeUnlock();
+        }
+    }
+
+    public void dropAuthenticationIntegration(String integrationName, boolean ifExists) throws DdlException {
+        writeLock();
+        try {
+            if (!nameToIntegration.containsKey(integrationName)) {
+                if (ifExists) {
+                    return;
+                }
+                throw new DdlException("Authentication integration " + integrationName + " does not exist");
+            }
+            nameToIntegration.remove(integrationName);
+            Env.getCurrentEnv().getEditLog().logDropAuthenticationIntegration(
+                    new DropAuthenticationIntegrationOperationLog(integrationName));
+        } finally {
+            writeUnlock();
+        }
+    }
+
+    public void replayCreateAuthenticationIntegration(AuthenticationIntegrationMeta meta) {
+        writeLock();
+        try {
+            nameToIntegration.put(meta.getName(), meta);
+        } finally {
+            writeUnlock();
+        }
+    }
+
+    public void replayAlterAuthenticationIntegration(AuthenticationIntegrationMeta meta) {
+        writeLock();
+        try {
+            nameToIntegration.put(meta.getName(), meta);
+        } finally {
+            writeUnlock();
+        }
+    }
+
+    public void replayDropAuthenticationIntegration(DropAuthenticationIntegrationOperationLog log) {
+        writeLock();
+        try {
+            nameToIntegration.remove(log.getIntegrationName());
+        } finally {
+            writeUnlock();
+        }
+    }
+
+    public Map<String, AuthenticationIntegrationMeta> getAuthenticationIntegrations() {
+        readLock();
+        try {
+            return Collections.unmodifiableMap(new LinkedHashMap<>(nameToIntegration));
+        } finally {
+            readUnlock();
+        }
+    }
+
+    @Override
+    public void write(DataOutput out) throws IOException {
+        Text.writeString(out, GsonUtils.GSON.toJson(this));
+    }
+
+    public static AuthenticationIntegrationMgr read(DataInput in) throws IOException {
+        String json = Text.readString(in);
+        AuthenticationIntegrationMgr mgr = GsonUtils.GSON.fromJson(json, AuthenticationIntegrationMgr.class);
+        if (mgr.nameToIntegration == null) {
+            mgr.nameToIntegration = new LinkedHashMap<>();
+        }
+        return mgr;
+    }
+
+    private AuthenticationIntegrationMeta getOrThrow(String integrationName) throws DdlException {
+        AuthenticationIntegrationMeta meta = nameToIntegration.get(integrationName);
+        if (meta == null) {
+            throw new DdlException("Authentication integration " + integrationName + " does not exist");
+        }
+        return meta;
+    }
+}