How about using the enum name IMPLICIT in this case? YAML comments will briefly mention runtime env. implications. Documentation will (later) explain how it works in detail.
>From my POV, "NONE" means strictly no auth. Cheers, Dmitri. On Wed, Jul 2, 2025 at 4:04 PM Eric Maynard <eric.w.mayn...@gmail.com> wrote: > > When the new NONE (or any proposed alternative name) is used as the > authentication type in an External Catalog, what kind of auth flow will > actually happen in runtime? > > This question really gets to the core of what we are discussing. From my > perspective in implementing HADOOP, we can interpret NONE in two ways: > > 1. Polaris does no auth whatsoever > 2. The EXTERNAL catalog connection config does not describe any kind of > auth > > My interpretation of NONE is (2). > > While it's true that Polaris doesn't explicitly do any kind of auth for > Hadoop and relies on the fact that new Configuration() happens to load from > some env vars, I do not believe that it's really accurate to say we are in > situation (1). Polaris may still be doing some auth, even if it's not > obvious from a quick pass over the code. > > Rather, NONE indicates that the ConnectionConfigInfo itself does not > contain any authentication credentials or mechanism. Consider another > example -- if the auth type is configured as OAUTH, that doesn't mean that > the remote catalog isn't additionally using mTLS. It just means that the > ConnectionConfigInfo attached to the EXTERNAL catalog in Polaris contains > OAUTH-related information. > > --EM >
