Skip to content

Antalya 26.5: Antalya 26.3 forward-port: Token Authentication and Authorization#1936

Open
zvonand wants to merge 2 commits into
antalya-26.5from
feature/antalya-26.5/pr-1658
Open

Antalya 26.5: Antalya 26.3 forward-port: Token Authentication and Authorization#1936
zvonand wants to merge 2 commits into
antalya-26.5from
feature/antalya-26.5/pr-1658

Conversation

@zvonand

@zvonand zvonand commented Jun 23, 2026

Copy link
Copy Markdown
Member

Changelog category (leave one):

  • New Feature

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

Introduce token-based authentication and authorization (#1658 by @zvonand).

CI/CD Options

Exclude tests:

  • Fast test
  • Integration Tests
  • Stateless tests
  • Stateful tests
  • Performance tests
  • All with ASAN
  • All with TSAN
  • All with MSAN
  • All with UBSAN
  • All with Coverage
  • All with Aarch64
  • All Regression
  • Disable CI Cache

Regression jobs to run:

  • Fast suites (mostly <1h)
  • Aggregate Functions (2h)
  • Alter (1.5h)
  • Benchmark (30m)
  • ClickHouse Keeper (1h)
  • Iceberg (2h)
  • LDAP (1h)
  • Parquet (1.5h)
  • RBAC (1.5h)
  • SSL Server (1h)
  • S3 (2h)
  • S3 Export (2h)
  • Swarms (30m)
  • Tiered Storage (2h)

Cherry-picked from #1658.

Cherry-picked from #1430.

Introduce authentication using access tokens.

zvonand added 2 commits June 23, 2026 23:39
@zvonand
Cherry-pick of #1658 with unresolved conflict markers (resolution in …
6c1cc08 
…next commit)

---
Original cherry-pick message follows:

Merge pull request #1658 from Altinity/feature/antalya-26.3/pr-1430-1596

Antalya 26.3 forward-port: Token Authentication and Authorization
# Conflicts:
#	ci/jobs/scripts/check_style/aspell-ignore/en/aspell-dict.txt
#	src/Access/IAccessStorage.cpp
#	src/Access/UsersConfigParser.cpp
@zvonand
Resolve conflicts in cherry-pick of #1658
54e979b 
aspell-dict.txt and IAccessStorage.cpp: keep both sides (antalya-26.5
words/include plus the PR's additions).

UsersConfigParser.cpp: antalya-26.5 refactored parseUserAuthMethod to
return an AuthenticationData value (no user parameter) using the
per-method 'const auto <x>_config' idiom and the num_authentication_types
counter. Adapted the PR's JWT support to this shape: declare jwt_config /
has_jwt in the new idiom, add has_jwt to num_authentication_types and to
the valid-types error message, and route the JWT branch through auth_data
instead of user->authentication_methods. Dropped the PR's trailing
'else' default branch (user is not in scope here and it is unreachable
given the count guarantee).
@zvonand zvonand added releasy Created/managed by RelEasy antalya-26.5 ai-resolved Port conflict auto-resolved by Claude labels Jun 23, 2026
@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

Workflow [PR], commit [54e979b]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ai-resolved Port conflict auto-resolved by Claude antalya-26.5 releasy Created/managed by RelEasy

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zvonand