Merge #86810 #86909

86810: externalconn: add `owner` column to `system.external_connections` r=benbardin a=adityamaru This change adds a column to the External Connection table that tracks the owner of the object. This information will be surfaced in the soon to be `SHOW EXTERNAL CONNECTION` and will also be used when checking who the owner of the object is when checking privileges. Release note: None Release justification: low risk change to new functionality 86909: ui: properly construct timescale object from session storage r=xinhaoz a=xinhaoz Previously, when we restore the global timescale object from session storage, we did not properly construct non primitive type fields. This commit properly constructs the TimeScale object from session storage, reconstructing the moment.duration and moment objects that are expected in certain fields. Release justification: bug fix Release note (bug fix): timescale object is properly constructed from session storage, preventing bugs and crashes in pages that use the time scale object when reloading the page Co-authored-by: adityamaru <[email protected]> Co-authored-by: Xin Hao Zhang <[email protected]>
cockroachdb · Aug 27, 2022 · 4e84ce7 · 4e84ce7
3 parents 92b550b + 2c469a3 + b01b104
commit 4e84ce7
Show file tree

Hide file tree

Showing 13 changed files with 108 additions and 46 deletions.
diff --git a/pkg/ccl/cloudccl/externalconn/datadriven_test.go b/pkg/ccl/cloudccl/externalconn/datadriven_test.go
@@ -122,7 +122,7 @@ func TestDataDriven(t *testing.T) {
 
 			case "inspect-system-table":
 				rows := tenant.Query(`
-SELECT connection_name, connection_type, crdb_internal.pb_to_json('cockroach.cloud.externalconn.connectionpb.ConnectionDetails', connection_details) 
+SELECT connection_name, connection_type, crdb_internal.pb_to_json('cockroach.cloud.externalconn.connectionpb.ConnectionDetails', connection_details), owner
 FROM system.external_connections;
 `)
 				output, err := sqlutils.RowsToDataDrivenOutput(rows)

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/create_drop_external_connection b/pkg/ccl/cloudccl/externalconn/testdata/create_drop_external_connection
@@ -6,7 +6,7 @@ CREATE EXTERNAL CONNECTION foo AS 'nodelocal://1/foo/bar';
 
 inspect-system-table
 ----
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}}
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
 
 # Reject invalid nodelocal URIs.
 exec-sql
@@ -32,8 +32,8 @@ CREATE EXTERNAL CONNECTION bar123 AS 'nodelocal://1/baz';
 
 inspect-system-table
 ----
-bar123 STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/baz"}}
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}}
+bar123 STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/baz"}} root
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
 
 # Drop an External Connection that does not exist.
 exec-sql
@@ -46,7 +46,7 @@ DROP EXTERNAL CONNECTION bar123;
 
 inspect-system-table
 ----
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}}
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION foo;
@@ -63,7 +63,7 @@ disable-check-kms
 ----
 
 exec-sql
-CREATE EXTERNAL CONNECTION "foo-kms" AS 'gcp-kms:///cmk?AUTH=implicit&CREDENTIALS=baz&ASSUME_ROLE=ronaldo,rashford,bruno&BEARER_TOKEN=foo';
+CREATE EXTERNAL CONNECTION "foo-kms" AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg==';
 ----
 
 # Reject invalid KMS URIs.
@@ -79,7 +79,7 @@ pq: failed to construct External Connection details: failed to create GCP KMS ex
 
 inspect-system-table
 ----
-foo-kms KMS {"provider": "gcp_kms", "simpleUri": {"uri": "gcp-kms:///cmk?AUTH=implicit&CREDENTIALS=baz&ASSUME_ROLE=ronaldo,rashford,bruno&BEARER_TOKEN=foo"}}
+foo-kms KMS {"provider": "gcp_kms", "simpleUri": {"uri": "gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-kms";
@@ -115,7 +115,7 @@ pq: failed to construct External Connection details: failed to create s3 externa
 
 inspect-system-table
 ----
-foo-s3 STORAGE {"provider": "s3", "simpleUri": {"uri": "s3://foo/bar?AUTH=implicit&AWS_ACCESS_KEY_ID=123&AWS_SECRET_ACCESS_KEY=456&ASSUME_ROLE=ronaldo,rashford,bruno"}}
+foo-s3 STORAGE {"provider": "s3", "simpleUri": {"uri": "s3://foo/bar?AUTH=implicit&AWS_ACCESS_KEY_ID=123&AWS_SECRET_ACCESS_KEY=456&ASSUME_ROLE=ronaldo,rashford,bruno"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-s3";
@@ -148,7 +148,7 @@ pq: failed to construct External Connection details: invalid Kafka URI: param ca
 
 inspect-system-table
 ----
-foo-kafka STORAGE {"provider": "kafka", "simpleUri": {"uri": "kafka://broker.address.com:9092?topic_prefix=bar_&tls_enabled=true&ca_cert=Zm9vCg==&sasl_enabled=true&sasl_user={sasl user}&sasl_password={url-encoded password}&sasl_mechanism=SCRAM-SHA-256"}}
+foo-kafka STORAGE {"provider": "kafka", "simpleUri": {"uri": "kafka://broker.address.com:9092?topic_prefix=bar_&tls_enabled=true&ca_cert=Zm9vCg==&sasl_enabled=true&sasl_user={sasl user}&sasl_password={url-encoded password}&sasl_mechanism=SCRAM-SHA-256"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-kafka"
@@ -164,7 +164,7 @@ CREATE EXTERNAL CONNECTION "foo-userfile" AS 'userfile:///foo/bar';
 
 inspect-system-table
 ----
-foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}}
+foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root
 
 # Reject invalid userfile URIs.
 exec-sql
@@ -179,7 +179,7 @@ pq: failed to construct External Connection details: failed to create userfile e
 
 inspect-system-table
 ----
-foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}}
+foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-userfile";
@@ -193,7 +193,7 @@ disable-check-external-storage
 ----
 
 exec-sql
-CREATE EXTERNAL CONNECTION "foo-gs" AS 'gs://bucket/path?AUTH=implicit&ASSUME_ROLE=soccer,cricket,football'
+CREATE EXTERNAL CONNECTION "foo-gs" AS 'gs://bucket/path?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
 ----
 
 # Reject invalid gs external connections.
@@ -209,7 +209,7 @@ pq: failed to construct External Connection details: failed to create gs externa
 
 inspect-system-table
 ----
-foo-gs STORAGE {"provider": "gs", "simpleUri": {"uri": "gs://bucket/path?AUTH=implicit&ASSUME_ROLE=soccer,cricket,football"}}
+foo-gs STORAGE {"provider": "gs", "simpleUri": {"uri": "gs://bucket/path?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-gs";
@@ -247,7 +247,7 @@ pq: failed to construct External Connection details: failed to create azure exte
 
 inspect-system-table
 ----
-foo-azure STORAGE {"provider": "azure_storage", "simpleUri": {"uri": "azure-storage://bucket/path?AZURE_ACCOUNT_NAME=foo&AZURE_ACCOUNT_KEY=Zm9vCg==&AZURE_ENVIRONMENT=AzureUSGovernmentCloud"}}
+foo-azure STORAGE {"provider": "azure_storage", "simpleUri": {"uri": "azure-storage://bucket/path?AZURE_ACCOUNT_NAME=foo&AZURE_ACCOUNT_KEY=Zm9vCg==&AZURE_ENVIRONMENT=AzureUSGovernmentCloud"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-azure";

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/create_drop_external_connection b/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/create_drop_external_connection
@@ -9,7 +9,7 @@ CREATE EXTERNAL CONNECTION foo AS 'nodelocal://1/foo/bar';
 
 inspect-system-table
 ----
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}}
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
 
 # Reject invalid nodelocal URIs.
 exec-sql
@@ -35,8 +35,8 @@ CREATE EXTERNAL CONNECTION bar123 AS 'nodelocal://1/baz';
 
 inspect-system-table
 ----
-bar123 STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/baz"}}
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}}
+bar123 STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/baz"}} root
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
 
 # Drop an External Connection that does not exist.
 exec-sql
@@ -49,7 +49,7 @@ DROP EXTERNAL CONNECTION bar123;
 
 inspect-system-table
 ----
-foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}}
+foo STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo/bar"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION foo;
@@ -66,12 +66,12 @@ disable-check-kms
 ----
 
 exec-sql
-CREATE EXTERNAL CONNECTION "foo-kms" AS 'gcp-kms:///cmk?AUTH=implicit&CREDENTIALS=baz&ASSUME_ROLE=ronaldo,rashford,bruno&BEARER_TOKEN=foo';
+CREATE EXTERNAL CONNECTION "foo-kms" AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg==';
 ----
 
 inspect-system-table
 ----
-foo-kms KMS {"provider": "gcp_kms", "simpleUri": {"uri": "gcp-kms:///cmk?AUTH=implicit&CREDENTIALS=baz&ASSUME_ROLE=ronaldo,rashford,bruno&BEARER_TOKEN=foo"}}
+foo-kms KMS {"provider": "gcp_kms", "simpleUri": {"uri": "gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=="}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-kms";
@@ -107,7 +107,7 @@ pq: failed to construct External Connection details: failed to create s3 externa
 
 inspect-system-table
 ----
-foo-s3 STORAGE {"provider": "s3", "simpleUri": {"uri": "s3://foo/bar?AUTH=implicit&AWS_ACCESS_KEY_ID=123&AWS_SECRET_ACCESS_KEY=456&ASSUME_ROLE=ronaldo,rashford,bruno"}}
+foo-s3 STORAGE {"provider": "s3", "simpleUri": {"uri": "s3://foo/bar?AUTH=implicit&AWS_ACCESS_KEY_ID=123&AWS_SECRET_ACCESS_KEY=456&ASSUME_ROLE=ronaldo,rashford,bruno"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-s3";
@@ -140,7 +140,7 @@ pq: failed to construct External Connection details: invalid Kafka URI: param ca
 
 inspect-system-table
 ----
-foo-kafka STORAGE {"provider": "kafka", "simpleUri": {"uri": "kafka://broker.address.com:9092?topic_prefix=bar_&tls_enabled=true&ca_cert=Zm9vCg==&sasl_enabled=true&sasl_user={sasl user}&sasl_password={url-encoded password}&sasl_mechanism=SCRAM-SHA-256"}}
+foo-kafka STORAGE {"provider": "kafka", "simpleUri": {"uri": "kafka://broker.address.com:9092?topic_prefix=bar_&tls_enabled=true&ca_cert=Zm9vCg==&sasl_enabled=true&sasl_user={sasl user}&sasl_password={url-encoded password}&sasl_mechanism=SCRAM-SHA-256"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-kafka"
@@ -156,7 +156,7 @@ CREATE EXTERNAL CONNECTION "foo-userfile" AS 'userfile:///foo/bar';
 
 inspect-system-table
 ----
-foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}}
+foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root
 
 # Reject invalid userfile URIs.
 exec-sql
@@ -171,7 +171,7 @@ pq: failed to construct External Connection details: failed to create userfile e
 
 inspect-system-table
 ----
-foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}}
+foo-userfile STORAGE {"provider": "userfile", "simpleUri": {"uri": "userfile:///foo/bar"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-userfile";
@@ -206,7 +206,7 @@ pq: failed to construct External Connection details: failed to create azure exte
 
 inspect-system-table
 ----
-foo-azure STORAGE {"provider": "azure_storage", "simpleUri": {"uri": "azure-storage://bucket/path?AZURE_ACCOUNT_NAME=foo&AZURE_ACCOUNT_KEY=Zm9vCg==&AZURE_ENVIRONMENT=AzureUSGovernmentCloud"}}
+foo-azure STORAGE {"provider": "azure_storage", "simpleUri": {"uri": "azure-storage://bucket/path?AZURE_ACCOUNT_NAME=foo&AZURE_ACCOUNT_KEY=Zm9vCg==&AZURE_ENVIRONMENT=AzureUSGovernmentCloud"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION "foo-azure";

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/privileges_external_connection b/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/privileges_external_connection
@@ -22,7 +22,7 @@ CREATE EXTERNAL CONNECTION "global-privileged" AS 'nodelocal://1/foo'
 
 inspect-system-table
 ----
-global-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
+global-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} testuser
 
 exec-sql
 DROP EXTERNAL CONNECTION "global-privileged";
@@ -57,8 +57,8 @@ pq: user testuser does not have DROP privilege on external_connection drop-privi
 
 inspect-system-table
 ----
-drop-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
+drop-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
+drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
 
 exec-sql
 GRANT DROP ON EXTERNAL CONNECTION "drop-privileged" TO testuser;
@@ -76,7 +76,7 @@ pq: user testuser does not have DROP privilege on external_connection drop-privi
 
 inspect-system-table
 ----
-drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
+drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION 'drop-privileged-dup'

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/show_create_external_connections b/pkg/ccl/cloudccl/externalconn/testdata/multi-tenant/show_create_external_connections
@@ -14,7 +14,15 @@ CREATE EXTERNAL CONNECTION nodelocal AS 'nodelocal://1/foo';
 ----
 
 exec-sql
-CREATE EXTERNAL CONNECTION kms AS 'gs:///cmk?AUTH=implicit&CREDENTIALS=wont-be-redacted';
+CREATE EXTERNAL CONNECTION kms AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg==';
+----
+
+exec-sql
+CREATE EXTERNAL CONNECTION s3 AS 's3://bucket?AUTH=specified&AWS_ACCESS_KEY_ID=key&AWS_SECRET_ACCESS_KEY=secret-key';
+----
+
+exec-sql
+CREATE EXTERNAL CONNECTION gs AS 'gs://bucket?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg==';
 ----
 
 exec-sql
@@ -24,9 +32,11 @@ CREATE EXTERNAL CONNECTION kafka AS 'kafka://broker.address.com:9092';
 query-sql
 SHOW CREATE ALL EXTERNAL CONNECTIONS
 ----
+gs CREATE EXTERNAL CONNECTION 'gs' AS 'gs://bucket?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
 kafka CREATE EXTERNAL CONNECTION 'kafka' AS 'kafka://broker.address.com:9092'
-kms CREATE EXTERNAL CONNECTION 'kms' AS 'gs:///cmk?AUTH=implicit&CREDENTIALS=wont-be-redacted'
+kms CREATE EXTERNAL CONNECTION 'kms' AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
 nodelocal CREATE EXTERNAL CONNECTION 'nodelocal' AS 'nodelocal://1/foo'
+s3 CREATE EXTERNAL CONNECTION 's3' AS 's3://bucket?AUTH=specified&AWS_ACCESS_KEY_ID=key&AWS_SECRET_ACCESS_KEY=secret-key'
 
 query-sql
 SHOW CREATE EXTERNAL CONNECTION nodelocal
@@ -36,7 +46,7 @@ nodelocal CREATE EXTERNAL CONNECTION 'nodelocal' AS 'nodelocal://1/foo'
 query-sql
 SHOW CREATE EXTERNAL CONNECTION kms
 ----
-kms CREATE EXTERNAL CONNECTION 'kms' AS 'gs:///cmk?AUTH=implicit&CREDENTIALS=wont-be-redacted'
+kms CREATE EXTERNAL CONNECTION 'kms' AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
 
 query-sql
 SHOW CREATE EXTERNAL CONNECTION kafka

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/privileges_external_connection b/pkg/ccl/cloudccl/externalconn/testdata/privileges_external_connection
@@ -19,7 +19,7 @@ CREATE EXTERNAL CONNECTION "global-privileged" AS 'nodelocal://1/foo'
 
 inspect-system-table
 ----
-global-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
+global-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} testuser
 
 exec-sql
 DROP EXTERNAL CONNECTION "global-privileged";
@@ -54,8 +54,8 @@ pq: user testuser does not have DROP privilege on external_connection drop-privi
 
 inspect-system-table
 ----
-drop-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
-drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
+drop-privileged STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
+drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
 
 exec-sql
 GRANT DROP ON EXTERNAL CONNECTION "drop-privileged" TO testuser;
@@ -73,7 +73,7 @@ pq: user testuser does not have DROP privilege on external_connection drop-privi
 
 inspect-system-table
 ----
-drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}}
+drop-privileged-dup STORAGE {"provider": "nodelocal", "simpleUri": {"uri": "nodelocal://1/foo"}} root
 
 exec-sql
 DROP EXTERNAL CONNECTION 'drop-privileged-dup'

diff --git a/pkg/ccl/cloudccl/externalconn/testdata/show_create_external_connections b/pkg/ccl/cloudccl/externalconn/testdata/show_create_external_connections
@@ -11,7 +11,15 @@ CREATE EXTERNAL CONNECTION nodelocal AS 'nodelocal://1/foo';
 ----
 
 exec-sql
-CREATE EXTERNAL CONNECTION kms AS 'gs:///cmk?AUTH=implicit&CREDENTIALS=wont-be-redacted';
+CREATE EXTERNAL CONNECTION kms AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg==';
+----
+
+exec-sql
+CREATE EXTERNAL CONNECTION s3 AS 's3://bucket?AUTH=specified&AWS_ACCESS_KEY_ID=key&AWS_SECRET_ACCESS_KEY=secret-key';
+----
+
+exec-sql
+CREATE EXTERNAL CONNECTION gs AS 'gs://bucket?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg==';
 ----
 
 exec-sql
@@ -21,9 +29,11 @@ CREATE EXTERNAL CONNECTION kafka AS 'kafka://broker.address.com:9092';
 query-sql
 SHOW CREATE ALL EXTERNAL CONNECTIONS
 ----
+gs CREATE EXTERNAL CONNECTION 'gs' AS 'gs://bucket?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
 kafka CREATE EXTERNAL CONNECTION 'kafka' AS 'kafka://broker.address.com:9092'
-kms CREATE EXTERNAL CONNECTION 'kms' AS 'gs:///cmk?AUTH=implicit&CREDENTIALS=wont-be-redacted'
+kms CREATE EXTERNAL CONNECTION 'kms' AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
 nodelocal CREATE EXTERNAL CONNECTION 'nodelocal' AS 'nodelocal://1/foo'
+s3 CREATE EXTERNAL CONNECTION 's3' AS 's3://bucket?AUTH=specified&AWS_ACCESS_KEY_ID=key&AWS_SECRET_ACCESS_KEY=secret-key'
 
 query-sql
 SHOW CREATE EXTERNAL CONNECTION nodelocal
@@ -33,7 +43,7 @@ nodelocal CREATE EXTERNAL CONNECTION 'nodelocal' AS 'nodelocal://1/foo'
 query-sql
 SHOW CREATE EXTERNAL CONNECTION kms
 ----
-kms CREATE EXTERNAL CONNECTION 'kms' AS 'gs:///cmk?AUTH=implicit&CREDENTIALS=wont-be-redacted'
+kms CREATE EXTERNAL CONNECTION 'kms' AS 'gcp-kms:///cmk?AUTH=specified&BEARER_TOKEN=c29tZXRoaW5nCg=='
 
 query-sql
 SHOW CREATE EXTERNAL CONNECTION kafka