jtuglu1 commented on code in PR #19236:
URL: https://github.com/apache/druid/pull/19236#discussion_r3052757177
##########
indexing-service/src/main/java/org/apache/druid/indexing/overlord/http/OverlordResource.java:
##########
@@ -185,6 +205,27 @@ public Response taskPost(
throw new ForbiddenException(authResult.getErrorMessage());
}
+ // Inject auth context if provider is configured
+ if (taskAuthContextProvider != null) {
+ final AuthenticationResult authenticationResult =
AuthorizationUtils.authenticationResultFromRequest(req);
Review Comment:
> How will this work in the SQL DML path, where the user submits a task to
/druid/v2/sql/task/ and the Broker then submits the task using its own
credentials?
That's the thing. In our implementation, the broker passes through the user
auth context and not its own credentials, so there's no use of the Broker
credentials in the task payload (only used for validating the request came from
the Brokers).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
