Copilot commented on code in PR #18278: URL: https://github.com/apache/dolphinscheduler/pull/18278#discussion_r3285302729
########## docs/docs/en/contribute/backend/spi/task.md: ########## @@ -15,3 +15,15 @@ In additional, the `TaskChannelFactory` extends from `PrioritySPI`, this means y Since the task plug-in involves the front-end page, the front-end SPI has not yet been implemented, so you need to implement the front-end page corresponding to the plug-in separately. If there is a class conflict in the task plugin, you can use [Shade-Relocating Classes](https://maven.apache.org/plugins/maven-shade-plugin/) to solve this problem. + +#### Runtime credentials for task plugins + +Some task plugins need to access external systems using short-lived credentials. A plugin should avoid storing long-lived credentials in task parameters and should avoid printing credentials in task logs. + +Recommended practice: + +- Use the task execution context, such as project, workflow, task instance, datasource, tenant, and worker group, when requesting runtime credentials from an external authorization service. Review Comment: The new bullet uses “datasource”, but other docs typically refer to this concept as “data source”. Please standardize the term here (and clarify if you mean DolphinScheduler’s DataSource entity vs a generic external data source) to avoid ambiguity for plugin authors. ########## docs/docs/en/guide/security/security.md: ########## @@ -25,6 +25,12 @@ Administrator login, default username/password: admin/dolphinscheduler123  +### Tenant boundary and external data permissions + +The tenant code is used by the Worker as the execution identity, for example the Linux user that runs a task process. It is an execution resource boundary in DolphinScheduler. Fine-grained permissions for external systems such as databases, object stores, data catalogs, or lakehouse tables should be validated and enforced by those external systems. + +Do not treat the tenant code alone as a user-level data permission principal for external systems. If a task needs short-lived external credentials, bind those credentials to auditable task context such as the project, workflow, task instance, datasource, tenant, and worker group, and avoid storing long-lived credentials in task definitions. Review Comment: In this doc, the term is used elsewhere as “data source(s)” (two words). The newly added “datasource” in the context list is inconsistent and may confuse readers—please standardize the terminology (e.g., “data source” or “data source (Datasource)” if referring to the DolphinScheduler entity). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
