vrajat opened a new issue, #15373: URL: https://github.com/apache/pinot/issues/15373
There have been a few changes in auth & validation code in `BaseSingleStageBrokerRequestHandler` in the recent past. A timeline: * https://github.com/apache/pinot/pull/14953 added an auth check so that compile time checks do not leak information in unauthorized requests. * https://github.com/apache/pinot/pull/15073 refactored the function to make it more readable. We found that time is not calculated correctly for compile & auth time because of the previous commit. * https://github.com/apache/pinot/pull/15240 consolidated the auth checks. It reused code from MSE as the new code was looking very similar. One unexpected change was to directly check auth using a list of tables instead of checking the same from a `BrokerRequest` object. This broke use cases at LinkedIn and the last commit was reverted in https://github.com/apache/pinot/pull/15346 The current state is that: * Auth and Compile phase times are wrong. * Auth checks are different b/w MSE & SSE. * In the near future, SSE also has to support auth checks on multiple tables for #10712 One proposal is to separate auth checks on `BrokerRequest` and `Table List`. A POC is in https://github.com/apache/pinot/pull/15351 cc @siddharthteotia @vvivekiyer @Jackie-Jiang @gortiz -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
