diqiu50 opened a new pull request, #10730: URL: https://github.com/apache/gravitino/pull/10730
### What changes were proposed in this pull request? Add per-query credential forwarding from Trino to Gravitino via a new `gravitino.client.session.forwardUser` option. When enabled, the connector forwards the Trino session identity (username or Bearer token) to Gravitino on every request instead of using static credentials. Uses a `SessionAwareCatalogMetadata` wrapper to correctly propagate session context across threads (coordinator thread → split runner threads). ### Why are the changes needed? Fix: #10559 In a multi-user deployment, each Trino user should authenticate with their own identity so Gravitino can apply per-user authorization policies. ### Does this PR introduce _any_ user-facing change? New connector property: `gravitino.client.session.forwardUser=true` — forwards the Trino session identity to Gravitino per request. Behavior depends on `authType`: forwards the session username for `simple`, or a Bearer token from extra credentials for `oauth2`. ### How was this patch tested? - Unit tests: `TestGravitinoAuthProvider` - Manual integration test: verified session credentials correctly forwarded, no cross-contamination under concurrent queries -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
