cecemei commented on code in PR #17774:
URL: https://github.com/apache/druid/pull/17774#discussion_r2021957055
##########
server/src/main/java/org/apache/druid/server/coordination/ServerManager.java:
##########
@@ -190,6 +195,11 @@ public <T> QueryRunner<T>
getQueryRunnerForSegments(Query<T> theQuery, Iterable<
throw new ISE("Cannot handle subquery: %s", dataSourceFromQuery);
}
+ if (!(theQuery instanceof SegmentMetadataQuery)
+ &&
!dataSourceFromQuery.validate(authConfig.getTableSecurityPolicyConfig())) {
+ throw new ISE("Failed security validation with dataSource [%s]",
dataSourceFromQuery);
+ }
Review Comment:
i think in my mind this special case for `SegmentMetadataQuery` is a
temporary solution, we're likely going to figure out how RestrictedDS work on
that later. we also have this special case handling for `QueryLifeCycle` as
well.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
