jtuglu1 opened a new issue, #18957: URL: https://github.com/apache/druid/issues/18957
### Description This would allow a user to POST a query/task and allow the task to use the identity of the user to access some external state (e.g. Iceberg table). Currently, the Iceberg plugin assumes once the catalog loads the table, the subtasks will have access to the data (via static credentials). My proposed flow would be: - User submits MSQ query/task - User identity is propagated into task via a mixin (to hide credentials) - Iceberg catalog uses user credentials to vend warehouse credentials to read Iceberg data from object store - These warehouse credentials are then passed to sub-tasks who are handed the warehouse input source. ### Motivation Support credential vending using Druid Authorizer logic. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
