yuqi1129 opened a new pull request, #11622: URL: https://github.com/apache/gravitino/pull/11622
### What changes were proposed in this pull request? - **#11568**: Structured per-tool-call audit logging attributed to the principal. - **#11572**: Per-request token isolation for HTTP transport — forward each request's `Authorization` header instead of a shared server token; accept the `streamable-http` transport alias and support serving the endpoint over TLS. - **#11575**: Forward the raw `Authorization` header instead of assuming Bearer; add a live-Gravitino authorization integration test wired into CI. - Add a localtest example and docs. Note: stacked on #11621; commits before it will drop from the diff once it merges. ### Why are the changes needed? Multi-user HTTP deployments need per-request identity propagation so Gravitino enforces each caller's permissions, plus audit attribution, TLS support, and integration coverage against a live Gravitino server. Fix: #11568 Fix: #11572 Fix: #11575 ### Does this PR introduce _any_ user-facing change? Yes: 1. HTTP transport forwards per-request `Authorization` headers. 2. New `streamable-http` transport alias and TLS options. 3. Structured audit logs per tool call. ### How was this patch tested? Unit tests (119 passed) plus a new live-Gravitino authorization integration test running in CI. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
