Vamsi-klu opened a new pull request, #18974: URL: https://github.com/apache/pinot/pull/18974
Fixes #7805 ## What changed This PR adds the configured authorization header to Pinot's generated Swagger API documentation. `SwaggerSetupUtils` now builds a Swagger security definition for the existing `Authorization` header and applies that security requirement to the generated API config. The runtime authentication behavior is unchanged; this only makes the OpenAPI/Swagger description accurately expose the header that secured Pinot APIs already expect. The PR also extracts the Swagger config construction into a testable helper so the generated API metadata can be validated without starting a controller. ## Why it matters When Swagger does not describe the authorization header, users can see secured endpoints in the API docs but have no standard way to supply credentials from the Swagger UI or generated clients. That makes secured controller APIs harder to try, document, and integrate with. Pinot already has a shared `Authorization` header constant for Swagger auth. Surfacing it in the Swagger config aligns the documentation with the actual authentication contract and avoids forcing users to infer or manually patch the header into requests. ## Impact Swagger/OpenAPI consumers now see an API-key-style `Authorization` header security definition. Swagger UI users can provide the authorization header through the documented security mechanism instead of manually editing each request. Existing runtime auth behavior, filters, and controller authorization checks are not changed. ## Testing - `./mvnw -pl pinot-common -Dtest=SwaggerSetupUtilsTest test` - `./mvnw -pl pinot-common spotless:apply` - `./mvnw -pl pinot-common checkstyle:check` - `./mvnw -pl pinot-common license:check` - `git diff --check` The test verifies that the generated Swagger config contains the `Authorization` header security definition, uses the expected API key auth scheme, and attaches the security requirement to the API config. --- Drafted-by: Codex (GPT-5) (no human review before posting) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
