Vamsi-klu opened a new pull request, #18974:
URL: https://github.com/apache/pinot/pull/18974

   Fixes #7805
   
   ## What changed
   
   This PR adds the configured authorization header to Pinot's generated 
Swagger API documentation.
   
   `SwaggerSetupUtils` now builds a Swagger security definition for the 
existing `Authorization` header and applies that security requirement to the 
generated API config. The runtime authentication behavior is unchanged; this 
only makes the OpenAPI/Swagger description accurately expose the header that 
secured Pinot APIs already expect.
   
   The PR also extracts the Swagger config construction into a testable helper 
so the generated API metadata can be validated without starting a controller.
   
   ## Why it matters
   
   When Swagger does not describe the authorization header, users can see 
secured endpoints in the API docs but have no standard way to supply 
credentials from the Swagger UI or generated clients. That makes secured 
controller APIs harder to try, document, and integrate with.
   
   Pinot already has a shared `Authorization` header constant for Swagger auth. 
Surfacing it in the Swagger config aligns the documentation with the actual 
authentication contract and avoids forcing users to infer or manually patch the 
header into requests.
   
   ## Impact
   
   Swagger/OpenAPI consumers now see an API-key-style `Authorization` header 
security definition.
   
   Swagger UI users can provide the authorization header through the documented 
security mechanism instead of manually editing each request.
   
   Existing runtime auth behavior, filters, and controller authorization checks 
are not changed.
   
   ## Testing
   
   - `./mvnw -pl pinot-common -Dtest=SwaggerSetupUtilsTest test`
   - `./mvnw -pl pinot-common spotless:apply`
   - `./mvnw -pl pinot-common checkstyle:check`
   - `./mvnw -pl pinot-common license:check`
   - `git diff --check`
   
   The test verifies that the generated Swagger config contains the 
`Authorization` header security definition, uses the expected API key auth 
scheme, and attaches the security requirement to the API config.
   
   ---
   Drafted-by: Codex (GPT-5) (no human review before posting)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to