Docs Update: Graceful shutdown request needs X-Trino-User header

trinodb / trino

Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)

https://trino.io

Apache License 2.0

10.5k stars 3.02k forks source link

Docs Update: Graceful shutdown request needs X-Trino-User header #22593

Open mgorbatenko opened 4 months ago

mgorbatenko commented 4 months ago

Not a huge deal, but the docs show this as an example api request for graceful shutdowns on worker nodes:

curl -v -X PUT -d '"SHUTTING_DOWN"' -H "Content-type: application/json" \
    http://worker:8081/v1/info/state

Without an X-Trino-User header, the request results in 401 Unauthorized.

It'd be nice if the docs include the header so that future users know to add it.

I've outlined some of my learnings on the Trino slack here.

wendigo commented 4 months ago

cc @mosabua

mosabua commented 4 months ago

Sounds good. Did you want to supply a complete example here or send a PR @mgorbatenko ?

mgorbatenko commented 4 months ago

@mosabua I don't have the CLA signed but something like this example should do 😄

curl -v -X PUT -d '"SHUTTING_DOWN"' -H "Content-type: application/json" -H "X-Trino-User: authorizeduser" \
    http://worker:8081/v1/info/state

hashhar commented 4 months ago

X-Trino-User isn't the only requirement. The user must also have permissions to write "system information" (for a file-based access control example see https://github.com/trinodb/trino/issues/22589).

Additionally if cluster is protected by authentication then the request must be authenticated too.

datasundae commented 3 months ago

I am a new potential contributor focused on documentation. Would it make sense for me to make this change and submit a pull request (as a training exercise of sorts)?

wendigo commented 3 months ago

@datasundae please do :)

datasundae commented 3 months ago

Does the @hashhar concern regarding "The user must also have permissions to write "system information" need to be addressed in the docs also? Would that just be a "Remember: The user must also have permissions to write "system information" statement?

datasundae commented 3 months ago

OK I created a pull request. So far so good but I need to sign the CLA and it's not clear how I do that - expected a bot to direct me but didn't see anything. Will ask in the beginner Slack

datasundae commented 3 months ago

Nevermind CLA form came via email

volodymyr-devops commented 2 months ago

Hi @hashhar

Additionally if cluster is protected by authentication then the request must be authenticated too.

I have the cluster that requires authentication (http-server.authentication.type=PASSWORD), but the Graceful shutdown request is made without any password, only the header -H "X-Trino-User: some-user" is added.

E.g.: curl -v -k -X PUT -d '"SHUTTING_DOWN"' -H "Content-type: application/json" -H 'X-Trino-User: {user}' https://{worker}:{port}/v1/info/state

Can you double-check about user authentication support by Graceful shutdown?