Skip to content

Support trino roles #322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ssheikin wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Support trino roles #322

ssheikin wants to merge 3 commits into from

Conversation

@ssheikin
Copy link

@ssheikin ssheikin commented Nov 4, 2025
edited
Loading

solves

Summary

Support trino roles by allowing users to specify a role in the data source config and passing it through backend context into SQL requests.

  • Add UI input for configuring a Trino role in the data source settings
  • Extend TypeScript types and Go settings model to include the role field

@cla-bot cla-bot bot added the cla-signed label Nov 4, 2025
@sourcery-ai
Copy link

sourcery-ai bot commented Nov 4, 2025
edited
Loading

Reviewer's Guide

This PR implements support for the X-Trino-Role header by extending the frontend configuration UI and type definitions, adding a Role field in the backend settings model, propagating the role value through the datasource context, and injecting it into SQL query arguments.

Entity relationship diagram for updated TrinoDatasourceSettings model

erDiagram
  TrinoDatasourceSettings {
    string ClientId
    string ClientSecret
    string ImpersonationUser
    string Role
    string ClientTags
  }
Loading

Class diagram for updated TrinoDataSourceOptions and TrinoDatasourceSettings

classDiagram
  class TrinoDataSourceOptions {
    tokenUrl?: string
    clientId?: string
    impersonationUser?: string
    role?: string
    clientTags?: string
  }
  class TrinoDatasourceSettings {
    ClientId string
    ClientSecret string
    ImpersonationUser string
    Role string
    ClientTags string
  }
Loading

File-Level Changes

Change Details Files
Add Role field to configuration UI
  • Introduce onRoleChange handler
  • Render new Role InlineField with Input component
 src/ConfigEditor.tsx
Extend frontend type definitions to include Role
  • Add role property to TrinoDataSourceOptions interface
 src/types.ts
Add Role field to backend settings model
  • Define Role in TrinoDatasourceSettings struct
 pkg/trino/models/settings.go
Propagate Role through datasource context
  • Set context value for role header if provided
  • Format role header as system=ROLE{role}
 pkg/trino/datasource-context.go
Include Role in SQL query arguments
  • Retrieve role from context
  • Append role named argument to SQL args
 pkg/trino/datasource.go
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Nov 4, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents 
Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `pkg/trino/datasource-context.go:45-46` </location>
<code_context>
 		ctx = context.WithValue(ctx, trinoUserHeader, user)
 	}

+	if settings.Role != "" {
+		ctx = context.WithValue(ctx, trinoRoleHeader, "system=ROLE{"+settings.Role+"}")
+	}
+
</code_context>

<issue_to_address>
**🚨 suggestion (security):** Consider validating the Role value before formatting.

If settings.Role is user-supplied, ensure it is validated or sanitized to prevent malformed or unexpected header values.

Suggested implementation:

```golang
	if settings.Role != "" {
		role := sanitizeRole(settings.Role)
		if role != "" {
			ctx = context.WithValue(ctx, trinoRoleHeader, "system=ROLE{"+role+"}")
		}
	}

```

```golang
const (
	accessTokenKey     = "accessToken"
	trinoUserHeader    = "X-Trino-User"
	trinoRoleHeader    = "X-Trino-Role"
	trinoClientTagsKey = "X-Trino-Client-Tags"
	bearerPrefix       = "Bearer "
)

// sanitizeRole ensures the role value is safe for use in the header.
// Only allows alphanumeric and underscores, returns empty string if invalid.
func sanitizeRole(role string) string {
	for _, r := range role {
		if !(r >= 'a' && r <= 'z') && !(r >= 'A' && r <= 'Z') && !(r >= '0' && r <= '9') && r != '_' {
			return ""
		}
	}
	return role
}

```
</issue_to_address>

### Comment 2
<location> `pkg/trino/datasource.go:97-98` </location>
<code_context>
 		args = append(args, sql.Named(accessTokenKey, accessToken.(string)))
 	}

+	if role != nil {
+		args = append(args, sql.Named(trinoRoleHeader, role.(string)))
+	}
+
</code_context>

<issue_to_address>
**issue (bug_risk):** Type assertion on role could panic if not a string.

Use a type check or type switch before asserting role as a string to prevent runtime panics.
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@nineinchnick
Copy link
Member

nineinchnick commented Nov 4, 2025

Can you add an e2e test that'd verify this works?

@ssheikin
Copy link
Author

ssheikin commented Nov 4, 2025

in progress.

ssheikin
ssheikin commented Nov 4, 2025
View reviewed changes
@ssheikin ssheikin force-pushed the ssheikin/X-Trino-Role branch 2 times, most recently from a6f9187 to 599f44b Compare November 7, 2025 20:21
ssheikin
ssheikin commented Nov 7, 2025
View reviewed changes
@ssheikin ssheikin force-pushed the ssheikin/X-Trino-Role branch from 599f44b to 69759bd Compare November 7, 2025 20:33
ksobolew
ksobolew reviewed Nov 12, 2025
View reviewed changes
@ssheikin
Copy link
Author

ssheikin commented Nov 17, 2025

@nineinchnick Could you let me know when you might have time to review this?

@ssheikin ssheikin force-pushed the ssheikin/X-Trino-Role branch from 69759bd to 91e6b3e Compare November 17, 2025 14:48
kokosing
kokosing reviewed Nov 17, 2025
View reviewed changes
nineinchnick
nineinchnick reviewed Nov 17, 2025
View reviewed changes
@Flgado Flgado mentioned this pull request Nov 28, 2025
Merged
@ssheikin ssheikin force-pushed the ssheikin/X-Trino-Role branch 2 times, most recently from 582d9b3 to 27a8ed1 Compare December 3, 2025 14:24
ssheikin
ssheikin commented Dec 3, 2025
View reviewed changes
Copy link
Author

@ssheikin ssheikin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've addressed all comments. Please approve.

@ssheikin ssheikin force-pushed the ssheikin/X-Trino-Role branch from 27a8ed1 to 943e388 Compare December 3, 2025 14:27
@ssheikin ssheikin changed the title Support X-Trino-Role header Support trino roles Dec 3, 2025
nineinchnick
nineinchnick approved these changes Dec 3, 2025
View reviewed changes
@ssheikin ssheikin force-pushed the ssheikin/X-Trino-Role branch 3 times, most recently from 6d49664 to 98ba0f2 Compare December 3, 2025 16:10
lukasz-walkiewicz
lukasz-walkiewicz approved these changes Dec 8, 2025
View reviewed changes
@ssheikin ssheikin force-pushed the ssheikin/X-Trino-Role branch from 98ba0f2 to 8ad13e6 Compare December 9, 2025 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kokosing kokosing kokosing left review comments

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@nineinchnick nineinchnick nineinchnick approved these changes

+3 more reviewers

@ksobolew ksobolew ksobolew left review comments

@Flgado Flgado Flgado left review comments

@lukasz-walkiewicz lukasz-walkiewicz lukasz-walkiewicz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-signed

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ssheikin @nineinchnick @ksobolew @kokosing @lukasz-walkiewicz @Flgado