Support X-Trino-Role header

ssheikin · ssheikin · commit 69759bd7534a · 2025-11-07T21:33:27.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -87,6 +87,7 @@ jobs:
             --name trino \
             --net trino \
             --volume "$(pwd)/test-data/trino/test-trino-config.properties:/etc/trino/config.properties" \
+            --volume "$(pwd)/test-data/trino/catalog/hive.properties:/etc/trino/catalog/hive.properties" \
             trinodb/trino:468
 
           echo "Starting Grafana..."
@@ -97,6 +98,20 @@ jobs:
             --volume "$(pwd):/var/lib/grafana/plugins/trino" \
             --env "GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS=trino-datasource" \
             grafana/grafana:11.4.0
+          
+          echo "Waiting for Trino to be ready..."
+          while true; do
+            if docker logs trino 2>&1 | grep -q '======== SERVER STARTED ========'; then
+              echo "Trino is ready!"
+              break
+            fi
+            echo "Waiting for Trino..."
+            sleep 5
+          done
+
+          echo "Preconfiguring trino..."
+          docker exec trino trino --user admin --execute "GRANT admin TO USER grafana IN hive;"
+          echo "Done."
 
       - name: End to end test
         run: |
diff --git a/pkg/trino/datasource-context.go b/pkg/trino/datasource-context.go
@@ -14,6 +14,7 @@ import (
 const (
 	accessTokenKey     = "accessToken"
 	trinoUserHeader    = "X-Trino-User"
+	trinoRoleHeader    = "X-Trino-Role"
 	trinoClientTagsKey = "X-Trino-Client-Tags"
 	bearerPrefix       = "Bearer "
 )
@@ -41,6 +42,10 @@ func (ds *SQLDatasourceWithTrinoUserContext) QueryData(ctx context.Context, req
 		ctx = context.WithValue(ctx, trinoUserHeader, user)
 	}
 
+	if settings.Role != "" {
+		ctx = context.WithValue(ctx, trinoRoleHeader, settings.Role)
+	}
+
 	if settings.ClientTags != "" {
 		ctx = context.WithValue(ctx, trinoClientTagsKey, settings.ClientTags)
 	}
diff --git a/pkg/trino/datasource.go b/pkg/trino/datasource.go
@@ -83,6 +83,7 @@ func (s *TrinoDatasource) SetQueryArgs(ctx context.Context, headers http.Header)
 
 	user := ctx.Value(trinoUserHeader)
 	accessToken := ctx.Value(accessTokenKey)
+	role := ctx.Value(trinoRoleHeader)
 	clientTags := ctx.Value(trinoClientTagsKey)
 
 	if user != nil {
@@ -93,6 +94,10 @@ func (s *TrinoDatasource) SetQueryArgs(ctx context.Context, headers http.Header)
 		args = append(args, sql.Named(accessTokenKey, accessToken.(string)))
 	}
 
+	if role != nil {
+		args = append(args, sql.Named(trinoRoleHeader, role.(string)))
+	}
+
 	if clientTags != nil {
 		args = append(args, sql.Named(trinoClientTagsKey, clientTags.(string)))
 	}
diff --git a/pkg/trino/models/settings.go b/pkg/trino/models/settings.go
@@ -20,6 +20,7 @@ type TrinoDatasourceSettings struct {
 	ClientId            string             `json:"clientId"`
 	ClientSecret        string             `json:"clientSecret"`
 	ImpersonationUser   string             `json:"impersonationUser"`
+	Role                string             `json:"role"`
 	ClientTags          string             `json:"clientTags"`
 }
 
diff --git a/src/ConfigEditor.tsx b/src/ConfigEditor.tsx
@@ -34,6 +34,9 @@ export class ConfigEditor extends PureComponent<Props, State> {
     const onImpersonationUserChange = (event: ChangeEvent<HTMLInputElement>) => {
       onOptionsChange({...options, jsonData: {...options.jsonData, impersonationUser: event.target.value}})
     };
+    const onRoleChange = (event: ChangeEvent<HTMLInputElement>) => {
+      onOptionsChange({...options, jsonData: {...options.jsonData, role: event.target.value}})
+    };
     const onClientTagsChange = (event: ChangeEvent<HTMLInputElement>) => {
       onOptionsChange({...options, jsonData: {...options.jsonData, clientTags: event.target.value}})
     };
@@ -75,6 +78,19 @@ export class ConfigEditor extends PureComponent<Props, State> {
                 />
             </InlineField>
           </div>
+          <div className="gf-form-inline">
+            <InlineField
+              label="Role"
+              tooltip="For X-Trino-Role"
+              labelWidth={26}
+            >
+              <Input
+                value={options.jsonData?.role ?? ''}
+                onChange={onRoleChange}
+                width={40}
+              />
+            </InlineField>
+          </div>
           <div className="gf-form-inline">
             <InlineField
               label="Client Tags"
diff --git a/src/e2e.test.ts b/src/e2e.test.ts
@@ -43,6 +43,12 @@ async function setupDataSourceWithClientTags(page: Page, clientTags: string) {
     await page.getByTestId('data-testid Data source settings page Save and Test button').click();
 }
 
+async function setupDataSourceWithRole(page: Page, role: string) {
+    await page.getByTestId('data-testid Datasource HTTP settings url').fill('http://trino:8080');
+    await page.locator('div').filter({hasText: /^Role$/}).locator('input').fill(role);
+    await page.getByTestId('data-testid Data source settings page Save and Test button').click();
+}
+
 async function runQueryAndCheckResults(page: Page) {
     await page.getByLabel(EXPORT_DATA).click();
     await page.getByTestId('data-testid TimePicker Open Button').click();
@@ -91,3 +97,34 @@ test('test with client tags', async ({ page }) => {
     await setupDataSourceWithClientTags(page, 'tag1,tag2,tag3');
     await runQueryAndCheckResults(page);
 });
+
+test('test with role', async ({ page }) => {
+    await login(page);
+    await goToTrinoSettings(page);
+    await setupDataSourceWithRole(page, 'hive=ROLE{admin}');
+    await runRoleQuery(page);
+    await expect(page.getByTestId('data-testid table body')).toContainText(/.*admin.*/);
+
+});
+
+test('test without role', async ({ page }) => {
+    await login(page);
+    await goToTrinoSettings(page);
+    await setupDataSourceWithRole(page, '');
+    await runRoleQuery(page);
+    await expect(page.getByText(/Access Denied: Cannot show roles/)).toBeVisible();
+});
+
+async function runRoleQuery(page: Page) {
+    await page.getByLabel(EXPORT_DATA).click();
+    await page.locator('div').filter({hasText: /^Format asChoose$/}).locator('svg').click();
+    await page.getByRole('option', {name: 'Table'}).click();
+    await setQuery(page, 'SHOW ROLES FROM hive')
+    await page.getByTestId('data-testid Code editor container').click();
+    await page.getByTestId('data-testid RefreshPicker run button').click();
+}
+
+async function setQuery(page: Page, query: string) {
+    await page.getByTestId('data-testid Code editor container').click({ clickCount: 4 });
+    await page.keyboard.type(query);
+}
diff --git a/src/types.ts b/src/types.ts
@@ -56,6 +56,7 @@ export interface TrinoDataSourceOptions extends DataSourceJsonData {
   tokenUrl?: string;
   clientId?: string;
   impersonationUser?: string;
+  role?: string;
   clientTags?: string;
 }
 /**
diff --git a/test-data/trino/catalog/hive.properties b/test-data/trino/catalog/hive.properties
@@ -0,0 +1,5 @@
+connector.name=hive
+hive.metastore=file
+hive.metastore.catalog.dir=/tmp/metastore
+hive.security=sql-standard
+fs.hadoop.enabled=true

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ import (`
`14`	`14`	`const (`
`15`	`15`	`accessTokenKey = "accessToken"`
`16`	`16`	`trinoUserHeader = "X-Trino-User"`
	`17`	`+ trinoRoleHeader = "X-Trino-Role"`
`17`	`18`	`trinoClientTagsKey = "X-Trino-Client-Tags"`
`18`	`19`	`bearerPrefix = "Bearer "`
`19`	`20`	`)`
`@@ -41,6 +42,10 @@ func (ds *SQLDatasourceWithTrinoUserContext) QueryData(ctx context.Context, req`
`41`	`42`	`ctx = context.WithValue(ctx, trinoUserHeader, user)`
`42`	`43`	`}`
`43`	`44`
	`45`	`+ if settings.Role != "" {`
	`46`	`+ ctx = context.WithValue(ctx, trinoRoleHeader, settings.Role)`
	`47`	`+ }`
	`48`	`+`
`44`	`49`	`if settings.ClientTags != "" {`
`45`	`50`	`ctx = context.WithValue(ctx, trinoClientTagsKey, settings.ClientTags)`
`46`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ type TrinoDatasourceSettings struct {`
`20`	`20`	ClientId string `json:"clientId"`
`21`	`21`	ClientSecret string `json:"clientSecret"`
`22`	`22`	ImpersonationUser string `json:"impersonationUser"`
	`23`	+ Role string `json:"role"`
`23`	`24`	ClientTags string `json:"clientTags"`
`24`	`25`	`}`
`25`	`26`
Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,7 @@ export interface TrinoDataSourceOptions extends DataSourceJsonData {`
`56`	`56`	`tokenUrl?: string;`
`57`	`57`	`clientId?: string;`
`58`	`58`	`impersonationUser?: string;`
	`59`	`+ role?: string;`
`59`	`60`	`clientTags?: string;`
`60`	`61`	`}`
`61`	`62`	`/**`