stackabletech · sbernauer · Apr 23, 2024 · Apr 19, 2024 · Apr 22, 2024 · Apr 22, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,7 +8,13 @@ All notable changes to this project will be documented in this file.
 
 - Support row filters and column masks in Rego rules ([#559]).
 
+### Changed
+
+- BREAKING: Change the username which triggers graceful shutdown from `admin` to `graceful-shutdown-user` for more expressiveness (e.g. in the Trino policies).
+  This is a breaking change because users need to ensure that the user `graceful-shutdown-user` has the required permissions to initiate a graceful shutdown ([#573]).
+
 [#559]: https://github.com/stackabletech/trino-operator/pull/559
+[#573]: https://github.com/stackabletech/trino-operator/pull/573
 
 ## [24.3.0] - 2024-03-20
 

diff --git a/docs/modules/trino/pages/usage-guide/operations/graceful-shutdown.adoc b/docs/modules/trino/pages/usage-guide/operations/graceful-shutdown.adoc
@@ -2,6 +2,11 @@
 
 You can configure the graceful shutdown as described in xref:concepts:operations/graceful_shutdown.adoc[].
 
+[WARNING]
+====
+Graceful shutdown only works if you enabled authorization using OPA. See <<Authorization requirements>> for details.
+====
+
 == Coordinators
 
 As a default, coordinators have `15 minutes` to terminate gracefully.
@@ -14,7 +19,7 @@ As of Trino version `442` this can not be prevented (e.g. by using multiple coor
 
 == Workers
 
-As a default, Coordinators have `60 minutes` to terminate gracefully.
+As a default, workers have `60 minutes` to terminate gracefully.
 
 Trino supports https://trino.io/docs/current/admin/graceful-shutdown.html[gracefully shutting down] workers.
 This operator always adds a https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/[`PreStop` hook] to gracefully shut them down.
@@ -106,19 +111,20 @@ Until native support is added, you will have to use `configOverrides` to enable
 
 == Authorization requirements
 
-WARNING: When you are not using OPA for authorization, the user `admin` is not allowed to gracefully shut down workers.
-If you need graceful shutdown you need to use OPA or need to make sure `admin` is allowed to gracefully shut down workers (e.g. having you own authorizer or patching Trino).
+WARNING: When you are not using OPA for authorization, the user `graceful-shutdown-user` is not allowed to gracefully shut down workers.
+If you need graceful shutdown you need to use OPA or need to make sure `graceful-shutdown-user` is allowed to gracefully shut down workers (e.g. having you own authorizer or patching Trino).
+
+In case you use OPA to authorize Trino requests, you need to make sure the user `graceful-shutdown-user` is authorized to trigger a graceful shutdown of the workers.
 
-In case you use OPA to authorize Trino requests, you need to make sure the user `admin` is authorized to trigger a graceful shutdown of the workers.
-You can achieve this e.g. by adding the following rule, which grants `admin` the permissions to do anything - including graceful shutdown.
+If you use rules provided by Stackable, this permission is automatically granted.
+If you use your own custom rego rules, you can achieve this by adding the following rule to grant `graceful-shutdown-user` the permissions to issue a graceful shutdown.
 
 [source,rego]
 ----
 allow {
-  input.context.identity.user == "admin"
+  input.action.operation == "WriteSystemInformation"
+  input.context.identity.user == "graceful-shutdown-user"
 }
 ----
 
-In case the user `admin` does not have the permission to gracefully shut down a worker, the error message `curl: (22) The requested URL returned error: 403 Forbidden` will be shown in the worker log and the worker will shut down immediately.
-
-NOTE: We plan to add CustomResources, so that you can define your Trino ACLs via Kubernetes objects. In this case the trino-operator will generate the rego-rules for you, and will add the needed rules for graceful shutdown for you. Until then, you need to grant the permission yourself.
+In case the user `graceful-shutdown-user` does not have the permission to gracefully shut down a worker, the error message `curl: (22) The requested URL returned error: 403 Forbidden` will be shown in the worker log and the worker will shut down immediately.
diff --git a/rust/operator-binary/src/operations/graceful_shutdown.rs b/rust/operator-binary/src/operations/graceful_shutdown.rs
@@ -89,7 +89,7 @@ pub fn add_graceful_shutdown_config(
                             // FIXME: Once we have fully fledged OPA support we need to make sure that the user we choose here (e.g. admin)
                             // has the permissions to trigger a graceful shutdown by e.g. inserting the needed OPA rules transparently.
                             formatdoc!("
-                                curl -v --fail --insecure -X PUT -d '\"SHUTTING_DOWN\"' -H 'Content-type: application/json' -H 'X-Trino-User: admin' {protocol}://{host}:{port}/v1/info/state >> /proc/1/fd/1 2>&1
+                                curl -v --fail --insecure -X PUT -d '\"SHUTTING_DOWN\"' -H 'Content-type: application/json' -H 'X-Trino-User: graceful-shutdown-user' -H 'X-Trino-Source: Stackable data platform' {protocol}://{host}:{port}/v1/info/state >> /proc/1/fd/1 2>&1
                                 echo 'Successfully sent graceful shutdown command' >> /proc/1/fd/1 2>&1
                                 echo 'Sleeping {termination_grace_period_seconds} seconds' >> /proc/1/fd/1 2>&1
                                 sleep {termination_grace_period_seconds}",