Support credentials specific to each cluster

[naude-r]

in some cases various back-ends may support different credential sets.

it should be possible to override backendState per gateway back-end instance. this should be optional to allow fallback to the global setting.

[willmostly]

Backends within a routing group should be interchangeable. Is there any reason this couldn't be solved by placing these clusters in different routing groups and implementing routing rules? E.g. something like

---
name: "password"
description: "send username/password here"
condition: 'request.getHeader("Authorization") contains "Basic"'
actions:
  - 'result.put("routingGroup", "password")'
---
name: "kerberos"
description: "send kerberos here"
condition: 'request.getHeader("Authorization") contains "Negotiate"'
actions:
  - 'result.put("routingGroup", "kerberos")'

Keep in mind Trino itself also allows specifying configuring authenticators in the same cluster

[naude-r]

@willmostly thank you for the response. apologies, suspect my description was unclear. the problem is not with different back-ends for the same cluster, but rather different clusters.

the problem is specific to the following section in the config:

backendState:
   username: ${BACKEND_USER}
   password: ${BACKEND_PASSWORD}
   ssl: true

from my limited understanding, it expects the different clusters to be uniform with regards to users and even ssl. if that is the case, is there a way to resolve that? would one still be able to override the Authorization using routing rules?