Olivier Michallat

The missing certificates are Digicert's, which is the authority used to certify https://raw.github.com. If you don't want to download the bundle from haxx.se, go to your browser's certificate management settings,...

> There is something else that will require some investigation. We need to see if/how we can limit JMX access to specific Cassandra roles. I think it would be a...

Moving this to draft because it's low priority, and given that we have 3 versions of the GraphQL API in flight at the moment, it's more of a distraction. This...

Copying my comments from #1671 for visibility: There are legitimate cases where we don't have a user token: background "admin" queries that are not directly in response to an external...

I agree in principle, however disabling auth for a particular operation is cumbersome. I had to do it in a previous version of the code (when the schema cache used...

> I had to do it in a previous version of the code Actually the use case was not creating the connection. Here's the revision: https://github.com/stargate/stargate/blob/3dde9d504db2cdd0c49037ca107728fa244b66e6/grpc/src/main/java/io/stargate/grpc/service/interceptors/NewConnectionInterceptor.java#L136-L139 > we would otherwise...

It's not as simple as adding a constant: the gRPC enum maps to `io.stargate.auth.SourceAPI` in the `authnz` module. In v1 the docs API is using `REST`. If we add a...

It's not only used for logging, I think it's also an integral part of permission definitions. For example a token might be authorized to do certain operations via the GraphQL...

This is indeed a bug, and I agree with you that the fix is probably not trivial. The problem with returning generic maps (as we do for rows) is that...

I've posted a proof of concept [here](https://gist.github.com/olim7t/6ca2c082c8be3f0e38a0725058e37b7d).