feat!: Add authenticationResponse context to OpaInput

[jakubmatyszewski]

Description

Adding AuthenticationResponse context to the OpaInput. This can become useful when paired with authentication done through druid-pac4j extension - eg. access to Okta user profile details (groups).

This PR can give potential context: apache/druid#16109

[stackable-bot]

All committers have signed the CLA.

[lfrancke]

Thank you for the contribution.
We'll take a look next week. Have a great weekend.

[fhennig]

Hi! Thanks for adding this, I had a look, it seems to me like a good idea to add this information to the OpaInput.

The information in the OpaInput was just a first try at implementing OPA authorization for Druid, now, looking at Trino and Kafka I think it makes more sense to provide as much information as possible to OPA. Because of that, I think it would be best to put identity and context both in an authenticationResult key, to reflect how Druid does it internally. This way it's also possible to add the other two fields (authorizerName and authenticatedBy) in there.

Could I ask you to make this change? So instead of

    {
        user: <String: user name>
        action: <String: READ|WRITE>
        resource: {
            name: <String>
            type: <String>
        }
        context: Map<String, Object>
    }

like this:

    {
        authenticationResult: {
            identity: <String: user name>,
            context: Map<String, Object>
        },
        action: <String: READ|WRITE>
        resource: {
            name: <String>
            type: <String>
        }
    }

[jakubmatyszewski]

@fhennig, I've added authenticationResult to the input. Let me know if that's alright

[fhennig]

Thank you, looks great!

I'll see how we can release this. (Also the CI job didn't work because of external contribution, I'll also look into getting that fixed)

[lfrancke]

We (hopefully) fixed a bug in our Github action. Would you mind upadting your PR to the latest changes from main?

[fhennig]

thanks for your contribution! We are tracking the release of this into the operator in this ticket: stackabletech/druid-operator#533