Use principal to classify system workers#10143
Merged
Conversation
System workers (on temporal-sys-* task queues) are now filtered out of ListWorkers responses unless the caller sets IncludeSystemWorkers=true. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Covers both "temporal-sys-*" (e.g. temporal-sys-per-ns-tq) and "/temporal-sys/*" (e.g. /temporal-sys/worker-commands/...) prefixes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…mmands)" This reverts commit 4cce906.
Verifies that page sizes and tokens operate on the filtered set, not the full set including system workers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…me at query time Moves the system worker classification to the entry level so it's computed once during heartbeat recording rather than on every ListWorkers call. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Rename local variable for clarity - Add test for filterWorkers with includeSystemWorkers=false - Annotate bool args with /*includeSystemWorkers*/ for readability Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Note: this introduces a build failure in client/frontend due to the new PauseActivityExecution RPC added in temporalio/api#743. That method needs stubs before the full repo can build. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When a principal is available from the gRPC context, use its type to determine if a worker is a system worker (type="temporal"). When principal is not available (propagation disabled), fall back to the existing task queue prefix check. Also fixes isSystemWorkerWorker typo from previous rename. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
rkannan82
force-pushed
the
kannan/system-worker-principal
branch
from
748ec5a to
1ae9010
Compare
Require type="temporal" AND name="internal" to match the exact identity produced by internalClaimMapper. Also add test for temporal type with non-internal name. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
simvlad
approved these changes
May 1, 2026
…xclude-system # Conflicts: # common/primitives/task_queues.go
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…em' into kannan/system-worker-principal
…principal # Conflicts: # service/matching/workers/registry_impl.go # service/matching/workers/registry_impl_test.go # service/matching/workers/registry_test.go
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace string literals with constants from common/authorization/principal.go (merged in #10163). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ShahabT
approved these changes
May 4, 2026
| // If a principal is available, it checks whether the principal identifies | ||
| // the Temporal server itself (type="temporal", name="internal"). Otherwise, | ||
| // it falls back to checking the task queue name prefix. | ||
| func isSystemWorker(principal *commonpb.Principal, taskQueue string) bool { |
Contributor
There was a problem hiding this comment.
should this be a global helper?
also, is it possible to have principal.GetType() == authorization.InternalPrincipalType but principal.GetName() != authorization.InternalPrincipalName ? (I wonder if we should only check the first one)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Use the gRPC principal to classify workers as system workers at upsert time, falling back to task queue prefix matching when principal is not available.
Why
Principal-based classification is more robust than string matching on task queue names and works correctly when principal propagation is enabled.
How did you test it?
Unit tests covering three scenarios:
🤖 Generated with Claude Code