From e97b2ad45e143c3abd23a573088f6797b8b02527 Mon Sep 17 00:00:00 2001
From: vizsatiz <satis.vishnu@gmail.com>
Date: Tue, 16 Jun 2026 21:37:30 +0530
Subject: [PATCH] Dynamic query to ignore RLS filter when auth is s2s

---
 .../user_management_module/authorization/require_auth.py     | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wavefront/server/modules/user_management_module/user_management_module/authorization/require_auth.py b/wavefront/server/modules/user_management_module/user_management_module/authorization/require_auth.py
index 8c73d3e4..19fda265 100644
--- a/wavefront/server/modules/user_management_module/user_management_module/authorization/require_auth.py
+++ b/wavefront/server/modules/user_management_module/user_management_module/authorization/require_auth.py
@@ -359,6 +359,11 @@ async def dispatch(
                             'Invalid HMAC signature'
                         ),
                     )
+                request.state.session = UserSession(
+                    role_id=SERVICE_AUTH_ROLE_ID,
+                    user_id='hmac-service',
+                    session_id='hmac-token',
+                )
             # Check for service-to-service authentication (Client-Key header + JWT)
             elif request.headers.get(RootfloHeaders.CLIENT_KEY):
                 if not await validate_service_auth(