This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 9c6835383 [server] cleanup on setting JWT verifier for messenger
9c6835383 is described below
commit 9c68353839efcbf639cffbd22f65b6d3855d3463
Author: Alexey Serbin <[email protected]>
AuthorDate: Fri Oct 20 16:56:26 2023 -0700
[server] cleanup on setting JWT verifier for messenger
This patch doesn't contain any functional modifications.
Change-Id: I1c856135acad3eb13413f436adc9392923d42be8
Reviewed-on: http://gerrit.cloudera.org:8080/20608
Reviewed-by: Abhishek Chennaka <[email protected]>
Tested-by: Alexey Serbin <[email protected]>
---
src/kudu/server/server_base.cc | 35 +++++++++++++++--------------------
1 file changed, 15 insertions(+), 20 deletions(-)
diff --git a/src/kudu/server/server_base.cc b/src/kudu/server/server_base.cc
index af3022137..cb921daa6 100644
--- a/src/kudu/server/server_base.cc
+++ b/src/kudu/server/server_base.cc
@@ -99,10 +99,6 @@
#include "kudu/util/user.h"
#include "kudu/util/version_info.h"
-namespace kudu {
-class JwtVerifier;
-} // namespace kudu
-
DEFINE_int32(num_reactor_threads, 4, "Number of libev reactor threads to
start.");
TAG_FLAG(num_reactor_threads, advanced);
@@ -804,21 +800,6 @@ Status ServerBase::Init() {
// Create the Messenger.
rpc::MessengerBuilder builder(name_);
- shared_ptr<JwtVerifier> jwt_verifier = nullptr;
- if (FLAGS_enable_jwt_token_auth) {
- if (!FLAGS_jwks_url.empty()) {
- jwt_verifier =
- std::make_shared<KeyBasedJwtVerifier>(FLAGS_jwks_url,
-
FLAGS_jwks_verify_server_certificate,
-
FLAGS_trusted_certificate_file);
- } else if (!FLAGS_jwks_file_path.empty()) {
- jwt_verifier =
- std::make_shared<KeyBasedJwtVerifier>(FLAGS_jwks_file_path);
- } else {
- LOG(WARNING) << Substitute("JWT authentication enabled, but neither
'jwks_url' or "
- "'jwks_file_path' are set!");
- }
- }
builder.set_num_reactors(FLAGS_num_reactor_threads)
.set_min_negotiation_threads(FLAGS_min_negotiation_threads)
.set_max_negotiation_threads(FLAGS_max_negotiation_threads)
@@ -834,7 +815,6 @@ Status ServerBase::Init() {
.set_epki_cert_key_files(FLAGS_rpc_certificate_file,
FLAGS_rpc_private_key_file)
.set_epki_certificate_authority_file(FLAGS_rpc_ca_certificate_file)
.set_epki_private_password_key_cmd(FLAGS_rpc_private_key_password_cmd)
- .set_jwt_verifier(std::move(jwt_verifier))
.set_keytab_file(FLAGS_keytab_file)
.enable_inbound_tls();
@@ -848,6 +828,21 @@ Status ServerBase::Init() {
builder.set_sasl_proto_name(service_name);
}
+ if (FLAGS_enable_jwt_token_auth) {
+ if (!FLAGS_jwks_url.empty()) {
+ builder.set_jwt_verifier(std::make_shared<KeyBasedJwtVerifier>(
+ FLAGS_jwks_url,
+ FLAGS_jwks_verify_server_certificate,
+ FLAGS_trusted_certificate_file));
+ } else if (!FLAGS_jwks_file_path.empty()) {
+ builder.set_jwt_verifier(std::make_shared<KeyBasedJwtVerifier>(
+ FLAGS_jwks_file_path));
+ } else {
+ LOG(WARNING) << Substitute("JWT authentication enabled, but neither "
+ "'jwks_url' nor 'jwks_file_path' is set");
+ }
+ }
+
RETURN_NOT_OK(builder.Build(&messenger_));
rpc_server_->set_too_busy_hook([this](rpc::ServicePool* pool) {
this->ServiceQueueOverflowed(pool);
