[ https://issues.apache.org/jira/browse/IMPALA-13288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913176#comment-17913176 ]
ASF subversion and git services commented on IMPALA-13288: ---------------------------------------------------------- Commit c3cbd79b567f8a700f1606c84ca464400f842e60 in impala's branch refs/heads/master from gaurav1086 [ https://gitbox.apache.org/repos/asf?p=impala.git;h=c3cbd79b5 ] IMPALA-13288: OAuth AuthN Support for Impala This patch added OAuth support with following functionality: * Load and parse OAuth JWKS from configured JSON file or url. * Read the OAuth Access token from the HTTP Header which is the same format as JWT Authorization Bearer token. * Verify the OAuth's signature with public key in JWKS. * Get the username out of the payload of OAuth Access token. * If kerberos or ldap is enabled, then both jwt and oauth are supported together. Else only one of jwt or oauth is supported. This has been a pre existing flow for jwt. So OAuth will follow the same policy. * Impala Shell side changes: OAuth options -a and --oauth_cmd Testing: - Added 3 custom cluster be test in test_shell_jwt_auth.py: - test_oauth_auth_valid: authenticate with valid token. - test_oauth_auth_expired: authentication failure with expired token. - test_oauth_auth_invalid_jwk: authentication failure with valid signature but expired. - Added 1 custom cluster fe test in JwtWebserverTest.java - testWebserverOAuthAuth: Basic tests for OAuth - Added 1 custom cluster fe test in LdapHS2Test.java - testHiveserver2JwtAndOAuthAuth: tests all combinations of jwt and oauth token verification with separate jwks keys. - Manually tested with a valid, invalid and expired oauth access token. - Passed core run. Change-Id: I65dc8db917476b0f0d29b659b9fa51ebaf45b7a6 Reviewed-on: http://gerrit.cloudera.org:8080/21728 Reviewed-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> > OAuth AuthN Support for Impala backend > -------------------------------------- > > Key: IMPALA-13288 > URL: https://issues.apache.org/jira/browse/IMPALA-13288 > Project: IMPALA > Issue Type: New Feature > Components: Backend, Security > Reporter: gaurav singh > Assignee: gaurav singh > Priority: Critical > Labels: oauth2 > Original Estimate: 2,016h > Remaining Estimate: 2,016h > > Requirements Doc - > [https://docs.google.com/document/d/1IXcSfubNZNscM-BDMEuOs-0U-4YtUMGr99heAvSdrZQ/edit#heading=h.61otem606tah] > h3. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org