[ 
https://issues.apache.org/jira/browse/IMPALA-13288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17913176#comment-17913176
 ] 

ASF subversion and git services commented on IMPALA-13288:
----------------------------------------------------------

Commit c3cbd79b567f8a700f1606c84ca464400f842e60 in impala's branch 
refs/heads/master from gaurav1086
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=c3cbd79b5 ]

IMPALA-13288: OAuth AuthN Support for Impala

This patch added OAuth support with following functionality:
 * Load and parse OAuth JWKS from configured JSON file or url.
 * Read the OAuth Access token from the HTTP Header which is
   the same format as JWT Authorization Bearer token.
 * Verify the OAuth's signature with public key in JWKS.
 * Get the username out of the payload of OAuth Access token.
 * If kerberos or ldap is enabled, then both jwt and oauth are
   supported together. Else only one of jwt or oauth is supported.
   This has been a pre existing flow for jwt. So OAuth will follow
   the same policy.
 * Impala Shell side changes: OAuth  options -a and --oauth_cmd

Testing:
 - Added 3 custom cluster be test in test_shell_jwt_auth.py:
   - test_oauth_auth_valid: authenticate with valid token.
   - test_oauth_auth_expired: authentication failure with
     expired token.
   - test_oauth_auth_invalid_jwk: authentication failure with
     valid signature but expired.
 - Added 1 custom cluster fe test in JwtWebserverTest.java
   - testWebserverOAuthAuth: Basic tests for OAuth
 - Added 1 custom cluster fe test in LdapHS2Test.java
   - testHiveserver2JwtAndOAuthAuth: tests all combinations of
     jwt and oauth token verification with separate jwks keys.
 - Manually tested with a valid, invalid and expired oauth
   access token.
 - Passed core run.

Change-Id: I65dc8db917476b0f0d29b659b9fa51ebaf45b7a6
Reviewed-on: http://gerrit.cloudera.org:8080/21728
Reviewed-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com>


> OAuth AuthN Support for Impala backend
> --------------------------------------
>
>                 Key: IMPALA-13288
>                 URL: https://issues.apache.org/jira/browse/IMPALA-13288
>             Project: IMPALA
>          Issue Type: New Feature
>          Components: Backend, Security
>            Reporter: gaurav singh
>            Assignee: gaurav singh
>            Priority: Critical
>              Labels: oauth2
>   Original Estimate: 2,016h
>  Remaining Estimate: 2,016h
>
> Requirements Doc - 
> [https://docs.google.com/document/d/1IXcSfubNZNscM-BDMEuOs-0U-4YtUMGr99heAvSdrZQ/edit#heading=h.61otem606tah]
> h3.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

Reply via email to