Hello Jason Fehr, Impala Public Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/24448
to look at the new patch set (#9).
Change subject: IMPALA-14799: Add oauth_servers support and tests
......................................................................
IMPALA-14799: Add oauth_servers support and tests
Introduce --oauth_servers to configure multiple JWT/OAuth identity providers,
migrate legacy jwks_* and oauth_* flags with deprecation warnings, and verify
tokens across all configured JWKS sources.
Harden oauth_servers parsing and legacy migration behavior by rejecting
conflicting JWKS source fields and ensuring legacy flag migration aligns with
deprecation-warning conditions.
Add focused backend unit tests for oauth-server config and OAuth servers
manager behavior, and add a custom-cluster shell auth E2E test that validates
both JWT and OAuth flows when configured via --oauth_servers.
Testing:
- OAuthServerConfigTest (11/11 passing)
- OAuthServersManagerTest (4/4 passing)
- tests/custom_cluster/test_shell_oauth_servers_auth.py (2/2 passing)
- test_jwt_auth_with_oauth_servers
- test_oauth_auth_with_oauth_servers
- Manual end-to-end validation on a Linux Impala test cluster:
- rebuilt and restarted required local services (HDFS, Hive Metastore,
HiveServer2) before running auth scenarios
- verified impala-shell JWT auth and OAuth auth both succeed with
--oauth_servers using jwksFilePath and execute query smoke checks
- validated impalad logs contain the effective username and oauth_servers
configuration usage for successful authentication paths
Change-Id: Ib29ff36600406ba59c10f29d79cc632020f4a3f7
Assisted-by: GPT-5.3 (Cursor)
Co-authored-by: Cursor <[email protected]>
---
M be/src/rpc/authentication.cc
M be/src/runtime/exec-env.cc
M be/src/runtime/exec-env.h
M be/src/service/impala-server.cc
M be/src/util/CMakeLists.txt
M be/src/util/jwt-util-internal.h
M be/src/util/jwt-util.cc
M be/src/util/jwt-util.h
A be/src/util/oauth-server-config-test.cc
A be/src/util/oauth-server-config.cc
A be/src/util/oauth-server-config.h
A be/src/util/oauth-servers-manager-test.cc
A be/src/util/oauth-servers-manager.cc
A be/src/util/oauth-servers-manager.h
M be/src/util/webserver.cc
A tests/custom_cluster/test_shell_oauth_servers_auth.py
16 files changed, 1,072 insertions(+), 128 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/48/24448/9
--
To view, visit http://gerrit.cloudera.org:8080/24448
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ib29ff36600406ba59c10f29d79cc632020f4a3f7
Gerrit-Change-Number: 24448
Gerrit-PatchSet: 9
Gerrit-Owner: Anubhav Jindal <[email protected]>
Gerrit-Reviewer: Impala Public Jenkins <[email protected]>
Gerrit-Reviewer: Jason Fehr <[email protected]>
