Jason Fehr has uploaded this change for review. ( http://gerrit.cloudera.org:8080/19837
Change subject: IMPALA-11880: Adds support for authenticating to Impala using JWTs. This support was modeled after the LDAP authentication. ...................................................................... IMPALA-11880: Adds support for authenticating to Impala using JWTs. This support was modeled after the LDAP authentication. If JWT authentication is used, the Impala shell enforces the use of the hs2-http protocol since the JWT is sent via the "Authentication" HTTP header. The following flags have been added to the Impala shell: * -j, --jwt: indicates that JWT authentication will be used * --jwt_cmd: shell command to run to retrieve the JWT to use for authentication New Python tests have also been added: * The shell tests ensure that the various command line arguments are handled properly. Situations such as a single authentication method, JWTs cannot be sent in clear text without the proper arguments, etc are asserted. * The Python custom cluster tests leverage a test JWKS and test JWTs. Then, a custom Impala cluster is started with the test JWKS. The Impala shell attempts to authenticate using a valid JWT, an expired (invalid) JWT, and a valid JWT signed by a different JWKS. These tests also exercise the Impala JWT authentication mechanism. Change-Id: I52247f9262c548946269fe5358b549a3e8c86d4c --- M shell/ImpalaHttpClient.py M shell/impala_client.py M shell/impala_shell.py M shell/option_parser.py A testdata/bin/jwt-generate.sh A testdata/bin/jwt-util.py A testdata/bin/jwt_requirements.txt A testdata/jwt/jwks_signing.json A testdata/jwt/jwt_expired A testdata/jwt/jwt_signed A testdata/jwt/jwt_signed_invalid_jwk M tests/custom_cluster/test_shell_commandline.py A tests/custom_cluster/test_shell_jwt_auth.py A tests/shell/test_shell_commandline_jwt_auth.py 14 files changed, 636 insertions(+), 23 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/37/19837/2 -- To view, visit http://gerrit.cloudera.org:8080/19837 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I52247f9262c548946269fe5358b549a3e8c86d4c Gerrit-Change-Number: 19837 Gerrit-PatchSet: 2 Gerrit-Owner: Jason Fehr <[email protected]>
