Jason Fehr has uploaded a new patch set (#10). ( http://gerrit.cloudera.org:8080/19837 )
Change subject: IMPALA-11880: Adds support for authenticating to Impala using JWTs. ...................................................................... IMPALA-11880: Adds support for authenticating to Impala using JWTs. This support was modeled after the LDAP authentication. If JWT authentication is used, the Impala shell enforces the use of the hs2-http protocol since the JWT is sent via the "Authentication" HTTP header. The following flags have been added to the Impala shell: * -j, --jwt: indicates that JWT authentication will be used * --jwt_cmd: shell command to run to retrieve the JWT to use for authentication Testing New Python tests have been added: * The shell tests ensure that the various command line arguments are handled properly. Situations such as a single authentication method, JWTs cannot be sent in clear text without the proper arguments, etc are asserted. * The Python custom cluster tests leverage a test JWKS and test JWTs. Then, a custom Impala cluster is started with the test JWKS. The Impala shell attempts to authenticate using a valid JWT, an expired (invalid) JWT, and a valid JWT signed by a different, untrusted JWKS. These tests also exercise the Impala JWT authentication mechanism and assert the prometheus JWT auth success and failure metrics are reported accurately. Change-Id: I52247f9262c548946269fe5358b549a3e8c86d4c --- M bin/rat_exclude_files.txt M shell/ImpalaHttpClient.py M shell/impala_client.py M shell/impala_shell.py M shell/option_parser.py A testdata/bin/jwt-generate.sh A testdata/bin/jwt-util.py A testdata/bin/jwt_requirements.txt A testdata/jwt/jwks_signing.json A testdata/jwt/jwt_expired A testdata/jwt/jwt_signed A testdata/jwt/jwt_signed_untrusted M tests/custom_cluster/test_shell_commandline.py A tests/custom_cluster/test_shell_jwt_auth.py A tests/shell/test_shell_commandline_jwt_auth.py 15 files changed, 674 insertions(+), 23 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/37/19837/10 -- To view, visit http://gerrit.cloudera.org:8080/19837 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I52247f9262c548946269fe5358b549a3e8c86d4c Gerrit-Change-Number: 19837 Gerrit-PatchSet: 10 Gerrit-Owner: Jason Fehr <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Laszlo Gaal <[email protected]> Gerrit-Reviewer: Wenzhe Zhou <[email protected]>
