Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/19910 )
Change subject: [jwt] switching JWT verification to KeyBasedJwtVerifier ...................................................................... Patch Set 16: Code-Review+1 (5 comments) http://gerrit.cloudera.org:8080/#/c/19910/16//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/19910/16//COMMIT_MSG@15 PS16, Line 15: In order to test this a new option : 'start_jwks' for the ExternalMiniCluster was introduced. Thank you for adding a new test! http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/mini-cluster/external_mini_cluster.h File src/kudu/mini-cluster/external_mini_cluster.h: http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/mini-cluster/external_mini_cluster.h@328 PS16, Line 328: checked nit: effective http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/mini-cluster/external_mini_cluster.h@331 PS16, Line 331: nit: remove the extra empty line? http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/server/server_base.cc File src/kudu/server/server_base.cc: http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/server/server_base.cc@a798 PS16, Line 798: Once PerAccountKeyBasedJwtVerifier here changed to KeyBasedJwtVerifier, does it mean PerAccountKeyBasedJwtVerifier is now used for tests only? Is it correct that PerAccountKeyBasedJwtVerifier isn't a viable option to use in real Kudu clusters? If so, could you please add a comment for PerAccountKeyBasedJwtVerifier in jwt-util.h that it's test-only and is never needed in real-world scenarios? Thanks! http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/util/jwt-util.h File src/kudu/util/jwt-util.h: http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/util/jwt-util.h@117 PS16, Line 117: bool is_local_file, I'm not sure I understand why we need this parameter once a new constructor has been introduced above. I guess this constructor is supposed to instantiate KeyBasedJwtVerifier that works with JWKS servers only, right? If so, then why to keep this 'is_local_file' then? -- To view, visit http://gerrit.cloudera.org:8080/19910 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ic1f166807bfcf7051bda7843e186eacfbe379eba Gerrit-Change-Number: 19910 Gerrit-PatchSet: 16 Gerrit-Owner: Zoltan Chovan <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Mon, 05 Jun 2023 17:08:20 +0000 Gerrit-HasComments: Yes
