Zoltan Chovan has posted comments on this change. ( http://gerrit.cloudera.org:8080/19910 )
Change subject: [jwt] switching JWT verification to KeyBasedJwtVerifier ...................................................................... Patch Set 17: (5 comments) PS17 was uploaded by mistake, pleaser ignore http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/mini-cluster/external_mini_cluster.h File src/kudu/mini-cluster/external_mini_cluster.h: http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/mini-cluster/external_mini_cluster.h@328 PS16, Line 328: cluster > nit: effective Done http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/mini-cluster/external_mini_cluster.h@331 PS16, Line 331: // cluster participants, which isn't feasible in the normal InternalMiniCluster. > nit: remove the extra empty line? Done http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/server/server_base.cc File src/kudu/server/server_base.cc: http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/server/server_base.cc@a798 PS16, Line 798: > Once PerAccountKeyBasedJwtVerifier here changed to KeyBasedJwtVerifier, doe PerAccountKeyBasedJwtVerifier is tests only currently, it could be used later when we fix the OIDC discovery feature, so it could be used in a real-world scenario. But I'll add a note, that currently it is test only. http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/server/server_base.cc@257 PS16, Line 257: DEFINE_string(jwks_file_path, "", : "File path of the pre-installed JSON Web Key Set (JWKS) for JWT verification."); : TAG_FLAG(jwks_file_path, experimental); > BTW (not exactly a part of this changelist, but anyways), I want to share m Right, the jwks_file_path was intended for tests originally, so that we're not relying on any server/service to be started. It's used in the negotiation-test.cc but not in any end-to-end tests as you've said. Do you think it would be worth to add such a test? http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/util/jwt-util.h File src/kudu/util/jwt-util.h: http://gerrit.cloudera.org:8080/#/c/19910/16/src/kudu/util/jwt-util.h@117 PS16, Line 117: s_raw, std::string* > Same for JWTHelper::Init() Done -- To view, visit http://gerrit.cloudera.org:8080/19910 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ic1f166807bfcf7051bda7843e186eacfbe379eba Gerrit-Change-Number: 19910 Gerrit-PatchSet: 17 Gerrit-Owner: Zoltan Chovan <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Comment-Date: Tue, 06 Jun 2023 15:12:20 +0000 Gerrit-HasComments: Yes
