Hello Kudu Jenkins,
I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/20045
to review the following change.
Change subject: [jwt] switching JWT verification to KeyBasedJwtVerifier
......................................................................
[jwt] switching JWT verification to KeyBasedJwtVerifier
Switching JWT verification to use KeyBasedJwtVerifier instead of
PerAccountKeyBasedJwtVerifier, as the latter relies on having an OIDC
discovery endpoint available even if a jwks_url is set. Fixing the jwks
discovery via an OIDC server will be done in a later patch.
This change also moves the initialisation of the JWTVerifier from
startup to the VerifyToken() method. In order to test this a new option
'start_jwks' for the ExternalMiniCluster was introduced.
Change-Id: Ic1f166807bfcf7051bda7843e186eacfbe379eba
Reviewed-on: http://gerrit.cloudera.org:8080/19910
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <[email protected]>
(cherry picked from commit d49b34aff722fac813ca147eb9cb9a0d263a2f70)
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/mini-cluster/external_mini_cluster.cc
M src/kudu/mini-cluster/external_mini_cluster.h
M src/kudu/rpc/messenger.cc
M src/kudu/rpc/negotiation-test.cc
M src/kudu/server/server_base.cc
M src/kudu/util/jwt-util-test.cc
M src/kudu/util/jwt-util.cc
M src/kudu/util/jwt-util.h
M src/kudu/util/jwt.h
M src/kudu/util/mini_oidc.cc
M src/kudu/util/mini_oidc.h
12 files changed, 189 insertions(+), 53 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/45/20045/1
--
To view, visit http://gerrit.cloudera.org:8080/20045
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: branch-1.17.x
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic1f166807bfcf7051bda7843e186eacfbe379eba
Gerrit-Change-Number: 20045
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Zoltan Chovan <[email protected]>
