You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/09/28 04:59:00 UTC
[jira] [Commented] (IMPALA-10876) Support to download JWKS from a
given URL
[ https://issues.apache.org/jira/browse/IMPALA-10876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17421154#comment-17421154 ]
ASF subversion and git services commented on IMPALA-10876:
----------------------------------------------------------
Commit 03a7a59f5dfd5c663b51b195c7070bbbabd53024 in impala's branch refs/heads/master from wzhou-code
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=03a7a59 ]
IMPALA-10876: Support to download JWKS from given URL
This patch added functionality to download JWKS from a given URL and
support key rotation by periodically checking the JWKS URL for updates.
We use Kudu's EasyCurl wrapper to download file from the given URL.
curl was added to native-toolchain. This patch modified makefiles
and bootstrap_toolchain.py to integrate libcurl and libkudu_curl_util.
Added end-end JWT authentication test cases with JWKS specified as
HTTP/HTTPS URL.
Testing:
- Passed core run, including new test cases.
Change-Id: Ic6ac8cf0010c13db30219776d1d275709bf211df
Reviewed-on: http://gerrit.cloudera.org:8080/17802
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>
> Support to download JWKS from a given URL
> -----------------------------------------
>
> Key: IMPALA-10876
> URL: https://issues.apache.org/jira/browse/IMPALA-10876
> Project: IMPALA
> Issue Type: Improvement
> Reporter: Wenzhe Zhou
> Assignee: Wenzhe Zhou
> Priority: Major
>
> In IMPALA-10489, we added JWT support for Impala. The implementation assume the JWKS for JWT verification are provided as a local json file, which is specified with starting flag. In some deployment scenarios, JWKS for JWT verification are provided as URL, for example, URL for a Knox endpoint. In such case, Impala should be able to download the JWKS from the given URL.
> libcurl was added to Impala native toolchain so that we could call libcurl's API to download JWKS from the given URL.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org