This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new ff6c04ecf server: link in kudu_jwt_util
ff6c04ecf is described below
commit ff6c04ecf5d1fa46a7dc8b8a49d400ff6bbabdcd
Author: Andrew Wong <aw...@cloudera.com>
AuthorDate: Thu Apr 21 18:02:15 2022 -0700
server: link in kudu_jwt_util
Co-authored-by: Zoltan Chovan <zcho...@cloudera.com>
Change-Id: Icfe694d553ebead6afbf58dc773bf5534f1d099a
Reviewed-on: http://gerrit.cloudera.org:8080/18470
Tested-by: Kudu Jenkins
Reviewed-by: Wenzhe Zhou <wz...@cloudera.com>
Reviewed-by: Alexey Serbin <ale...@apache.org>
---
src/kudu/rpc/messenger.cc | 5 +++++
src/kudu/rpc/messenger.h | 7 +++++++
src/kudu/server/CMakeLists.txt | 1 +
src/kudu/util/jwt-util.h | 2 +-
src/kudu/util/jwt.h | 2 ++
5 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/kudu/rpc/messenger.cc b/src/kudu/rpc/messenger.cc
index c2585f181..1ce94fa39 100644
--- a/src/kudu/rpc/messenger.cc
+++ b/src/kudu/rpc/messenger.cc
@@ -45,6 +45,7 @@
#include "kudu/rpc/service_if.h"
#include "kudu/security/tls_context.h"
#include "kudu/security/token_verifier.h"
+#include "kudu/util/jwt.h"
#include "kudu/util/flags.h"
#include "kudu/util/metrics.h"
#include "kudu/util/monotime.h"
@@ -94,6 +95,10 @@ Status MessengerBuilder::Build(shared_ptr<Messenger>* msgr) {
// Note: can't use make_shared() as it doesn't support custom deleters.
shared_ptr<Messenger> new_msgr(new Messenger(*this),
std::mem_fn(&Messenger::AllExternalReferencesDropped));
+ if (jwt_verifier_) {
+ new_msgr->jwt_verifier_ = std::move(jwt_verifier_);
+ RETURN_NOT_OK(new_msgr->mutable_jwt_verifier()->Init());
+ }
RETURN_NOT_OK(ParseTriState("--rpc_authentication",
rpc_authentication_,
&new_msgr->authentication_));
diff --git a/src/kudu/rpc/messenger.h b/src/kudu/rpc/messenger.h
index 9fb77fb0e..127e7880d 100644
--- a/src/kudu/rpc/messenger.h
+++ b/src/kudu/rpc/messenger.h
@@ -85,6 +85,12 @@ class MessengerBuilder {
explicit MessengerBuilder(std::string name);
+ MessengerBuilder& set_jwt_verifier(
+ std::shared_ptr<JwtVerifier> jwt_verifier) {
+ jwt_verifier_ = std::move(jwt_verifier);
+ return *this;
+ }
+
// Set the length of time we will keep a TCP connection will alive with no
traffic.
MessengerBuilder& set_connection_keepalive_time(const MonoDelta& keepalive) {
connection_keepalive_time_ = keepalive;
@@ -277,6 +283,7 @@ class MessengerBuilder {
std::string rpc_ca_certificate_file_;
std::string rpc_private_key_password_cmd_;
std::string keytab_file_;
+ std::shared_ptr<JwtVerifier> jwt_verifier_;
bool enable_inbound_tls_;
bool reuseport_;
};
diff --git a/src/kudu/server/CMakeLists.txt b/src/kudu/server/CMakeLists.txt
index 98a603560..02987102a 100644
--- a/src/kudu/server/CMakeLists.txt
+++ b/src/kudu/server/CMakeLists.txt
@@ -63,6 +63,7 @@ target_link_libraries(server_process
krpc
kudu_common
kudu_fs
+ kudu_jwt_util
kudu_util
mustache
server_base_proto
diff --git a/src/kudu/util/jwt-util.h b/src/kudu/util/jwt-util.h
index a4f96839a..a761372ea 100644
--- a/src/kudu/util/jwt-util.h
+++ b/src/kudu/util/jwt-util.h
@@ -98,7 +98,7 @@ class KeyBasedJwtVerifier : public JwtVerifier {
is_local_file_(is_local_file) {
}
~KeyBasedJwtVerifier() override = default;
- Status Init();
+ Status Init() override;
Status VerifyToken(const std::string& bytes_raw, std::string* subject) const
override;
private:
JWTHelper* jwt_;
diff --git a/src/kudu/util/jwt.h b/src/kudu/util/jwt.h
index 43bb9d58b..990c3b900 100644
--- a/src/kudu/util/jwt.h
+++ b/src/kudu/util/jwt.h
@@ -28,6 +28,7 @@ namespace kudu {
class JwtVerifier {
public:
virtual ~JwtVerifier() {}
+ virtual Status Init() = 0;
// Verifies a JWT, which is passed as bytes_raw, then extracts the subject
from the verified
// token and returns it by pointer in subject. The returned pointer is owned
by the caller.
virtual Status VerifyToken(const std::string& bytes_raw, std::string*
subject) const = 0;
@@ -39,6 +40,7 @@ class SimpleJwtVerifier : public JwtVerifier {
public:
SimpleJwtVerifier() = default;
~SimpleJwtVerifier() override = default;
+ Status Init() override { return Status::OK(); }
Status VerifyToken(const std::string& /*bytes_raw*/,
std::string* /*subject*/) const override {
return Status::NotAuthorized("JWT verification not configured");
