This is an automated email from the ASF dual-hosted git repository. alexey pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push: new 2e81ebd08 [server] remove unused JWT-related flags 2e81ebd08 is described below commit 2e81ebd086a151bba821e717a5dd7b7d48fffddd Author: Alexey Serbin <ale...@apache.org> AuthorDate: Thu May 11 11:49:19 2023 -0700 [server] remove unused JWT-related flags As it turns out, the following JWT flags aren't used in the code at all: * --jwks_discovery_endpoint_base * --jwt_allow_without_tls * --jwt_validate_signature This patches removes the definitions of the flags and their usage in a few tests. Change-Id: Ib8e688b7c89e24cb5e91f6b6cc89b7ae984b4c35 Reviewed-on: http://gerrit.cloudera.org:8080/19891 Tested-by: Alexey Serbin <ale...@apache.org> Reviewed-by: Yingchun Lai <laiyingc...@apache.org> --- src/kudu/mini-cluster/external_mini_cluster.cc | 1 - src/kudu/server/server_base.cc | 18 ------------------ 2 files changed, 19 deletions(-) diff --git a/src/kudu/mini-cluster/external_mini_cluster.cc b/src/kudu/mini-cluster/external_mini_cluster.cc index 0e61192dc..66bc8d2da 100644 --- a/src/kudu/mini-cluster/external_mini_cluster.cc +++ b/src/kudu/mini-cluster/external_mini_cluster.cc @@ -739,7 +739,6 @@ Status ExternalMiniCluster::CreateMaster(const vector<HostPort>& master_rpc_addr if (opts_.enable_client_jwt) { flags.emplace_back("--enable_jwt_token_auth=true"); flags.emplace_back(Substitute("--jwks_url=$0", oidc_->url())); - flags.emplace_back(Substitute("--jwks_discovery_endpoint_base=$0", oidc_->url())); } if (!opts_.master_alias_prefix.empty()) { flags.emplace_back(Substitute("--host_for_tests=$0.$1", diff --git a/src/kudu/server/server_base.cc b/src/kudu/server/server_base.cc index baf877b2f..b19f68cfe 100644 --- a/src/kudu/server/server_base.cc +++ b/src/kudu/server/server_base.cc @@ -254,18 +254,6 @@ DEFINE_bool(enable_jwt_token_auth, false, "user name from the token payload."); TAG_FLAG(enable_jwt_token_auth, experimental); -DEFINE_bool(jwt_validate_signature, true, - "When true, validate the signature of JWT token with pre-installed JWKS."); -TAG_FLAG(jwt_validate_signature, experimental); -TAG_FLAG(jwt_validate_signature, unsafe); - -DEFINE_bool(jwt_allow_without_tls, false, - "When this configuration is set to true, Kudu allows JWT authentication on " - "unsecure channel. This should be only enabled for testing, or development " - "for which TLS is handled by proxy."); -TAG_FLAG(jwt_allow_without_tls, experimental); -TAG_FLAG(jwt_allow_without_tls, unsafe); - DEFINE_string(jwks_file_path, "", "File path of the pre-installed JSON Web Key Set (JWKS) for JWT verification."); TAG_FLAG(jwks_file_path, experimental); @@ -285,12 +273,6 @@ DEFINE_bool(jwks_verify_server_certificate, true, TAG_FLAG(jwks_verify_server_certificate, experimental); TAG_FLAG(jwks_verify_server_certificate, unsafe); -DEFINE_string(jwks_discovery_endpoint_base, "", - "Base URL of the Discovery Endpoint that points to a JSON Web Key Set " - "(JWKS) for JWT verification. Additional query parameters, like 'accountId', " - "are taken from received JWTs to get the appropriate Discovery Endpoint."); -TAG_FLAG(jwks_discovery_endpoint_base, experimental); - // The targeted use-case for the wall clock jump detection is spotting sudden // swings of the local clock while it is still reported to be synchronized with // reference NTP clock.