This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 2e81ebd08 [server] remove unused JWT-related flags
2e81ebd08 is described below
commit 2e81ebd086a151bba821e717a5dd7b7d48fffddd
Author: Alexey Serbin <ale...@apache.org>
AuthorDate: Thu May 11 11:49:19 2023 -0700
[server] remove unused JWT-related flags
As it turns out, the following JWT flags aren't used in the code at all:
* --jwks_discovery_endpoint_base
* --jwt_allow_without_tls
* --jwt_validate_signature
This patches removes the definitions of the flags and their usage
in a few tests.
Change-Id: Ib8e688b7c89e24cb5e91f6b6cc89b7ae984b4c35
Reviewed-on: http://gerrit.cloudera.org:8080/19891
Tested-by: Alexey Serbin <ale...@apache.org>
Reviewed-by: Yingchun Lai <laiyingc...@apache.org>
---
src/kudu/mini-cluster/external_mini_cluster.cc | 1 -
src/kudu/server/server_base.cc | 18 ------------------
2 files changed, 19 deletions(-)
diff --git a/src/kudu/mini-cluster/external_mini_cluster.cc
b/src/kudu/mini-cluster/external_mini_cluster.cc
index 0e61192dc..66bc8d2da 100644
--- a/src/kudu/mini-cluster/external_mini_cluster.cc
+++ b/src/kudu/mini-cluster/external_mini_cluster.cc
@@ -739,7 +739,6 @@ Status ExternalMiniCluster::CreateMaster(const
vector<HostPort>& master_rpc_addr
if (opts_.enable_client_jwt) {
flags.emplace_back("--enable_jwt_token_auth=true");
flags.emplace_back(Substitute("--jwks_url=$0", oidc_->url()));
- flags.emplace_back(Substitute("--jwks_discovery_endpoint_base=$0",
oidc_->url()));
}
if (!opts_.master_alias_prefix.empty()) {
flags.emplace_back(Substitute("--host_for_tests=$0.$1",
diff --git a/src/kudu/server/server_base.cc b/src/kudu/server/server_base.cc
index baf877b2f..b19f68cfe 100644
--- a/src/kudu/server/server_base.cc
+++ b/src/kudu/server/server_base.cc
@@ -254,18 +254,6 @@ DEFINE_bool(enable_jwt_token_auth, false,
"user name from the token payload.");
TAG_FLAG(enable_jwt_token_auth, experimental);
-DEFINE_bool(jwt_validate_signature, true,
- "When true, validate the signature of JWT token with pre-installed JWKS.");
-TAG_FLAG(jwt_validate_signature, experimental);
-TAG_FLAG(jwt_validate_signature, unsafe);
-
-DEFINE_bool(jwt_allow_without_tls, false,
- "When this configuration is set to true, Kudu allows JWT authentication on
"
- "unsecure channel. This should be only enabled for testing, or development
"
- "for which TLS is handled by proxy.");
-TAG_FLAG(jwt_allow_without_tls, experimental);
-TAG_FLAG(jwt_allow_without_tls, unsafe);
-
DEFINE_string(jwks_file_path, "",
"File path of the pre-installed JSON Web Key Set (JWKS) for JWT
verification.");
TAG_FLAG(jwks_file_path, experimental);
@@ -285,12 +273,6 @@ DEFINE_bool(jwks_verify_server_certificate, true,
TAG_FLAG(jwks_verify_server_certificate, experimental);
TAG_FLAG(jwks_verify_server_certificate, unsafe);
-DEFINE_string(jwks_discovery_endpoint_base, "",
- "Base URL of the Discovery Endpoint that points to a JSON Web
Key Set "
- "(JWKS) for JWT verification. Additional query parameters, like
'accountId', "
- "are taken from received JWTs to get the appropriate Discovery
Endpoint.");
-TAG_FLAG(jwks_discovery_endpoint_base, experimental);
-
// The targeted use-case for the wall clock jump detection is spotting sudden
// swings of the local clock while it is still reported to be synchronized with
// reference NTP clock.
