pulsar icon indicating copy to clipboard operation
pulsar copied to clipboard

Published 20 hours ago verified publisher icon apache

[feat][authentication] Add JWKS support for AuthenticationProviderToken

Open nodece opened this issue 2 years ago • 1 comments

Fix https://github.com/apache/pulsar/issues/8152

Motivation

Add JWKS support for AuthenticationProviderToken.

Modifications

  • Add tokenKeySet config to provide the JWKS support

Verifying this change

  • Added RSA test
  • Added EC test

Documentation

  • [ ] doc
  • [x] doc-required
  • [ ] doc-not-needed
  • [ ] doc-complete

Matching PR in forked repository

PR in forked repository: https://github.com/nodece/pulsar/pull/11

nodece avatar Nov 04 '22 08:11 nodece

/pulsarbot rerun-failure-checks

nodece avatar Nov 04 '22 09:11 nodece

Codecov Report

Merging #18336 (7ed2770) into master (68ca60c) will decrease coverage by 3.57%. The diff coverage is 20.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #18336      +/-   ##
============================================
- Coverage     50.05%   46.48%   -3.58%     
+ Complexity    11024    10441     -583     
============================================
  Files           703      703              
  Lines         68814    68816       +2     
  Branches       7378     7377       -1     
============================================
- Hits          34446    31986    -2460     
- Misses        30621    33219    +2598     
+ Partials       3747     3611     -136
Flag Coverage Δ
unittests 46.48% <20.00%> (-3.58%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...r/stats/prometheus/PrometheusMetricsGenerator.java 0.00% <0.00%> (-67.40%) :arrow_down:
...ersistentStickyKeyDispatcherMultipleConsumers.java 61.76% <25.00%> (-0.62%) :arrow_down:
...n/java/org/apache/pulsar/broker/admin/v3/Sink.java 0.00% <0.00%> (-100.00%) :arrow_down:
...java/org/apache/pulsar/broker/admin/v3/Source.java 0.00% <0.00%> (-100.00%) :arrow_down:
...a/org/apache/pulsar/broker/admin/v3/Functions.java 0.00% <0.00%> (-100.00%) :arrow_down:
...ar/broker/stats/prometheus/ManagedLedgerStats.java 0.00% <0.00%> (-100.00%) :arrow_down:
...oker/stats/prometheus/PrometheusMetricStreams.java 0.00% <0.00%> (-100.00%) :arrow_down:
.../stats/prometheus/AggregatedSubscriptionStats.java 0.00% <0.00%> (-100.00%) :arrow_down:
...metheus/AggregatedTransactionCoordinatorStats.java 0.00% <0.00%> (-100.00%) :arrow_down:
...broker/stats/prometheus/TransactionAggregator.java 0.00% <0.00%> (-96.06%) :arrow_down:
... and 109 more

codecov-commenter avatar Nov 22 '22 05:11 codecov-commenter

this PR is adding new feature and it should go through PIP.

+1

@nodece Could you please start a proposal for this change?

codelipenghui avatar Dec 07 '22 07:12 codelipenghui

this PR is adding new feature and it should go through PIP.

Thanks.

Let me make a PIP.

nodece avatar Dec 07 '22 08:12 nodece

The pr had no activity for 30 days, mark with Stale label.

github-actions[bot] avatar Jan 23 '23 02:01 github-actions[bot]

Ping @michaeljmarshall, could you track this PR?

nodece avatar Feb 14 '23 03:02 nodece

#8152 asks for support to rotate public keys and to load new public keys "on the fly". This PR appears to add support for loading multiple public keys on start up, but it does not provide support for rotation or dynamic loading. Is that correct? If so, I don't think we should say this PR fixes #8152.

You are right, I think we can listener to the file changes.

nodece avatar Feb 15 '23 05:02 nodece

The pr had no activity for 30 days, mark with Stale label.

github-actions[bot] avatar Mar 18 '23 01:03 github-actions[bot]

Closing this PR with https://github.com/apache/pulsar/pull/19849.

nodece avatar Jul 07 '23 15:07 nodece

Use https://github.com/apache/pulsar/pull/22215 instead of this PR.

nodece avatar Mar 07 '24 06:03 nodece