[
https://issues.apache.org/jira/browse/IMPALA-14009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason Fehr updated IMPALA-14009:
--------------------------------
Description:
The
[JwtWebserverTests|https://github.com/apache/impala/blob/master/fe/src/test/java/org/apache/impala/customcluster/JwtWebserverTest.java]
unit tests cover both JWT and OAuth authentication. These tests call the
endpoint 'http://localhost:25000/?json', but since the Impala cluster set up by
this test does not have any authentication on the Impala web ui, the failure
cases are not actually asserting the correct http response status code is
returned since the web ui can be accessed without any credentials. The catch
blocks that contain assertions are not run since the attemptConnection calls
are not returning an error. The attemptConnection calls are not returning
errors since the web ui has no auth. The JWT auth still registers as a failure
though in the JWT auth metrics.
Possible solutions:
1. Configure the web ui to require JWT/OAuth tokens.
2. Modify the tests to access the hs2-http port 28000 which already is
configured to access JWT/OAuth tokens.
Additional assertions are needed to assert the HTTP response code,
WWW-Authenticate http header, and the Impala server logs to be absolutely
certain that the expected authentication method was used and that method failed
in the expected way.
was:
The
[JwtWebserverTests|https://github.com/apache/impala/blob/master/fe/src/test/java/org/apache/impala/customcluster/JwtWebserverTest.java]
unit tests cover both JWT and OAuth authentication. These tests call the
endpoint 'http://localhost:25000/?json', but since the Impala cluster set up by
this test does not have any authentication on the Impala web ui, this test is
not actually asserting the correct http response status code is returned since
the web ui can be accessed without any credentials.
Possible solutions:
1. Configure the web ui to require JWT/OAuth tokens.
2. Modify the tests to access the hs2-http port 28000 which already is
configured to access JWT/OAuth tokens.
Additional assertions are needed to assert the HTTP response code,
WWW-Authenticate http header, and the Impala server logs to be absolutely
certain that the expected authentication method was used and that method failed
in the expected way.
> JwtWebserverTest Has Invalid Assertions
> ---------------------------------------
>
> Key: IMPALA-14009
> URL: https://issues.apache.org/jira/browse/IMPALA-14009
> Project: IMPALA
> Issue Type: Improvement
> Affects Versions: Impala 5.0.0
> Reporter: Jason Fehr
> Assignee: gaurav singh
> Priority: Major
> Labels: impala
>
> The
> [JwtWebserverTests|https://github.com/apache/impala/blob/master/fe/src/test/java/org/apache/impala/customcluster/JwtWebserverTest.java]
> unit tests cover both JWT and OAuth authentication. These tests call the
> endpoint 'http://localhost:25000/?json', but since the Impala cluster set up
> by this test does not have any authentication on the Impala web ui, the
> failure cases are not actually asserting the correct http response status
> code is returned since the web ui can be accessed without any credentials.
> The catch blocks that contain assertions are not run since the
> attemptConnection calls are not returning an error. The attemptConnection
> calls are not returning errors since the web ui has no auth. The JWT auth
> still registers as a failure though in the JWT auth metrics.
> Possible solutions:
> 1. Configure the web ui to require JWT/OAuth tokens.
> 2. Modify the tests to access the hs2-http port 28000 which already is
> configured to access JWT/OAuth tokens.
> Additional assertions are needed to assert the HTTP response code,
> WWW-Authenticate http header, and the Impala server logs to be absolutely
> certain that the expected authentication method was used and that method
> failed in the expected way.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
