[jira] [Commented] (IMPALA-13675) OAuth Auth support for Impala Shell

ASF subversion and git services (Jira) Thu, 05 Jun 2025 14:49:04 -0700


    [ 
https://issues.apache.org/jira/browse/IMPALA-13675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17956458#comment-17956458
 ]


ASF subversion and git services commented on IMPALA-13675:
----------------------------------------------------------

Commit 3781132ef6d339a2b8e2b4444c0b79bc79f84a5c in impala's branch 
refs/heads/master from gaurav1086
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=3781132ef ]

IMPALA-13675: OAuth AuthN Support for Impala Shell

This patch adds the support to fetch access tokens
from the OAuth Server using the OAuth client_id and
client_secret if the access token is not provided.
It covers the flow: client_credentials.
The client_secret can either be passed as a file or
be prompted to enter.

Added a test param for impala shell oauth_mock_response_cmd
to mock oauth server response only to be used for testing.
Also suppressed existing option hs2_x_forward from the
impala --help output.

Testing(okta oauth server):
- Added custom_cluster tests in test_shell_jwt_auth.py:
    test_oauth_auth_with_clientid_and_secret_success
    test_oauth_auth_with_clientid_and_secret_failure
- Tested manually by providing --user <user> and
  --oauth_client_secret_cmd="cat password_file.txt"
- Tested manually by providing --user <user> and no
  --oauth_client_secret_cmd, thereby prompting the user
  to enter the client_secret.

Example command: impala-shell.sh -a
--auth_creds_ok_in_clear --protocol="hs2-http"
--oauth_client_id="client_id"
--oauth_client_secret_cmd="cat client_secret.txt"
--oauth_server="dev.us.auth01.com"
--oauth_endpoint="/oauth/token"

Change-Id: I84e26d54f6a53696660728efb239ffd43de4c55d
Reviewed-on: http://gerrit.cloudera.org:8080/22424
Reviewed-by: Impala Public Jenkins <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>


> OAuth Auth support for Impala Shell
> -----------------------------------
>
>                 Key: IMPALA-13675
>                 URL: https://issues.apache.org/jira/browse/IMPALA-13675
>             Project: IMPALA
>          Issue Type: New Feature
>          Components: Backend, Security
>            Reporter: gaurav singh
>            Assignee: gaurav singh
>            Priority: Major
>              Labels: oauth2
>
> If the OAuth access token is not provided by the user, then request 
> client_id, client_secret and oauth server endpoint to retrieve the access 
> tokens.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (IMPALA-13675) OAuth Auth support for Impala Shell

Reply via email to