Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/22462 )
Change subject: IMPALA-13687: Support shared secret key for cookies ...................................................................... IMPALA-13687: Support shared secret key for cookies Adds support for a shared secret key across coordinators for cookie validation. The key is used with Thrift servers using HTTPS to support sharing the same cookie across sessions with different coordinators. It's also used when authentication is enabled on the web UI. The key path is configured with '--cookie_secret_file=<path>'. Adds an inotify watcher on the cookie secret key to reload when it's updated. Inotify failures during startup will cause Impala to exit with an error. Inotify errors at runtime are fatal and will cause Impala to exit. Failures reloading the key will be logged as errors for hash_reload_grace_period_s (default=300) seconds, after which they will become fatal and cause Impala to exit. Testing: - Adds new LdapHS2Test, LdapWebserverTest, and LdapImpalaShellTest cases for shared cookie. - Adds AuthenticationHash and AuthenticationHashFromFile unit tests. - Drops webserver test for new HMAC because the hash in AuthManager is now re-used. HMAC re-use is better tested in new cases. Generated-by: Github Copilot (GPT-4.1) Change-Id: Ie2e2345f771608069407e9dcf7ed4697fc0214e7 Reviewed-on: http://gerrit.cloudera.org:8080/22462 Reviewed-by: Joe McDonnell <[email protected]> Tested-by: Impala Public Jenkins <[email protected]> --- M be/src/rpc/auth-provider.h M be/src/rpc/authentication.cc M be/src/rpc/authentication.h M be/src/util/openssl-util-test.cc M be/src/util/openssl-util.cc M be/src/util/openssl-util.h M be/src/util/webserver-test.cc M be/src/util/webserver.cc M be/src/util/webserver.h M docs/topics/impala_client.xml M fe/src/test/java/org/apache/impala/customcluster/LdapHS2Test.java M fe/src/test/java/org/apache/impala/customcluster/LdapImpalaShellTest.java M fe/src/test/java/org/apache/impala/customcluster/LdapSearchBindImpalaShellTest.java M fe/src/test/java/org/apache/impala/customcluster/LdapSimpleBindImpalaShellTest.java M fe/src/test/java/org/apache/impala/customcluster/LdapWebserverTest.java M fe/src/test/java/org/apache/impala/testutil/TestUtils.java M fe/src/test/java/org/apache/impala/testutil/WebClient.java 17 files changed, 659 insertions(+), 38 deletions(-) Approvals: Joe McDonnell: Looks good to me, approved Impala Public Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/22462 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Ie2e2345f771608069407e9dcf7ed4697fc0214e7 Gerrit-Change-Number: 22462 Gerrit-PatchSet: 30 Gerrit-Owner: Michael Smith <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: Joe McDonnell <[email protected]> Gerrit-Reviewer: Michael Smith <[email protected]> Gerrit-Reviewer: Pranav Lodha <[email protected]> Gerrit-Reviewer: Yida Wu <[email protected]>
