Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add configuration for JWT authentication #639

Merged
merged 1 commit into from
Aug 21, 2024
Merged

Add configuration for JWT authentication #639

merged 1 commit into from
Aug 21, 2024

Conversation

tomach
Copy link
Contributor

@tomach tomach commented Aug 8, 2024
edited
Loading

Summary of changes

This change enables JWT authentication for crateDB version 5.7.2 and above

  • adds the following settings to the crate command in the StatefulSet
                "-Cauth.host_based.config.98.method": "jwt",
                "-Cauth.host_based.config.98.protocol": "http",
                "-Cauth.host_based.config.98.ssl": "on",

  • sets the JWT config for the admin user when a new cluster is deployed

  • restricts access for the admin user to the gc schema

  • updates the JWT config for the admin user after upgrading (or restoring a snapshot) to a version that supports JWT by running an ALTER USER with crash

Checklist

  • Link to issue this PR refers to: https://github.com/crate/cloud/issues/1912
  • Relevant changes are reflected in CHANGES.rst
  • Added or changed code is covered by tests
  • Documentation has been updated if necessary
  • Changed code does not contain any breaking changes (or this is a major version change)

@tomach tomach force-pushed the ta/jwt-authentication branch 2 times, most recently from 89f46b2 to 586c22a Compare August 8, 2024 08:46
@tomach tomach marked this pull request as ready for review August 9, 2024 14:58
Taliik
Taliik approved these changes Aug 20, 2024
View reviewed changes
Copy link
Member

@Taliik Taliik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@tomach tomach merged commit 749baed into master Aug 21, 2024
5 checks passed
@tomach tomach deleted the ta/jwt-authentication branch August 21, 2024 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Taliik Taliik Taliik approved these changes

@plaharanne plaharanne Awaiting requested review from plaharanne

@WalBeh WalBeh Awaiting requested review from WalBeh

@juanpardo juanpardo Awaiting requested review from juanpardo

@widmogrod widmogrod Awaiting requested review from widmogrod

@goat-ssh goat-ssh Awaiting requested review from goat-ssh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tomach @Taliik