Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify JWT Auth configuration #979

Closed
rohank07 opened this issue Apr 5, 2022 · 2 comments
Closed

Verify JWT Auth configuration #979

rohank07 opened this issue Apr 5, 2022 · 2 comments
Assignees
@rohank07
Labels
size/M 2-3 days

Comments

@rohank07
Copy link
Contributor

rohank07 commented Apr 5, 2022
edited
Loading

Verify user is able to authenticate with JWT token in namespace and connect to trino. Running select current_user; should return user namespace name.

Confirm following senarios:

  • curl with valid token -> run any query at all
  • same curl with invalid or no token -> denied access
  • curl with unencrypted HTTP and valid token -> denied access
  • curl with valid token, ask for different user -> denied
  • curl with "alg":"none"
@rohank07 rohank07 mentioned this issue Apr 5, 2022
Closed
54 tasks
@rohank07 rohank07 self-assigned this Apr 5, 2022
@rohank07 rohank07 added size/L 4-5 days size/M 2-3 days and removed size/L 4-5 days labels Apr 5, 2022
@rohank07 rohank07 changed the title Verify JWT Auth configuration Verify JWT Auth configuration and RBAC Apr 6, 2022
@rohank07 rohank07 changed the title Verify JWT Auth configuration and RBAC Verify JWT Auth configuration Apr 6, 2022
@rohank07 rohank07 added size/S ~1 day size/M 2-3 days and removed size/M 2-3 days size/S ~1 day labels Apr 6, 2022
@rohank07
Copy link
Contributor Author

rohank07 commented Apr 19, 2022
edited
Loading

  1. curl with valid token -> run any query at all ✔️
    Able to authenticate successfully connecting to trino using --user default (local cluster default service account: "sub": "system:serviceaccount:default:default"
  2. No token provided ✔️
    image
  3. unencrypted HTTP --server http://trino.example.com ✔️
    image
  4. curl with valid token, ask for different user ✔️
    image
  5. "alg":"none" :heavy_check_mark ✔️
    image

@rohank07
Copy link
Contributor Author

rohank07 commented Apr 28, 2022
edited
Loading

Trino Coordinator pod would keep going to crashloopbackoff. Viewed the logs of the pod and noticed Trino complaining about missing shared secret and needs internal authentication configuration property. All nodes required internal-communication.shared-secret=<secret>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rohank07 rohank07

Labels
size/M 2-3 days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rohank07