-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWT support for EL engine calls #4980
Conversation
.../src/main/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/JwtAuthInterceptor.java
Outdated
Show resolved
Hide resolved
...r/src/main/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/SafeTokenProvider.java
Outdated
Show resolved
Hide resolved
...r/src/main/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/SafeTokenProvider.java
Outdated
Show resolved
Hide resolved
...layer/src/main/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/TokenProvider.java
Outdated
Show resolved
Hide resolved
teku/src/main/java/tech/pegasys/teku/cli/options/ExecutionEngineOptions.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good. The build is failing because error prone wants you to use Instant
rather than Date
. I was wondering if that would be possible as well because things like time comparison and adding works better with Instant
. I'm just not sure if using Instant
makes it too hard to work with the jwt library if it's expecting a Date
though. If it does we could suppress the warning.
...r/src/main/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/SafeTokenProvider.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good, thanks for your work on this.
.../src/main/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/JwtSecretKeyLoader.java
Outdated
Show resolved
Hide resolved
...r/src/main/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/SafeTokenProvider.java
Outdated
Show resolved
Hide resolved
.../test/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/JwtSecretKeyLoaderTest.java
Outdated
Show resolved
Hide resolved
.../test/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/JwtSecretKeyLoaderTest.java
Outdated
Show resolved
Hide resolved
...c/test/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/SafeTokenProviderTest.java
Outdated
Show resolved
Hide resolved
...c/test/java/tech/pegasys/teku/ethereum/executionlayer/client/auth/SafeTokenProviderTest.java
Outdated
Show resolved
Hide resolved
...e/src/main/java/tech/pegasys/teku/services/executionengine/ExecutionEngineConfiguration.java
Outdated
Show resolved
Hide resolved
...e/src/main/java/tech/pegasys/teku/services/executionengine/ExecutionEngineConfiguration.java
Outdated
Show resolved
Hide resolved
Avoid adding authentication to kintsugi and kilnv1 specs. Auth only applies to kilnv2 onwards.
Use assertj better in tests. Improve error messages when the jwt-secret file can't be found.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I've pushed up a couple of small changes so that we only add authentication when the kilnv2 ee version is used, and to ensure we get a clear error message if the jwt-secret file can't be read at startup.
Thanks for getting this done, it's really great work.
At this stage I think we're spec compliant and since kilnv2 isn't the default version yet I'm ok with merging it in. The next step will be testing against EL clients that support authentication to ensure it really is compatible and then working through any issue we find.
PR Description
Pending
Others
Fixed Issue(s)
fixes #4958
Documentation
documentation
label to this PR if updates are required.Changelog