From 7602e6ffc0fb39d7b29c0c196ecabbee7f9d757e Mon Sep 17 00:00:00 2001 From: Tristan Partin Date: Wed, 2 Apr 2025 19:00:28 -0500 Subject: [PATCH] Skip compute_ctl authorization checks in testing builds (#11186) We will require authorization in production. We need to skip in testing builds for now because regression tests would fail. See https://github.com/neondatabase/neon/issues/11316 for more information. Signed-off-by: Tristan Partin Signed-off-by: Tristan Partin --- compute_tools/src/http/middleware/authorize.rs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/compute_tools/src/http/middleware/authorize.rs b/compute_tools/src/http/middleware/authorize.rs index 798dd1179b..89d55e1af3 100644 --- a/compute_tools/src/http/middleware/authorize.rs +++ b/compute_tools/src/http/middleware/authorize.rs @@ -59,9 +59,12 @@ impl AsyncAuthorizeRequest for Authorize { Box::pin(async move { let request_id = request.extract_parts::().await.unwrap(); - // TODO: Remove this check after a successful rollout - if jwks.keys.is_empty() { - warn!(%request_id, "Authorization has not been configured"); + // TODO: Remove this stanza after teaching neon_local and the + // regression tests to use a JWT + JWKS. + // + // https://github.com/neondatabase/neon/issues/11316 + if cfg!(feature = "testing") { + warn!(%request_id, "Skipping compute_ctl authorization check"); return Ok(request); } @@ -110,8 +113,6 @@ impl AsyncAuthorizeRequest for Authorize { impl Authorize { /// Verify the token using the JSON Web Key set and return the token data. fn verify(jwks: &JwkSet, token: &str, validation: &Validation) -> Result> { - debug_assert!(!jwks.keys.is_empty()); - for jwk in jwks.keys.iter() { let decoding_key = match DecodingKey::from_jwk(jwk) { Ok(key) => key,