From f1b18874c36fdf66da824e54d64c52ac6a42ba51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arpad=20M=C3=BCller?= Date: Fri, 7 Mar 2025 14:29:48 +0100 Subject: [PATCH] storcon: require safekeeper jwt's in strict mode (#11116) We have introduced the ability to specify safekeeper JWTs for the storage controller. It now does heartbeats. We now want to also require the presence of those JWTs. Let's merge this PR shortly after the release cutoff. Part of / follow-up of https://github.com/neondatabase/cloud/issues/24727 --- storage_controller/src/main.rs | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/storage_controller/src/main.rs b/storage_controller/src/main.rs index 967fb2996f..13aab930a7 100644 --- a/storage_controller/src/main.rs +++ b/storage_controller/src/main.rs @@ -286,18 +286,13 @@ async fn async_main() -> anyhow::Result<()> { let secrets = Secrets::load(&args).await?; - // TODO: once we've rolled out the safekeeper JWT token everywhere, put it into the validation code below - tracing::info!( - "safekeeper_jwt_token set: {:?}", - secrets.safekeeper_jwt_token.is_some() - ); - // Validate required secrets and arguments are provided in strict mode match strict_mode { StrictMode::Strict if (secrets.public_key.is_none() || secrets.pageserver_jwt_token.is_none() - || secrets.control_plane_jwt_token.is_none()) => + || secrets.control_plane_jwt_token.is_none() + || secrets.safekeeper_jwt_token.is_none()) => { // Production systems should always have secrets configured: if public_key was not set // then we would implicitly disable auth.