mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-10 15:02:56 +00:00
e310533ed3
## Problem For quickly rotating JWT secrets, we want to be able to reload the JWT public key file in the pageserver, and also support multiple JWT keys. See #4897. ## Summary of changes * Allow directories for the `auth_validation_public_key_path` config param instead of just files. for the safekeepers, all of their config options also support multiple JWT keys. * For the pageservers, make the JWT public keys easily globally swappable by using the `arc-swap` crate. * Add an endpoint to the pageserver, triggered by a POST to `/v1/reload_auth_validation_keys`, that reloads the JWT public keys from the pre-configured path (for security reasons, you cannot upload any keys yourself). Fixes #4897 --------- Co-authored-by: Heikki Linnakangas <heikki@neon.tech> Co-authored-by: Joonas Koivunen <joonas@neon.tech>
64 lines
1.6 KiB
TOML
64 lines
1.6 KiB
TOML
[package]
|
|
name = "utils"
|
|
version = "0.1.0"
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
|
|
[dependencies]
|
|
arc-swap.workspace = true
|
|
sentry.workspace = true
|
|
async-trait.workspace = true
|
|
anyhow.workspace = true
|
|
bincode.workspace = true
|
|
bytes.workspace = true
|
|
camino.workspace = true
|
|
chrono.workspace = true
|
|
heapless.workspace = true
|
|
hex = { workspace = true, features = ["serde"] }
|
|
hyper = { workspace = true, features = ["full"] }
|
|
futures = { workspace = true}
|
|
jsonwebtoken.workspace = true
|
|
nix.workspace = true
|
|
once_cell.workspace = true
|
|
pin-project-lite.workspace = true
|
|
regex.workspace = true
|
|
routerify.workspace = true
|
|
serde.workspace = true
|
|
serde_json.workspace = true
|
|
signal-hook.workspace = true
|
|
thiserror.workspace = true
|
|
tokio.workspace = true
|
|
tokio-util.workspace = true
|
|
tracing.workspace = true
|
|
tracing-error.workspace = true
|
|
tracing-subscriber = { workspace = true, features = ["json", "registry"] }
|
|
rand.workspace = true
|
|
serde_with.workspace = true
|
|
strum.workspace = true
|
|
strum_macros.workspace = true
|
|
url.workspace = true
|
|
uuid.workspace = true
|
|
|
|
pq_proto.workspace = true
|
|
postgres_connection.workspace = true
|
|
metrics.workspace = true
|
|
workspace_hack.workspace = true
|
|
|
|
const_format.workspace = true
|
|
|
|
# to use tokio channels as streams, this is faster to compile than async_stream
|
|
# why is it only here? no other crate should use it, streams are rarely needed.
|
|
tokio-stream = { version = "0.1.14" }
|
|
|
|
[dev-dependencies]
|
|
byteorder.workspace = true
|
|
bytes.workspace = true
|
|
criterion.workspace = true
|
|
hex-literal.workspace = true
|
|
camino-tempfile.workspace = true
|
|
serde_assert.workspace = true
|
|
|
|
[[bench]]
|
|
name = "benchmarks"
|
|
harness = false
|