What's New in Schema Registry

Learn about the new features of Schema Registry in Cloudera Runtime 7.2.15.

Added OAuth support for Schema Registry client authentication
You can use OAuth2 JSON Web Token (JWT) in Schema Registry for authentication. Authorization continues to be implemented in Ranger, however, you can obtain the principal from a JWT token.
Added a findAllSchemas() method to the Schema Registry Client code
Provides a findAllSchemas() method which enumerates all schemas contained in the schema registry, returned as a list of SchemaMetadataInfo. This is useful if you only need to enumerate all schemas by name, without incurring the additional overhead of the findAggregatedSchemas() method.
Support for reading keys from JWK
Keys can be stored in JWK. The validation is done by matching with the kid property in JWT. If kid is not given then we match on the algorithm.
Added JWT validation filter
Added Servlet filter which checks if the incoming requests contain a valid authentication token.
SchemaRegistryClient gets token from OAuth Server with clientId/secret
Schema Registry Client can be configured to use OAuth2 authentication. The following parameters need to be added when creating a Schema Registry Client:
  • "schema.registry.auth.type" = "oauth2" (default value is kerberos)
  • "schema.registry.oauth.client.id" (ClientId for OAuth2 server)
  • "schema.registry.oauth.secret" (Secret for OAuth2 server)
  • "schema.registry.oauth.server.url" (REST API endpoint of OAuth2 server)
Support for RSA and HMAC certificates
Added support for JWT signed by either RSA or HMAC.