What's New in Schema Registry
Learn about the new features of Schema Registry in Cloudera Runtime 7.2.15.
- Added OAuth support for Schema Registry client authentication
- You can use OAuth2 JSON Web Token (JWT) in Schema Registry for authentication. Authorization continues to be implemented in Ranger, however, you can obtain the principal from a JWT token.
- Added a findAllSchemas() method to the Schema Registry Client code
- Provides a findAllSchemas() method which enumerates all schemas contained in the schema registry, returned as a list of SchemaMetadataInfo. This is useful if you only need to enumerate all schemas by name, without incurring the additional overhead of the findAggregatedSchemas() method.
- Support for reading keys from JWK
- Keys can be stored in JWK. The validation is done by matching with the
kidproperty in JWT. If
kidis not given then we match on the algorithm.
- Added JWT validation filter
- Added Servlet filter which checks if the incoming requests contain a valid authentication token.
- SchemaRegistryClient gets token from OAuth Server with clientId/secret
- Schema Registry Client can be configured to use OAuth2 authentication. The following
parameters need to be added when creating a Schema Registry Client:
- "schema.registry.auth.type" = "oauth2" (default value is kerberos)
- "schema.registry.oauth.client.id" (ClientId for OAuth2 server)
- "schema.registry.oauth.secret" (Secret for OAuth2 server)
- "schema.registry.oauth.server.url" (REST API endpoint of OAuth2 server)
- Support for RSA and HMAC certificates
- Added support for JWT signed by either RSA or HMAC.