Apologies for being too generic: with "secure" cluster I mean a Flink cluster that has been launched with Kerberos credentials (both on YARN or with the standalone scheduler), thus having access to resources on the cluster that require authentication (like HDFS).
Without having to run jobs on behalf of an authenticated user (which is another kind of problem), the facilities to perform a check that the submitter is authenticated are already in place (CliFrontend::parseParameters, the branch of the switch-case statement that handles the "run" command) and requiring a submission to come from an authenticated user should come almost for free. On Thu, May 5, 2016 at 1:18 PM, Robert Metzger <rmetz...@apache.org> wrote: > Hi Stefano, > > what exactly do you mean by a secure cluster? > A Flink on YARN session in a secured YARN cluster? > A standalone Flink cluster with access to a secured HDFS? > > Your observation is right. We are not check if a job submitted by any user > is running in the same security context as the Flink cluster. > > > On Thu, May 5, 2016 at 11:57 AM, Stefano Baghino < > stefano.bagh...@radicalbit.io> wrote: > > > Hello everybody, > > > > last week I've run some tests on a secure cluster and I noticed that an > > unauthenticated user can submit a Flink job that will only eventually > fail > > if the job tries to access secured resources (e.g. HDFS). This doesn't > > prevent however the user to consume resources of the secure cluster > without > > authentication (I tried it with the WordCount example). > > > > I'd say this is a bug; is there a reason for this? If you share my > feeling > > on this, I pinpointed the code that's responsible for this and the fix > > seems trivial, I can open an issue and a PR today. Thanks! > > > > -- > > BR, > > Stefano Baghino > > > > Software Engineer @ Radicalbit > > > -- BR, Stefano Baghino Software Engineer @ Radicalbit
