I have a few question that I'd appreciate if you could answer them.
1. How does the Provider know whether it is required or not? 2. How does the configuration of Providers work (how do they get access to a configuration)? 3. How does a user select providers? (Is it purely based on the provider being on the classpath?) 4. How can a user override an existing provider? 5. What is DelegationTokenProvider#name() used for? 6. What happens if the names of 2 providers are identical? 7. Will we directly load the provider, or first load a factory (usually preferable)? 8. What is the Credentials class (it would necessarily have to be a public api as well)? 9. What does the TaskManager do with the received token? 10. Is there any functionality in the TaskManager that could require a token on startup (i.e., before registering with the RM)? On 11/01/2022 14:58, Gabor Somogyi wrote:
Hi All, Hope all of you have enjoyed the holiday season. I would like to start the discussion on FLIP-211 <https://cwiki.apache.org/confluence/display/FLINK/FLIP-211%3A+Kerberos+delegation+token+framework> which aims to provide a Kerberos delegation token framework that /obtains/renews/distributes tokens out-of-the-box. Please be aware that the FLIP wiki area is not fully done since the discussion may change the feature in major ways. The proposal can be found in a google doc here <https://docs.google.com/document/d/1JzMbQ1pCJsLVz8yHrCxroYMRP2GwGwvacLrGyaIx5Yc/edit?fbclid=IwAR0vfeJvAbEUSzHQAAJfnWTaX46L6o7LyXhMfBUCcPrNi-uXNgoOaI8PMDQ> . As the community agrees on the approach the content will be moved to the wiki page. Feel free to add your thoughts to make this feature better! BR, G
