Apologies from the delayed response on my side. I think the authentication module is not part of our plan in 1.17 because > of the busy work. I think we'll start the design at the end of the > release-1.17.
Is there a possibility for us to get engaged and at least introduce initial changes to support authentication/authorization? Specifically, changes in the API and in SQL Client. We expect the following authentication flow: On the SQL gateway we want to be able to use a delegation token. SQL client should be able to supply an API key. The SQL Gateway *would not *be submitting jobs on behalf of the client. Ideally it would be nice to introduce some interfaces in the SQL Gateway that would allow implementing custom authentication and authorization. Another question about persistent Gateway: did you have any specific thoughts about it or some draft design? Thanks, Alexey On Fri, Oct 21, 2022 at 1:13 AM Shengkai Fang <fskm...@gmail.com> wrote: > Sorry for the late response. > > In the next version(Flink 1.17), we plan to support the SQL Client to > submit the statement to the Flink SQL Gateway. The FLINK-29486 > <https://issues.apache.org/jira/browse/FLINK-29486> is the first step to > remove the usage of the `Parser` in the client side, which needs to read > the table schema during the converting sql node to operation. I think the > authentication > module is not part of our plan in 1.17 because of the busy work. I think > we'll start the design at the end of the release-1.17. > But could you share more details about the requirements of the > authentication? > - Do you use the kerberos or delegation token or password to do the > authentication? > - After the authentication, do you need the sql gateway to submit the job > on behalf of the client? > - ... > > For detailed implementation, I think Hive and Presto are good examples to > dig in. If you have some thoughts about the authentication module, > please let me know. > > Best, > Shengkai > > Alexey Leonov-Vendrovskiy <vendrov...@gmail.com> 于2022年10月19日周三 00:37写道: > >> Thank you for the response, Yuxia! >> >> Shengkai, I would like to learn more about nearest and a bit more distant >> plans about development of the SQL Gateway and the SQL Client. >> Do you have a description of the work planned or maybe can share general >> thoughts about the Authentication module, or Persistent Gateway. >> How can the authentication part be addressed on the SQL Client side? >> >> Regards, >> -Alexey >> >> >> On Wed, Oct 12, 2022 at 11:24 PM yuxia <luoyu...@alumni.sjtu.edu.cn> >> wrote: >> >>> > In what Flink’s release the connection from SQL Client to the Gateway >>> is >>> expected to be added? >>> Flink 1.17 >>> >>> > “Authentication module” (2) and “Persistent Gateway” (4) as >>> possible future work. Were there any recent discussions on these >>> subjects? >>> No recent discussions on these subjects, but I think it'll come in Flink >>> 1.17 >>> >>> > Another related topic: are there ideas around making SQL Gateway a >>> multi-tenant >>> component? >>> Yes. >>> >>> Shengkaiis the maintainer of SQL Client and SQL gateway, maybe he can >>> provide more information. >>> >>> >>> >>> Best regards, >>> Yuxia >>> >>> ----- 原始邮件 ----- >>> 发件人: "Alexey Leonov-Vendrovskiy" <vendrov...@gmail.com> >>> 收件人: "dev" <dev@flink.apache.org> >>> 发送时间: 星期四, 2022年 10 月 13日 下午 12:33:08 >>> 主题: SQL Gateway and SQL Client >>> >>> Hi all, >>> >>> I’m Alexey from Confluent. This is my first email in this discussion >>> list. >>> I’m rather new to Flink, and to local customs of communication. I want to >>> dive deeper and hopefully get more involved over time. >>> >>> Currently I have a few questions around SQL Gateway and SQL Client. >>> Specifically I wanted to learn what is the vision around the nearest >>> future >>> of these two components. >>> >>> In what Flink’s release the connection from SQL Client to the Gateway is >>> expected to be added? I was looking at >>> https://issues.apache.org/jira/browse/FLINK-29486, and recently it got >>> renamed from “Enable SQL Client to Connect SQL Gateway in Remote Mode” to >>> “Introduce Client Parser to get statement type”. I did some search, but >>> didn’t find a good place where the client's work in this direction is >>> discussed or tracked. >>> >>> A couple questions about the SQL Gateway. The FLIP-91 >>> < >>> https://cwiki.apache.org/confluence/display/FLINK/FLIP-91%3A+Support+SQL+Gateway#FLIP91:SupportSQLGateway-Futurework >>> > >>> mentions “Authentication module” (2) and “Persistent Gateway” (4) as >>> possible future work. Were there any recent discussions on these >>> subjects? >>> Or maybe there are some ideas how to move these directions forward? >>> Another >>> related topic: are there ideas around making SQL Gateway a multi-tenant >>> component? >>> >>> Thank you, >>> >>> Alexey >>> >>
