[jira] [Commented] (FLINK-5029) Implement KvState SSL

Tue, 28 Aug 2018 18:19:54 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-5029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16595815#comment-16595815
 ] 

ASF GitHub Bot commented on FLINK-5029:
---------------------------------------

EronWright opened a new pull request #6626: [FLINK-5029] [QueryableState] SSL 
Support
URL: https://github.com/apache/flink/pull/6626
 
 
   ## What is the purpose of the change
   This PR introduces SSL support for the Queryable State client/proxy/server.  
 Note that the communication is considered 'internal' and thus relies on the 
`security.ssl.internal` flags.
   
   ## Brief change log
       - move SSLEngineFactory, SSLUtils, and SSLUtilsTest from flink-runtime 
to flink-core to be used by flink-queryable-state-client-java
       - implement SSL for queryable state client, proxy, and server
       - define configuration parameter `query.ssl.enabled ` to enable/disable 
SSL
       - update documentation
       - refactor `TestMessage` class for reuse
   
   ## Verifying this change
   This change added tests and can be verified as follows:
    - *Added tests for client-server communication over SSL*
     - *Manually verified the change by running a cluster with 1 JobManagers 
and 2 TaskManagers, with all possible combinations of enable/disable.
   
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): no
     - The public API, i.e., is any changed class annotated with 
`@Public(Evolving)`: no
     - The serializers: no
     - The runtime per-record code paths (performance sensitive): no
     - Anything that affects deployment or recovery: JobManager (and its 
components), Checkpointing, Yarn/Mesos, ZooKeeper: no
     - The S3 file system connector: no
   
   ## Documentation
   
     - Does this pull request introduce a new feature? yes
     - If yes, how is the feature documented? docs 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Implement KvState SSL
> ---------------------
>
>                 Key: FLINK-5029
>                 URL: https://issues.apache.org/jira/browse/FLINK-5029
>             Project: Flink
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Eron Wright 
>            Assignee: Eron Wright 
>            Priority: Major
>              Labels: pull-request-available
>
> The KVState endpoint is new to 1.2 and should support SSL as the others do.
> Note that, with FLINK-4898, the SSL support code is decoupled from the 
> NettyClient/NettyServer, so can be used by the KvState code by simply 
> installing the `SSLProtocolHandler`.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to