GitHub user vijikarthi opened a pull request:
https://github.com/apache/flink/pull/2589
FLINK-3932 State Backend Security
This PR addresses ZK authorization (ACLs) requirement of FLINK-3932 and its
dependency FLINK-4667 (Yarn session CLI not using correct ZK namespace in
secure environment).
No code change has been done for "checkpoint/savepoint data protection"
since the default implementation limits the access to user/groups. However, the
root directory for both checkpoint and savepoint should be configured to a
sub-directory under the "user home" directory with permissions 700 (mainly for
local file system since the default umask grants both the user and the group RW
access). For HDFS, since the user home directory is not accessible by any other
user (except superuser), we don't need to set any additional permissions for
the state backend directories.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/vijikarthi/flink feature-FLINK-3932
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/flink/pull/2589.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2589
----
commit da5285ac24e2e9fcb8ac493a028aaa3599e82ec3
Author: Vijay Srinivasaraghavan <vijayaraghavan.srinivasaragha...@emc.com>
Date: 2016-09-22T17:10:01Z
FLINK-3932 Added ZK ACL configuration for secure cluster setup
commit 9b9a9304a6d7262c5a56b1871f21fb3fa32b7ce7
Author: Vijay Srinivasaraghavan <vijayaraghavan.srinivasaragha...@emc.com>
Date: 2016-09-23T17:23:19Z
FLINK-4667 Fix for using correct ZK namespace in Yarn deployment
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
