[
https://issues.apache.org/jira/browse/FLINK-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15608966#comment-15608966
]
ASF GitHub Bot commented on FLINK-3930:
---------------------------------------
Github user vijikarthi commented on a diff in the pull request:
https://github.com/apache/flink/pull/2425#discussion_r85167083
--- Diff:
flink-yarn/src/main/java/org/apache/flink/yarn/cli/FlinkYarnSessionCli.java ---
@@ -108,6 +111,11 @@
private final Options ALL_OPTIONS;
+ private static final String fileName = "yarn-app.ini";
+ private static final String cookieKey = "secureCookie";
--- End diff --
Yes, I will make the change.
- Do you object to retain the ini file format and port the current
properties file implementation to INI format (to persist multiple application
states)?
- Per current implementation (retrieveCluster), the CLI code fetches the
application ID from properties file if not supplied through CLI argument. When
we support multiple application state, then we expect application ID to be
supplied always since there could be more than one application ID and the
default functionality will go away. Do you concur?
>
If we really need to provide backward compatibility support, then we could
return the application ID from the INI file should there be just only instance
persisted? If more than one application ID exists, then we throw an error
indicating "Application ID" needs to be supplied as CLI argument.
Please let me know how you want me to approach and I will make the changes
accordingly.
> Implement Service-Level Authorization
> -------------------------------------
>
> Key: FLINK-3930
> URL: https://issues.apache.org/jira/browse/FLINK-3930
> Project: Flink
> Issue Type: New Feature
> Components: Security
> Reporter: Eron Wright
> Assignee: Vijay Srinivasaraghavan
> Labels: security
> Original Estimate: 672h
> Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
> design doc._
> Service-level authorization is the initial authorization mechanism to ensure
> clients (or servers) connecting to the Flink cluster are authorized to do so.
> The purpose is to prevent a cluster from being used by an unauthorized
> user, whether to execute jobs, disrupt cluster functionality, or gain access
> to secrets stored within the cluster.
> Implement service-level authorization as described in the design doc.
> - Introduce a shared secret cookie
> - Enable Akka security cookie
> - Implement data transfer authentication
> - Secure the web dashboard
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
