[
https://issues.apache.org/jira/browse/FLINK-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15636436#comment-15636436
]
ASF GitHub Bot commented on FLINK-3930:
---------------------------------------
Github user StephanEwen commented on a diff in the pull request:
https://github.com/apache/flink/pull/2425#discussion_r86542840
--- Diff: docs/internals/flink_security.md ---
@@ -84,4 +86,79 @@ Security implementation details are based on <a
href="https://github.com/apache/
## Token Renewal
-UGI and Kafka/ZK login module implementations takes care of auto-renewing
the tickets upon reaching expiry and no further action is needed on the part of
Flink.
\ No newline at end of file
+UGI and Kafka/ZK login module implementations takes care of auto-renewing
the tickets upon reaching expiry and no further action is needed on the part of
Flink.
+
+# Authorization Support
+
+Service-level authorization is the initial authorization mechanism to
ensure clients (or servers) connecting to the Flink cluster are authorized to
do so. The purpose is to prevent a cluster from being used by an unauthorized
user, whether to execute jobs, disrupt cluster functionality, or gain access to
secrets stored within the cluster.
+
+The primary goal is to secure the following components by introducing a
shared secret mechanism to control the authorization. When security is enabled,
the configured shared secret will be used as the basis to validate all the
incoming/outgoing request.
+
+- Akka Endpoints
+
+- Flink Web Module
+
+- Blob Service
+
+- Task Manager/Netty data transfer communication
+
+## Security Configurations
+
+Secure cookie configuration can be supplied by adding below configuration
elements to Flink configuration file:
+
+- `security.enabled`: A boolean value (true|false) indicating security is
enabled or not.
+
+- `security.cookie` : Secure cookie value to be used for authorization
+
+Once a cluster is configured to run with secure cookie option, any request
to the cluster will be validated for the existence of secure cookie.
+
+## Standalone Mode:
+
+In standalone mode of deployment, if security is enabled then it is
mandatory to provide the secure cookie configuration in the Flink configuration
file. A missing cookie configuration will flag an error.
+
+## Yarn Mode:
+
+In Yarn mode of deployment, secure cookie can be provided in multiple ways.
+
+- Flink configuration
+
+- As command line argument (-k or --cookie) to Yarn session CLI
+
+- Auto generated if not supplied through Flink configuration or Yarn
session CLI argument
+
+The secure cookie will be made available as container environment variable
for the application containers (JM/TM) to make use of it.
+
+On the client machine from where the Yarn session CLI is used to create
the Flink application, the application specific secure cookie will be persisted
in an INI file format in the user home directory. Any subsequent access to the
Flink cluster using Yarn Session CLI (by passing the application ID) will
automatically include appropriate secure cookie associated with the application
ID to communicate with the cluster.
+
+Since the secure cookie is persisted in the user home directory, it is
safe enough to consider that it can be accessed only by the user who created
the cluster.
--- End diff --
I think this should be a bigger warning, as it shows a fundamental
assumption that users should be aware of.
With what access permission settings is the ini file persisted?
> Implement Service-Level Authorization
> -------------------------------------
>
> Key: FLINK-3930
> URL: https://issues.apache.org/jira/browse/FLINK-3930
> Project: Flink
> Issue Type: New Feature
> Components: Security
> Reporter: Eron Wright
> Assignee: Vijay Srinivasaraghavan
> Labels: security
> Original Estimate: 672h
> Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
> design doc._
> Service-level authorization is the initial authorization mechanism to ensure
> clients (or servers) connecting to the Flink cluster are authorized to do so.
> The purpose is to prevent a cluster from being used by an unauthorized
> user, whether to execute jobs, disrupt cluster functionality, or gain access
> to secrets stored within the cluster.
> Implement service-level authorization as described in the design doc.
> - Introduce a shared secret cookie
> - Enable Akka security cookie
> - Implement data transfer authentication
> - Secure the web dashboard
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
