Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FLINK-29622][runtime][security] Start kerberos delegation token prov… #21114

Merged
merged 1 commit into from Oct 19, 2022
Merged

[FLINK-29622][runtime][security] Start kerberos delegation token prov… #21114

merged 1 commit into from Oct 19, 2022

Conversation

mbalassi
Copy link
Contributor

Backport of #21098 that I have already merged to master.

cc @gaborgsomogyi

@gaborgsomogyi @mbalassi
[FLINK-29622][runtime][security] Start kerberos delegation token prov…
8a6f140 
…ider only if the user provided valid credentials
@flinkbot
Copy link
Collaborator

flinkbot commented Oct 19, 2022
edited

CI report:

Bot commands The @flinkbot bot supports the following commands:
  • @flinkbot run azure re-run the last Azure build

zentol
zentol reviewed Oct 19, 2022
View reviewed changes
...main/java/org/apache/flink/runtime/security/token/KerberosDelegationTokenManagerFactory.java
Comment on lines +49 to +51
KerberosLoginProvider kerberosLoginProvider =
new KerberosLoginProvider(configuration);
if (kerberosLoginProvider.isLoginPossible()) {
Copy link
Contributor

@zentol zentol Oct 19, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

its a bit strange that we create a provider, use it for one call, throw it away, only for it to be re-created in the delegation token manager.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having a static function which is hardly testable would be more strange. From perf perspective this runs once per cluster start.

@mbalassi
Copy link
Contributor Author

Thanks for taking a look, @zentol. Based on the urgency of the matter and @gaborgsomogyi's reply I am comfortable with merging this as soon as the CI passes. I have performed local tests which look good. Let me know if you have further input.

@mbalassi mbalassi merged commit 98bcabb into apache:release-1.16 Oct 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zentol zentol zentol left review comments

@gaborgsomogyi gaborgsomogyi gaborgsomogyi left review comments

Assignees
No one assigned
Labels
component=Runtime/Coordination component=Tests
Projects
None yet
Milestone
No milestone
4 participants
@mbalassi @flinkbot @zentol @gaborgsomogyi