Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FLINK-28330][runtime][security] Remove old delegation token framework code #21147

Merged
merged 2 commits into from Nov 14, 2022
Merged

[FLINK-28330][runtime][security] Remove old delegation token framework code #21147

merged 2 commits into from Nov 14, 2022

Conversation

gaborgsomogyi
Copy link
Contributor

Brief change log

Since the new delegation token framework works (it obtains/re-obtains/distributes tokens to task managers) it's time to remove the old code snippet which is only able to obtain tokens only at the initial phase. In this PR I've removed that code part.

Brief change log

  • Removed old token fetch code
  • KerberosDelegationTokenManager must only start in YARN when user provided valid credentials fix

Verifying this change

  • Existing unit tests
  • Manually on YARN and K8S (please see an example here)

Does this pull request potentially affect one of the following parts:

  • Dependencies (does it add or upgrade a dependency): no
  • The public API, i.e., is any changed class annotated with @Public(Evolving): no
  • The serializers: no
  • The runtime per-record code paths (performance sensitive): no
  • Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
  • The S3 file system connector: no

Documentation

  • Does this pull request introduce a new feature? no
  • If yes, how is the feature documented? not applicable

@gaborgsomogyi
Copy link
Contributor Author

cc @mbalassi

@flinkbot
Copy link
Collaborator

flinkbot commented Oct 25, 2022
edited

CI report:

Bot commands The @flinkbot bot supports the following commands:
  • @flinkbot run azure re-run the last Azure build

@gaborgsomogyi gaborgsomogyi force-pushed the FLINK-28330 branch 2 times, most recently from 95ca755 to 0aad651 Compare November 1, 2022 11:55
@gaborgsomogyi
Copy link
Contributor Author

@flinkbot run azure

@mbalassi mbalassi self-assigned this Nov 13, 2022
@mbalassi mbalassi self-requested a review November 13, 2022 19:17
mbalassi
mbalassi reviewed Nov 13, 2022
View reviewed changes
Copy link
Contributor

@mbalassi mbalassi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @gaborgsomogyi. I am verifying the change before merging locally.

flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java Outdated
setTokensFor(amContainer);
} else {
LOG.info(
"Cannot use kerberos delegation token manager no valid kerberos credentials provided.");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: token manager, no valid

@mbalassi
Copy link
Contributor

@gaborgsomogyi verified locally via the k8s operator. Will fix the typo and merge.

@mbalassi mbalassi merged commit 480e6ed into apache:master Nov 14, 2022
@gaborgsomogyi gaborgsomogyi deleted the FLINK-28330 branch September 13, 2023 08:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mbalassi mbalassi mbalassi left review comments

Assignees

@mbalassi mbalassi

Labels
component=Connectors/Common component=Deployment/Kubernetes component=Deployment/YARN
Projects
None yet
Milestone
No milestone
3 participants
@gaborgsomogyi @flinkbot @mbalassi