[Client/Server] [Security] Dynamic User Creation #1467
Description
Search before asking
- I searched in the issues and found nothing similar.
Motivation
FIP-2 introduced Authentication and Authorization in Apache Fluss.
Authentication modes:
- PLAINTEXT: no identity checking at all; everyone is “anonymous”.
- SASL/PLAIN: user + password pairs defined in the JAAS config string
Current Limitations
Currently, Fluss doesn’t have a way to create/delete users dynamically. When SASL/PLAIN authentication is enabled ,users are hardcoded in the server’s JAAS string inside conf/server.yaml; Fluss reads that list at startup. To add someone later it requires:
- edit the JAAS line and append another entry
- restart the brokers (or roll out the new container image/config map)
After the node restarts, the new user can log in, and you can assign fine-grained rights using the ACL procedures (CALL … add_acl) that Fluss exposes through Flink SQL or achieve the same via the Java Client API.
Practical security implications
- Static user list: Every credential change triggers a restart; risky if you need emergency revocation.
- Passwords in clear text: Anyone with read access to the config sees every password.
Solution
To address this limitation, we could introduce something like a dynamic user management extension for Fluss. This should allow creating and deleting users at runtime without broker restarts, by storing credentials in Apache ZooKeeper (or other service) and integrating with Fluss’s authentication framework.
So in a nutshell, something like a **User Management API ** in the Fluss client library and a **Dynamic Credential Store ** on the Fluss brokers, where user credentials (username & hashed password) are stored persistently in ZooKeeper (ZK) could help solve this.
Fluss brokers can load these credentials at startup and monitor changes in ZK to update in-memory user lists on the fly.
Anything else?
No response
Willingness to contribute
- I'm willing to submit a PR!