Hi Gabor, Thanks for driving this effort! A few thoughts on the topic: - Could you please add a few examples of the delegation token providers we expected to be added in the near future? Ideally these providers could be configured independently from each other. However the configuration defaults mentioned in the FLIP are derived from hadoop configuration. I don't see the point here. - Are we planning to support such scenarios where we need to read/write from different authentication realms from the same application. Two Hadoop clusters, Kafka clusters etc? This would need an authentication provider per source/sink.
Thanks, Matyas On Mon, Nov 7, 2022 at 5:10 AM Gabor Somogyi <gabor.g.somo...@gmail.com> wrote: > Hi team, > > Delegation token framework is going to be finished soon (added in FLIP-211 > < > https://cwiki.apache.org/confluence/display/FLINK/FLIP-211%3A+Kerberos+delegation+token+framework?src=contextnavpagetreemode > > > ). > Previously there were concerns that the current implementation is bound to > Hadoop and Kerberos authentication. This is fair concern and as a result > we've created a proposal to generalize the delegation token framework > (practically making it authentication agnostic). > > This can open the path to add further non-hadoop and non-Kerberos based > providers like S3 or many others. > > One can find the FLIP in: > - Wiki: > > https://cwiki.apache.org/confluence/display/FLINK/FLIP-272%3A+Generalized+delegation+token+support > - document: > > https://docs.google.com/document/d/12tFdx1AZVuW9BjwBht_pMNELgrqro8Z5-hzWeaRY4pc/edit?usp=sharing > > I would like to start a discussion to make the framework better. > > BR, > G >
