[jira] [Work logged] (BEAM-7190) enable file system based token authentication for portable runner

Mon, 20 May 2019 13:51:12 -0700 


     [ 
https://issues.apache.org/jira/browse/BEAM-7190?focusedWorklogId=245525&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-245525
 ]

ASF GitHub Bot logged work on BEAM-7190:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 20/May/19 20:50
            Start Date: 20/May/19 20:50
    Worklog Time Spent: 10m 
      Work Description: lhaiesp commented on issue #8597: [BEAM-7190] Enable 
file based token auth for samza portable runner
URL: https://github.com/apache/beam/pull/8597#issuecomment-494146192
 
 
   @angoenka can you be a little bit more specific about making it modular? 
Right now runners instantiate and start gRPC servers on their own. What I could 
do now is to put more logic into a util function but ultimately each runner 
needs to integrate with it themselves.
   
   On your second point, the channel is effectively "secure" because 1) traffic 
is loopback only so there is no real network packet 2) the loopback traffic can 
not be eavesdropped unless by a root user, who can basically do anything 
including reading the private keys on file on in memory 
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 245525)
    Time Spent: 0.5h  (was: 20m)

> enable file system based token authentication for portable runner
> -----------------------------------------------------------------
>
>                 Key: BEAM-7190
>                 URL: https://issues.apache.org/jira/browse/BEAM-7190
>             Project: Beam
>          Issue Type: Task
>          Components: runner-samza
>            Reporter: Hai Lu
>            Assignee: Hai Lu
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> For Samza and potentially other portable runners, there is a need to secure 
> the communication between sdk worker and runner. Currently the SSL/TLS in 
> portability is half done.
> However, after investigation we found that it's sufficient to just 1) use 
> loopback address 2) enforce authentication and that way the communication is 
> both authenticated and secured.
> This ticket intends to track the implementation of the solution above. More 
> details can be found in the following PR.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to