[jira] [Updated] (FLINK-12130) Apply command line options to configuration before install security modules

Mon, 08 Apr 2019 21:21:44 -0700 


     [ 
https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Victor Wong updated FLINK-12130:
--------------------------------
    Description: 
Currently if the user configures Kerberos credentials through command line, it 
won't work.
{code:java}
// flink run -m yarn-cluster -yD security.kerberos.login.keytab=/path/to/keytab 
-yD security.kerberos.login.principal=xxx /path/to/test.jar
{code}
Above command would cause security failure if you do not have a ticket cache w/ 
kinit.

Maybe we could call 
_org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_
  before _SecurityUtils.install(new SecurityConfiguration(cli.configuration));_

Here is a demo patch: 
[https://github.com/jiasheng55/flink/commit/f2c63b97bdb7d6067deb7a48caf72958abb2903a]

  was:
Currently if the user configures Kerberos credentials through command line, it 
won't work.
{code:java}
// flink run -m yarn-cluster -yD security.kerberos.login.keytab=/path/to/keytab 
-yD security.kerberos.login.principal=xxx /path/to/test.jar
{code}
Maybe we could call 
_org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_
 ** before _SecurityUtils.install(new 
SecurityConfiguration(cli.configuration));_

Here is a demo patch: 
[https://github.com/jiasheng55/flink/commit/f2c63b97bdb7d6067deb7a48caf72958abb2903a]


> Apply command line options to configuration before install security modules
> ---------------------------------------------------------------------------
>
>                 Key: FLINK-12130
>                 URL: https://issues.apache.org/jira/browse/FLINK-12130
>             Project: Flink
>          Issue Type: Improvement
>          Components: Command Line Client
>            Reporter: Victor Wong
>            Priority: Major
>
> Currently if the user configures Kerberos credentials through command line, 
> it won't work.
> {code:java}
> // flink run -m yarn-cluster -yD 
> security.kerberos.login.keytab=/path/to/keytab -yD 
> security.kerberos.login.principal=xxx /path/to/test.jar
> {code}
> Above command would cause security failure if you do not have a ticket cache 
> w/ kinit.
> Maybe we could call 
> _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_
>   before _SecurityUtils.install(new 
> SecurityConfiguration(cli.configuration));_
> Here is a demo patch: 
> [https://github.com/jiasheng55/flink/commit/f2c63b97bdb7d6067deb7a48caf72958abb2903a]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to