[
https://issues.apache.org/jira/browse/FLINK-21640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309132#comment-17309132
]
Yang Wang commented on FLINK-21640:
-----------------------------------
[~Bo Cui] Thanks for creating this ticket and sharing your use case.
Beyond the implementation, actually I have a concern about your proposal. If we
make the Flink root ZK node public, then I think it could not satisfy the
following use case.
In a secure ZooKeeper cluster, each user could configure their own Flink root
node(e.g. {{high-availability.zookeeper.path.root=flink-user-a}}), then he/she
will expect the root node should not be modified by other users. If we apply
your proposal, the user b could create nodes under /flink-user-a. Right?
All in all, I think this issue is about the ZooKeeper maintenance. If /flink
node is shared by many users in a secure ZooKeeper cluster, then it should be
created beforehand with correct permission.
> Job fails to be submitted in tenant scenario
> --------------------------------------------
>
> Key: FLINK-21640
> URL: https://issues.apache.org/jira/browse/FLINK-21640
> Project: Flink
> Issue Type: Bug
> Components: API / Core, Client / Job Submission
> Affects Versions: 1.12.2, 1.13.0
> Reporter: Bo Cui
> Assignee: Bo Cui
> Priority: Major
> Labels: pull-request-available
> Attachments: image-2021-03-06-09-30-52-410.png,
> image-2021-03-06-09-34-05-518.png
>
>
> Job fails to be submitted in tenant scenario
> !image-2021-03-06-09-30-52-410.png!
> because current user does not have the Znode permission.
> !image-2021-03-06-09-34-05-518.png!
> i think the parent znode acl is anyone.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
