gaborgsomogyi opened a new pull request #18664: URL: https://github.com/apache/flink/pull/18664
## What is the purpose of the change It adds a pluggable delegation token framework to Flink. From high level perspective delegation token framework is loaded in all deployment modes when: * `security.kerberos.fetch.delegation-token` is `true` * `hadoop-common` dependency is on classpath Please note that this PR is not adding the whole feature, there are several subtasks in [FLINK-21232](https://issues.apache.org/jira/browse/FLINK-21232) which needs to be solved as well. ## Brief change log * Added generic `DelegationTokenManager` which is loaded in `ResourceManager` * Added `DelegationTokenProvider` API * `DelegationTokenProvider` implementations are loaded by `DelegationTokenManager` which is covered in unit tests * Added delegation token serialization/deserialization functionality with unit tests * Now all resource manager implementations get Flink configuration (providers need it to find out provider specific data) * Added the new framework usage to `YarnClusterDescriptor` ## Verifying this change * Existing + new unit tests * Manually * `security.kerberos.fetch.delegation-token=true` + `hadoop-common` dependency is on classpath * `security.kerberos.fetch.delegation-token=false` + `hadoop-common` dependency is on classpath * `security.kerberos.fetch.delegation-token=true` + `hadoop-common` dependency is NOT on classpath * `security.kerberos.fetch.delegation-token=false` + `hadoop-common` dependency is NOT on classpath ## Does this pull request potentially affect one of the following parts: - Dependencies (does it add or upgrade a dependency): no - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: yes - The serializers: no - The runtime per-record code paths (performance sensitive): no - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: yes - The S3 file system connector: no ## Documentation - Does this pull request introduce a new feature? yes - If yes, how is the feature documented? All documentation is intended to be added in [FLINK-25911](https://issues.apache.org/jira/browse/FLINK-25911) when everything works as a whole -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
