[jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15417431#comment-15417431
 ] 

ASF GitHub Bot commented on FLINK-3929:
---------------------------------------

Github user mxm commented on the issue:

    https://github.com/apache/flink/pull/2275
  
    >HDFS and Yarn are handled through the @BeforeClass and @AfterClass style 
and they do not use custom JRunner implementation. As you have suggested, I 
could keep just one or two tests for each of the modules to cut down the 
running time, if that's okay with you?
    
    Thanks! Yes, please just one test per entity (HDFS, Yarn, Kafka/Zookeeper). 
Could you also convert the Kafka test to using `@BeforeClass` and 
`@AfterClass`? You don't necessarily have to duplicate code. How about changing 
the test base to include a method to instantiate the secure settings? I think 
you'll need to add an abstract method in `KafkaTestEnvironment`, e.g. 
loadSecureSettings(), then add another one in `KafkaTestBase`, e.g. 
getTestEnvironmentClass(), to load the appropriate test environment 
(secure/non-secure). You will have additional classes that implement these two 
methods. These classes will be very short as they just overload the method. 
This is cleaner although a bit more verbose.
    
    >I am open to keep just 3 classes for each scenarios (HDFS, Yarn & Kafka) 
as you have suggested but in my opinion that will defeat the idea of reusing 
existing test program.
    
    I understand but we're actually just increasing the testing time and not 
gaining much from running multiple security tests for the same component.


> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Add support for a keytab credential to be associated with the Flink cluster, 
> to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)