[jira] [Commented] (FLINK-3930) Implement Service-Level Authorization

Thu, 01 Sep 2016 07:15:32 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15455520#comment-15455520
 ] 

ASF GitHub Bot commented on FLINK-3930:
---------------------------------------

Github user rmetzger commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2425#discussion_r77181460
  
    --- Diff: 
flink-yarn/src/main/java/org/apache/flink/yarn/YarnApplicationMasterRunner.java 
---
    @@ -597,6 +610,11 @@ public static ContainerLaunchContext 
createTaskManagerContext(
     
                containerEnv.put(YarnConfigKeys.ENV_CLIENT_USERNAME, 
yarnClientUsername);
     
    +           final String secureCookie = 
ENV.get(YarnConfigKeys.ENV_SECURE_AUTH_COOKIE);
    +           if(secureCookie != null) {
    +                   containerEnv.put(YarnConfigKeys.ENV_SECURE_AUTH_COOKIE, 
secureCookie);
    --- End diff --
    
    The problem here is that the secure cookie will be put into the environment 
of the TaskManager JVM, so it'll be quite easy to just read the environment 
variables (not sure if that is an issue).
    Another issue is that YARN is by default launching processes by creating a 
temporary bash file, with all the environment variables and the JVM invocation. 
So the secure cookie will be written into some tmp directory on YARN.
    I wonder if there's some infrastructure in YARN to transfer the tokens in a 
secure way.


> Implement Service-Level Authorization
> -------------------------------------
>
>                 Key: FLINK-3930
>                 URL: https://issues.apache.org/jira/browse/FLINK-3930
>             Project: Flink
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Service-level authorization is the initial authorization mechanism to ensure 
> clients (or servers) connecting to the Flink cluster are authorized to do so. 
>   The purpose is to prevent a cluster from being used by an unauthorized 
> user, whether to execute jobs, disrupt cluster functionality, or gain access 
> to secrets stored within the cluster.
> Implement service-level authorization as described in the design doc.
> - Introduce a shared secret cookie
> - Enable Akka security cookie
> - Implement data transfer authentication
> - Secure the web dashboard



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to