[jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15503262#comment-15503262
 ] 

ASF GitHub Bot commented on FLINK-3929:
---------------------------------------

Github user mxm commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2275#discussion_r79356049
  
    --- Diff: 
flink-yarn-tests/src/test/java/org/apache/flink/yarn/YarnTestBase.java ---
    @@ -374,7 +409,39 @@ public static void startYARNWithConfig(Configuration 
conf) {
                        File flinkConfDirPath = findFile(flinkDistRootDir, new 
ContainsName(new String[]{"flink-conf.yaml"}));
                        Assert.assertNotNull(flinkConfDirPath);
     
    -                   map.put(ConfigConstants.ENV_FLINK_CONF_DIR, 
flinkConfDirPath.getParent());
    +                   if(!StringUtils.isBlank(principal) && 
!StringUtils.isBlank(keytab)) {
    +                           //copy conf dir to test temporary workspace 
location
    +                           tempConfPathForSecureRun = 
tmp.newFolder("conf");
    +
    +                           String confDirPath = 
flinkConfDirPath.getParentFile().getAbsolutePath();
    +                           FileUtils.copyDirectory(new File(confDirPath), 
tempConfPathForSecureRun);
    +
    +                           try(FileWriter fw = new FileWriter(new 
File(tempConfPathForSecureRun,"flink-conf.yaml"), true);
    +                                   BufferedWriter bw = new 
BufferedWriter(fw);
    +                                   PrintWriter out = new PrintWriter(bw))
    +                           {
    +                                   LOG.info("writing keytab: " + keytab + 
" and principal: " + principal + " to config file");
    +                                   out.println("");
    +                                   out.println("#Security Configurations 
Auto Populated ");
    +                                   
out.println(ConfigConstants.SECURITY_KEYTAB_KEY + ": " + keytab);
    +                                   
out.println(ConfigConstants.SECURITY_PRINCIPAL_KEY + ": " + principal);
    +                                   out.println("");
    +                           } catch (IOException e) {
    +                                   LOG.error("Exception occured while 
trying to append the security configurations. Reason: {}", e.getMessage());
    --- End diff --
    
    Should be `LOG.error("Exception occured while trying to append the security 
configurations.", e);`


> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Add support for a keytab credential to be associated with the Flink cluster, 
> to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)