vanzin commented on a change in pull request #23252: [SPARK-26239] File-based
secret key loading for SASL.
URL: https://github.com/apache/spark/pull/23252#discussion_r240320071
##########
File path: core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
##########
@@ -395,9 +397,54 @@ class SecurityManagerSuite extends SparkFunSuite with
ResetSystemProperties {
assert(keyFromEnv === new SecurityManager(conf2).getSecretKey())
}
+ test("Use executor-specific secret file configuration.") {
+ val secretFileFromDriver = createTempSecretFile("driver-secret")
+ val secretFileFromExecutor = createTempSecretFile("executor-secret")
+ val conf = new SparkConf()
+ .setMaster("k8s://127.0.0.1")
+ .set(AUTH_SECRET_FILE_DRIVER, Some(secretFileFromDriver.getAbsolutePath))
+ .set(AUTH_SECRET_FILE_EXECUTOR,
Some(secretFileFromExecutor.getAbsolutePath))
+ .set(SecurityManager.SPARK_AUTH_CONF, "true")
+ val mgr = new SecurityManager(conf, authSecretFileConf =
AUTH_SECRET_FILE_EXECUTOR)
+ assert(encodeFileAsBase64(secretFileFromExecutor) === mgr.getSecretKey())
+ }
+
+ test("Files must be loaded on both the driver and executor and not only one
of the two.") {
Review comment:
"secret file must be defined in both driver and executor". Shorter and
clearer.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
