Hi Hai,
Thanks for the PR.
Added a couple of comments. Will take a detailed look later.
Thanks,
Ankur
*From: *Hai Lu
*Date: *Thu, May 16, 2019 at 8:02 PM
*To: * ,
*Cc: * , ,
Hi Lukasz and Ankur,
>
> Here is the PR that implements the idea:
> https://github.com/apache/beam/pull/8597
>
>
Hi Lukasz and Ankur,
Here is the PR that implements the idea:
https://github.com/apache/beam/pull/8597
Would appreciate it if you could take a look.
Thanks,
Hai
On Tue, Apr 30, 2019 at 9:13 AM Hai Lu wrote:
> One thing to clarify is that we do not use docker. I don't have too much
>
One thing to clarify is that we do not use docker. I don't have too much
experience with docker; I assume docker itself already has network
isolation, and that's why it was never necessary to enable security in
portable runner before?
For us because we simply use processes, we need this extra
Changing the address to be loopback based upon how the environment is
started (docker container/process/external/...) makes sense.
How would the SDK and runner support storing/sharing this secret? (For
example, in the docker container, how would the secret get there?)
On Mon, Apr 29, 2019 at
Hi Lukasz and Ankur,
Thank you so much for your response! This is what we're doing/implementing
in our internal fork right now:
1. We assume that the Java process and Python process *are always
colocated in the same host*, so first of all we use "loopback" address
instead of "any
In an offline chat with Hai, It seem useful for users to be able to provide
custom authentication like a secret which can be distributed out of band by
the infrastructure and can be provided via file system, rpc to another
service etc.
gRPC already has some mechanism for standard and custom
I had originally taken a look at this a while ago but not much has
progressed since then. The original idea was that the ApiServiceDescriptor
would be extended to support secure ways of authentication/communication. I
was prototyping with an OAuth2 client credentials grant at the time but
dropped
The link to the ApiServiceDescriptor is
https://github.com/apache/beam/blob/476e17ed6badd4d5c06c4caf8a824805f40a8e7a/model/pipeline/src/main/proto/endpoints.proto#L31
On Fri, Apr 26, 2019 at 4:32 PM Lukasz Cwik wrote:
> I had originally taken a look at this a while ago but not much has
>
Hi,
This is Hai from LinkedIn. Daniel and I have been working on
productionizing Samza portable runner. BTW, Daniel didn't mention in his
previous email that he has enabled and validated Python 3 for Samza runner
and it worked smoothly. Kudos to the team!
Here I have a few security related