You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2019/02/14 04:34:58 UTC

[GitHub] walterddr opened a new pull request #7703: [FLINK-11589][Security] Service provider for security module and context discovery

walterddr opened a new pull request #7703: [FLINK-11589][Security] Service provider for security module and context discovery
URL: https://github.com/apache/flink/pull/7703
 
 
   ## What is the purpose of the change
   
   This PR refactors `SecurityUtils.class` in `flink-runtime` and replace with an extendable module based on the [service provider pattern](https://docs.oracle.com/javase/tutorial/sound/SPI-intro.html). With this extension, users can {create extendable security modules](https://docs.oracle.com/javase/tutorial/ext/basics/spi.html) with 3rd-party implementations. 
   
   
   ## Brief change log
   
     - Added SecurityFactoryService class for discovering installed SecurityFactory(s) in the classpath.
       - Extended into SecurityModuleFactory and SecurityContextFactory.
     - Replace SecurityUtils with SecurityEnvironment class that holds all installed security-related objects. 
     - Replace current security installation process with a 2-step installation - first install security module(s) per user-defined properties, then install security context based on security modules and properties
     - Refactored current Hadoop/JaaS/Zookeeper modules into extendable class. 
   
   
   ## Verifying this change
   
   This change is already covered by existing tests in `flink-runtime` and ITCases in YARN and Kafka modules, also added to the tests:
     - Modified YARN and Kafka test modules to install modules/context through service provider discovery
     - Included test module factories and a default security context factory in test path.
   
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): no
     - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: no
     - The serializers: no
     - The runtime per-record code paths (performance sensitive): no
     - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Yarn/Mesos, ZooKeeper: yes (affects security installation)
     - The S3 file system connector: no
   
   ## Documentation
   
     - Does this pull request introduce a new feature? yes
     - If yes, how is the feature documented? not yet, awaits review.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services