You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by gu...@apache.org on 2020/04/07 12:57:51 UTC
[spark] 03/04: [SPARK-31282][DOC] Supplement version for
configuration appear in security doc
This is an automated email from the ASF dual-hosted git repository.
gurwls223 pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/spark.git
commit 70bf2ff09d3d71d8fb9dcee7f2298288caa641e7
Author: beliefer <be...@163.com>
AuthorDate: Tue Mar 31 12:33:01 2020 +0900
[SPARK-31282][DOC] Supplement version for configuration appear in security doc
### What changes were proposed in this pull request?
This PR supplements version for configuration appear in security doc.
I sorted out some information show below.
Item name | Since version | JIRA ID | Commit ID | Note
-- | -- | -- | -- | --
spark.network.crypto.keyLength | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |
spark.network.crypto.keyFactoryAlgorithm | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |
spark.network.crypto.config.* | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |
spark.network.crypto.saslFallback | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |
spark.authenticate.enableSaslEncryption | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |
spark.network.sasl.serverAlwaysEncrypt | 1.4.0 | SPARK-6229 | 38d4e9e446b425ca6a8fe8d8080f387b08683842#diff-d2ce9b38bdc38ca9d7119f9c2cf79907 |
spark.ui.filters | 1.0.0 | SPARK-1189 | 7edbea41b43e0dc11a2de156be220db8b7952d01#diff-f79a5ead735b3d0b34b6b94486918e1c |
spark.acls.enable | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |
spark.ui.view.acls | 1.0.0 | SPARK-1189 | 7edbea41b43e0dc11a2de156be220db8b7952d01#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |
spark.ui.view.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |
spark.admin.acls | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |
spark.admin.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |
spark.modify.acls | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |
spark.modify.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |
spark.user.groups.mapping | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |
spark.history.ui.acls.enable | 1.0.1 | Spark 1489 | c8dd13221215275948b1a6913192d40e0c8cbadd#diff-b49b5b9c31ddb36a9061004b5b723058 |
spark.history.ui.admin.acls | 2.1.1 | SPARK-19033 | 4ca1788805e4a0131ba8f0ccb7499ee0e0242837#diff-a7befb99e7bd7e3ab5c46c2568aa5b3e |
spark.history.ui.admin.acls.groups | 2.1.1 | SPARK-19033 | 4ca1788805e4a0131ba8f0ccb7499ee0e0242837#diff-a7befb99e7bd7e3ab5c46c2568aa5b3e |
spark.ui.xXssProtection | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 |
spark.ui.xContentTypeOptions.enabled | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 |
spark.ui.strictTransportSecurity | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 |
spark.security.credentials.${service}.enabled | 2.3.0 | SPARK-20434 | a18d637112b97d2caaca0a8324bdd99086664b24#diff-da6c1fd6d8b0c7538a3e77a09e06a083 |
spark.kerberos.access.hadoopFileSystems | 3.0.0 | SPARK-26766 | d0443a74d185ec72b747fa39994fa9a40ce974cf#diff-6bdad48cfc34314e89599655442ff210 |
### Why are the changes needed?
Supplemental configuration version information.
### Does this PR introduce any user-facing change?
'No'.
### How was this patch tested?
Jenkins test
Closes #28044 from beliefer/supplement-version-to-security-doc.
Authored-by: beliefer <be...@163.com>
Signed-off-by: HyukjinKwon <gu...@apache.org>
---
docs/security.md | 43 +++++++++++++++++++++++++++++++------------
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/docs/security.md b/docs/security.md
index 5496879..aef6e69 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -158,7 +158,7 @@ The following table describes the different options available for configuring th
<td>
The length in bits of the encryption key to generate. Valid values are 128, 192 and 256.
</td>
- <td></td>
+ <td>2.2.0</td>
</tr>
<tr>
<td><code>spark.network.crypto.keyFactoryAlgorithm</code></td>
@@ -167,7 +167,7 @@ The following table describes the different options available for configuring th
The key factory algorithm to use when generating encryption keys. Should be one of the
algorithms supported by the javax.crypto.SecretKeyFactory class in the JRE being used.
</td>
- <td></td>
+ <td>2.2.0</td>
</tr>
<tr>
<td><code>spark.network.crypto.config.*</code></td>
@@ -177,7 +177,7 @@ The following table describes the different options available for configuring th
use. The config name should be the name of commons-crypto configuration without the
<code>commons.crypto</code> prefix.
</td>
- <td></td>
+ <td>2.2.0</td>
</tr>
<tr>
<td><code>spark.network.crypto.saslFallback</code></td>
@@ -196,6 +196,7 @@ The following table describes the different options available for configuring th
<td>
Enable SASL-based encrypted communication.
</td>
+ <td>2.2.0</td>
</tr>
<tr>
<td><code>spark.network.sasl.serverAlwaysEncrypt</code></td>
@@ -204,6 +205,7 @@ The following table describes the different options available for configuring th
Disable unencrypted connections for ports using SASL authentication. This will deny connections
from clients that have authentication enabled, but do not request SASL-based encryption.
</td>
+ <td>1.4.0</td>
</tr>
</table>
@@ -286,7 +288,7 @@ below.
The following options control the authentication of Web UIs:
<table class="table">
-<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
+<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
<tr>
<td><code>spark.ui.filters</code></td>
<td>None</td>
@@ -294,6 +296,7 @@ The following options control the authentication of Web UIs:
See the <a href="configuration.html#spark-ui">Spark UI</a> configuration for how to configure
filters.
</td>
+ <td>1.0.0</td>
</tr>
<tr>
<td><code>spark.acls.enable</code></td>
@@ -303,6 +306,7 @@ The following options control the authentication of Web UIs:
permissions to view or modify the application. Note this requires the user to be authenticated,
so if no authentication filter is installed, this option does not do anything.
</td>
+ <td>1.1.0</td>
</tr>
<tr>
<td><code>spark.admin.acls</code></td>
@@ -310,6 +314,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of users that have view and modify access to the Spark application.
</td>
+ <td>1.1.0</td>
</tr>
<tr>
<td><code>spark.admin.acls.groups</code></td>
@@ -317,6 +322,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of groups that have view and modify access to the Spark application.
</td>
+ <td>2.0.0</td>
</tr>
<tr>
<td><code>spark.modify.acls</code></td>
@@ -324,6 +330,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of users that have modify access to the Spark application.
</td>
+ <td>1.1.0</td>
</tr>
<tr>
<td><code>spark.modify.acls.groups</code></td>
@@ -331,6 +338,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of groups that have modify access to the Spark application.
</td>
+ <td>2.0.0</td>
</tr>
<tr>
<td><code>spark.ui.view.acls</code></td>
@@ -338,6 +346,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of users that have view access to the Spark application.
</td>
+ <td>1.0.0</td>
</tr>
<tr>
<td><code>spark.ui.view.acls.groups</code></td>
@@ -345,6 +354,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of groups that have view access to the Spark application.
</td>
+ <td>2.0.0</td>
</tr>
<tr>
<td><code>spark.user.groups.mapping</code></td>
@@ -361,6 +371,7 @@ The following options control the authentication of Web UIs:
Windows environment is currently <b>not</b> supported. However, a new platform/protocol can
be supported by implementing the trait mentioned above.
</td>
+ <td>2.0.0</td>
</tr>
</table>
@@ -375,7 +386,7 @@ servlet filters.
To enable authorization in the SHS, a few extra options are used:
<table class="table">
-<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
+<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
<tr>
<td><code>spark.history.ui.acls.enable</code></td>
<td>false</td>
@@ -389,6 +400,7 @@ To enable authorization in the SHS, a few extra options are used:
If disabled, no access control checks are made for any application UIs available through
the history server.
</td>
+ <td>1.0.1</td>
</tr>
<tr>
<td><code>spark.history.ui.admin.acls</code></td>
@@ -397,6 +409,7 @@ To enable authorization in the SHS, a few extra options are used:
Comma separated list of users that have view access to all the Spark applications in history
server.
</td>
+ <td>2.1.1</td>
</tr>
<tr>
<td><code>spark.history.ui.admin.acls.groups</code></td>
@@ -405,6 +418,7 @@ To enable authorization in the SHS, a few extra options are used:
Comma separated list of groups that have view access to all the Spark applications in history
server.
</td>
+ <td>2.1.1</td>
</tr>
</table>
@@ -620,7 +634,7 @@ Apache Spark can be configured to include HTTP headers to aid in preventing Cros
Security.
<table class="table">
-<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
+<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
<tr>
<td><code>spark.ui.xXssProtection</code></td>
<td><code>1; mode=block</code></td>
@@ -635,6 +649,7 @@ Security.
of the page if an attack is detected.)</li>
</ul>
</td>
+ <td>2.3.0</td>
</tr>
<tr>
<td><code>spark.ui.xContentTypeOptions.enabled</code></td>
@@ -642,7 +657,8 @@ Security.
<td>
When enabled, X-Content-Type-Options HTTP response header will be set to "nosniff".
</td>
- </tr>
+ <td>2.3.0</td>
+</tr>
<tr>
<td><code>spark.ui.strictTransportSecurity</code></td>
<td>None</td>
@@ -656,6 +672,7 @@ Security.
<li><code>max-age=<expire-time>; preload</code></li>
</ul>
</td>
+ <td>2.3.0</td>
</tr>
</table>
@@ -796,16 +813,17 @@ deployment-specific page for more information.
The following options provides finer-grained control for this feature:
<table class="table">
-<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
+<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
<tr>
<td><code>spark.security.credentials.${service}.enabled</code></td>
<td><code>true</code></td>
<td>
- Controls whether to obtain credentials for services when security is enabled.
- By default, credentials for all supported services are retrieved when those services are
- configured, but it's possible to disable that behavior if it somehow conflicts with the
- application being run.
+ Controls whether to obtain credentials for services when security is enabled.
+ By default, credentials for all supported services are retrieved when those services are
+ configured, but it's possible to disable that behavior if it somehow conflicts with the
+ application being run.
</td>
+ <td>2.3.0</td>
</tr>
<tr>
<td><code>spark.kerberos.access.hadoopFileSystems</code></td>
@@ -818,6 +836,7 @@ The following options provides finer-grained control for this feature:
or in a trusted realm). Spark acquires security tokens for each of the filesystems so that
the Spark application can access those remote Hadoop filesystems.
</td>
+ <td>3.0.0</td>
</tr>
</table>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org