Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
None
-
None
Description
This issue is part of a series of improvements detailed in the Secure Data Access design doc.
Service-level authorization is the initial authorization mechanism to ensure clients (or servers) connecting to the Flink cluster are authorized to do so. The purpose is to prevent a cluster from being used by an unauthorized user, whether to execute jobs, disrupt cluster functionality, or gain access to secrets stored within the cluster.
Implement service-level authorization as described in the design doc.
- Introduce a shared secret cookie
- Enable Akka security cookie
- Implement data transfer authentication
- Secure the web dashboard
Attachments
Issue Links
- incorporates
-
FLINK-4919 Add secure cookie support for the cluster deployed in Mesos environment
- Closed
- relates to
-
FLINK-4635 Implement Data Transfer Authentication using shared secret configuration
- Closed
-
FLINK-4637 Address Yarn proxy incompatibility with Flink Web UI when service level authorization is enabled
- Closed
- links to