[FLINK-3930] Implement Service-Level Authorization - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: Runtime / Coordination
Labels:
- security

Description

This issue is part of a series of improvements detailed in the Secure Data Access design doc.

Service-level authorization is the initial authorization mechanism to ensure clients (or servers) connecting to the Flink cluster are authorized to do so. The purpose is to prevent a cluster from being used by an unauthorized user, whether to execute jobs, disrupt cluster functionality, or gain access to secrets stored within the cluster.

Implement service-level authorization as described in the design doc.

Introduce a shared secret cookie
Enable Akka security cookie
Implement data transfer authentication
Secure the web dashboard

Attachments

Issue Links

incorporates

FLINK-4919 Add secure cookie support for the cluster deployed in Mesos environment

Closed

relates to

FLINK-4635 Implement Data Transfer Authentication using shared secret configuration

Closed

FLINK-4637 Address Yarn proxy incompatibility with Flink Web UI when service level authorization is enabled

Closed

links to

GitHub Pull Request #2425

Sub-Tasks

1.	Implement Data Transfer Authentication using shared secret configuration		Closed	Unassigned
2.	Add secure cookie support for the cluster deployed in Mesos environment		Closed	Vijay Srinivasaraghavan

Activity

People

Assignee:: Vijay Srinivasaraghavan

Reporter:: Eron Wright

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 18/May/16 20:41

Updated:: 28/Feb/19 11:31

Resolved:: 30/Jul/18 17:02

Time Tracking

Estimated:

672h

Remaining:

672h

Logged:

Not Specified

Include sub-tasks