flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Metzger <rmetz...@apache.org>
Subject Re: Using secure cluster resources without authentication
Date Thu, 05 May 2016 11:18:32 GMT
Hi Stefano,

what exactly do you mean by a secure cluster?
A Flink on YARN session in a secured YARN cluster?
A standalone Flink cluster with access to a secured HDFS?

Your observation is right. We are not check if a job submitted by any user
is running in the same security context as the Flink cluster.

On Thu, May 5, 2016 at 11:57 AM, Stefano Baghino <
stefano.baghino@radicalbit.io> wrote:

> Hello everybody,
> last week I've run some tests on a secure cluster and I noticed that an
> unauthenticated user can submit a Flink job that will only eventually fail
> if the job tries to access secured resources (e.g. HDFS). This doesn't
> prevent however the user to consume resources of the secure cluster without
> authentication (I tried it with the WordCount example).
> I'd say this is a bug; is there a reason for this? If you share my feeling
> on this, I pinpointed the code that's responsible for this and the fix
> seems trivial, I can open an issue and a PR today. Thanks!
> --
> BR,
> Stefano Baghino
> Software Engineer @ Radicalbit

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message