flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-3931) Implement Transport Encryption (SSL/TLS)
Date Fri, 07 Oct 2016 15:38:21 GMT

    [ https://issues.apache.org/jira/browse/FLINK-3931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15555411#comment-15555411
] 

ASF GitHub Bot commented on FLINK-3931:
---------------------------------------

Github user skrishnappa commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2518#discussion_r82413936
  
    --- Diff: flink-runtime-web/src/main/java/org/apache/flink/runtime/webmonitor/files/StaticFileServerHandler.java
---
    @@ -304,8 +314,15 @@ private void respondAsLeader(ChannelHandlerContext ctx, HttpRequest
request, Str
     		ctx.write(response);
     
     		// write the content.
    -		ctx.write(new DefaultFileRegion(raf.getChannel(), 0, fileLength), ctx.newProgressivePromise());
    -		ChannelFuture lastContentFuture = ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT);
    +		ChannelFuture lastContentFuture;
    +		if (ctx.pipeline().get(SslHandler.class) == null) {
    +			ctx.write(new DefaultFileRegion(raf.getChannel(), 0, fileLength), ctx.newProgressivePromise());
    +			lastContentFuture = ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT);
    +		} else {
    +			lastContentFuture = ctx.writeAndFlush(new HttpChunkedInput(new ChunkedFile(raf, 0,
fileLength, 8192)),
    +				ctx.newProgressivePromise());
    +			// HttpChunkedInput will write the end marker (LastHttpContent) for us.
    --- End diff --
    
    This is based on the Netty example code - https://netty.io/4.0/xref/io/netty/example/http/file/HttpStaticFileServerHandler.html
    
    The initial flink code somehow did not include these checks. Cannot do zero copy file
transfer with SSL enabled and the existing stream handling code hangs without any data transfer.
Hence had to introduce this.


> Implement Transport Encryption (SSL/TLS)
> ----------------------------------------
>
>                 Key: FLINK-3931
>                 URL: https://issues.apache.org/jira/browse/FLINK-3931
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Suresh Krishnappa
>              Labels: security
>   Original Estimate: 1,008h
>  Remaining Estimate: 1,008h
>
> _This issue is part of a series of improvements detailed in the [Secure Data Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
design doc._
> To assure privacy and data integrity between Flink components, enable TLS for all communication
channels.  As described in the design doc:
> - Accept a configured certificate or generate a certificate.
> - Enable Akka SSL
> - Implement Data Transfer SSL
> - Implement Blob Server SSL
> - Implement Web UI HTTPS



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message