spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SPARK-26239) Add configurable auth secret source in k8s backend
Date Tue, 11 Dec 2018 21:50:00 GMT

    [ https://issues.apache.org/jira/browse/SPARK-26239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16718053#comment-16718053
] 

ASF GitHub Bot commented on SPARK-26239:
----------------------------------------

vanzin commented on a change in pull request #23252: [SPARK-26239] File-based secret key loading
for SASL.
URL: https://github.com/apache/spark/pull/23252#discussion_r240802787
 
 

 ##########
 File path: core/src/main/scala/org/apache/spark/SecurityManager.scala
 ##########
 @@ -367,11 +371,18 @@ private[spark] class SecurityManager(
 
       case _ =>
         require(sparkConf.contains(SPARK_AUTH_SECRET_CONF),
-          s"A secret key must be specified via the $SPARK_AUTH_SECRET_CONF config.")
+          s"A secret key must be specified via the $SPARK_AUTH_SECRET_CONF config")
 
 Review comment:
   Undo this change.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Add configurable auth secret source in k8s backend
> --------------------------------------------------
>
>                 Key: SPARK-26239
>                 URL: https://issues.apache.org/jira/browse/SPARK-26239
>             Project: Spark
>          Issue Type: New Feature
>          Components: Kubernetes
>    Affects Versions: 3.0.0
>            Reporter: Marcelo Vanzin
>            Priority: Major
>
> This is a follow up to SPARK-26194, which aims to add auto-generated secrets similar
to the YARN backend.
> There's a desire to support different ways to generate and propagate these auth secrets
(e.g. using things like Vault). Need to investigate:
> - exposing configuration to support that
> - changing SecurityManager so that it can delegate some of the secret-handling logic
to custom implementations
> - figuring out whether this can also be used in client-mode, where the driver is not
created by the k8s backend in Spark.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org


Mime
View raw message