spark-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vanzin <...@git.apache.org>
Subject [GitHub] spark pull request #19631: [SPARK-22372][core, yarn] Make cluster submission...
Date Thu, 30 Nov 2017 22:20:55 GMT
Github user vanzin commented on a diff in the pull request:

    https://github.com/apache/spark/pull/19631#discussion_r154218810
  
    --- Diff: core/src/main/scala/org/apache/spark/SecurityManager.scala ---
    @@ -542,7 +496,54 @@ private[spark] class SecurityManager(
        * Gets the secret key.
        * @return the secret key as a String if authentication is enabled, otherwise returns
null
        */
    -  def getSecretKey(): String = secretKey
    +  def getSecretKey(): String = {
    +    if (isAuthenticationEnabled) {
    +      Option(sparkConf.getenv(ENV_AUTH_SECRET))
    --- End diff --
    
    I can add a different, internal config for this is re-using `SPARK_AUTH_SECRET_CONF` is
confusing. But I'm not too concerned about exposing this to the user code running the application;
they can just as easily get that info from the UGI currently. Spark already redacts this kind
of information when writing it to things like the event log, which would be one place where
it might leak out.


---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org


Mime
View raw message