[ https://issues.apache.org/jira/browse/BEAM-7190?focusedWorklogId=250628&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-250628 ]
ASF GitHub Bot logged work on BEAM-7190: ---------------------------------------- Author: ASF GitHub Bot Created on: 29/May/19 23:56 Start Date: 29/May/19 23:56 Worklog Time Spent: 10m Work Description: angoenka commented on issue #8597: [BEAM-7190] Enable file based token auth for samza portable runner URL: https://github.com/apache/beam/pull/8597#issuecomment-497149924 We are essentially creating a new header interceptor to validate the information in the header. We can make it modular by letting users specify the interceptor when starting job server. The jobserver can convey the interceptor class name to the Samza/Flink/Spark ExecutableStage function which will add the interceptor when creating the Channels. A similar option can be passed to SDK Harness to add an arbitrary grpc interceptor. To implement the use case of token based validation, Samza jobserver can simply instrument these options correctly. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 250628) Time Spent: 40m (was: 0.5h) > enable file system based token authentication for portable runner > ----------------------------------------------------------------- > > Key: BEAM-7190 > URL: https://issues.apache.org/jira/browse/BEAM-7190 > Project: Beam > Issue Type: Task > Components: runner-samza > Reporter: Hai Lu > Assignee: Hai Lu > Priority: Major > Time Spent: 40m > Remaining Estimate: 0h > > For Samza and potentially other portable runners, there is a need to secure > the communication between sdk worker and runner. Currently the SSL/TLS in > portability is half done. > However, after investigation we found that it's sufficient to just 1) use > loopback address 2) enforce authentication and that way the communication is > both authenticated and secured. > This ticket intends to track the implementation of the solution above. More > details can be found in the following PR. -- This message was sent by Atlassian JIRA (v7.6.3#76005)