[jira] [Commented] (FLINK-3931) Implement Transport Encryption (SSL/TLS)

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/FLINK-3931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15555411#comment-15555411
 ] 

ASF GitHub Bot commented on FLINK-3931:
---------------------------------------

Github user skrishnappa commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2518#discussion_r82413936
  
    --- Diff: 
flink-runtime-web/src/main/java/org/apache/flink/runtime/webmonitor/files/StaticFileServerHandler.java
 ---
    @@ -304,8 +314,15 @@ private void respondAsLeader(ChannelHandlerContext 
ctx, HttpRequest request, Str
                ctx.write(response);
     
                // write the content.
    -           ctx.write(new DefaultFileRegion(raf.getChannel(), 0, 
fileLength), ctx.newProgressivePromise());
    -           ChannelFuture lastContentFuture = 
ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT);
    +           ChannelFuture lastContentFuture;
    +           if (ctx.pipeline().get(SslHandler.class) == null) {
    +                   ctx.write(new DefaultFileRegion(raf.getChannel(), 0, 
fileLength), ctx.newProgressivePromise());
    +                   lastContentFuture = 
ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT);
    +           } else {
    +                   lastContentFuture = ctx.writeAndFlush(new 
HttpChunkedInput(new ChunkedFile(raf, 0, fileLength, 8192)),
    +                           ctx.newProgressivePromise());
    +                   // HttpChunkedInput will write the end marker 
(LastHttpContent) for us.
    --- End diff --
    
    This is based on the Netty example code - 
https://netty.io/4.0/xref/io/netty/example/http/file/HttpStaticFileServerHandler.html
    
    The initial flink code somehow did not include these checks. Cannot do zero 
copy file transfer with SSL enabled and the existing stream handling code hangs 
without any data transfer. Hence had to introduce this.


> Implement Transport Encryption (SSL/TLS)
> ----------------------------------------
>
>                 Key: FLINK-3931
>                 URL: https://issues.apache.org/jira/browse/FLINK-3931
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Suresh Krishnappa
>              Labels: security
>   Original Estimate: 1,008h
>  Remaining Estimate: 1,008h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> To assure privacy and data integrity between Flink components, enable TLS for 
> all communication channels.  As described in the design doc:
> - Accept a configured certificate or generate a certificate.
> - Enable Akka SSL
> - Implement Data Transfer SSL
> - Implement Blob Server SSL
> - Implement Web UI HTTPS



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)