[
https://issues.apache.org/jira/browse/SPARK-26239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16715270#comment-16715270
]
ASF GitHub Bot commented on SPARK-26239:
----------------------------------------
vanzin commented on a change in pull request #23252: [SPARK-26239] File-based
secret key loading for SASL.
URL: https://github.com/apache/spark/pull/23252#discussion_r240320071
##########
File path: core/src/test/scala/org/apache/spark/SecurityManagerSuite.scala
##########
@@ -395,9 +397,54 @@ class SecurityManagerSuite extends SparkFunSuite with
ResetSystemProperties {
assert(keyFromEnv === new SecurityManager(conf2).getSecretKey())
}
+ test("Use executor-specific secret file configuration.") {
+ val secretFileFromDriver = createTempSecretFile("driver-secret")
+ val secretFileFromExecutor = createTempSecretFile("executor-secret")
+ val conf = new SparkConf()
+ .setMaster("k8s://127.0.0.1")
+ .set(AUTH_SECRET_FILE_DRIVER, Some(secretFileFromDriver.getAbsolutePath))
+ .set(AUTH_SECRET_FILE_EXECUTOR,
Some(secretFileFromExecutor.getAbsolutePath))
+ .set(SecurityManager.SPARK_AUTH_CONF, "true")
+ val mgr = new SecurityManager(conf, authSecretFileConf =
AUTH_SECRET_FILE_EXECUTOR)
+ assert(encodeFileAsBase64(secretFileFromExecutor) === mgr.getSecretKey())
+ }
+
+ test("Files must be loaded on both the driver and executor and not only one
of the two.") {
Review comment:
"secret file must be defined in both driver and executor". Shorter and
clearer.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Add configurable auth secret source in k8s backend
> --------------------------------------------------
>
> Key: SPARK-26239
> URL: https://issues.apache.org/jira/browse/SPARK-26239
> Project: Spark
> Issue Type: New Feature
> Components: Kubernetes
> Affects Versions: 3.0.0
> Reporter: Marcelo Vanzin
> Priority: Major
>
> This is a follow up to SPARK-26194, which aims to add auto-generated secrets
> similar to the YARN backend.
> There's a desire to support different ways to generate and propagate these
> auth secrets (e.g. using things like Vault). Need to investigate:
> - exposing configuration to support that
> - changing SecurityManager so that it can delegate some of the
> secret-handling logic to custom implementations
> - figuring out whether this can also be used in client-mode, where the driver
> is not created by the k8s backend in Spark.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
