Github user ArtRand commented on a diff in the pull request: https://github.com/apache/spark/pull/20167#discussion_r161385124 --- Diff: resource-managers/mesos/src/main/scala/org/apache/spark/scheduler/cluster/mesos/MesosSchedulerUtils.scala --- @@ -80,10 +80,27 @@ trait MesosSchedulerUtils extends Logging { } fwInfoBuilder.setHostname(Option(conf.getenv("SPARK_PUBLIC_DNS")).getOrElse( conf.get(DRIVER_HOST_ADDRESS))) + conf.getOption("spark.mesos.principal.file") + .orElse(Option(conf.getenv("SPARK_MESOS_PRINCIPAL_FILE")) + .foreach { principalFile => + val file = io.Source.fromFile(principalFile) + val principal = file.getLines.next() + file.close + fwInfoBuilder.setPrincipal(principal) + credBuilder.setPrincipal(principal) + } conf.getOption("spark.mesos.principal").foreach { principal => fwInfoBuilder.setPrincipal(principal) credBuilder.setPrincipal(principal) } + conf.getOption("spark.mesos.secret.file") + .orElse(Option(conf.getenv("SPARK_MESOS_SECRET_FILE")) --- End diff -- Environment-variable secrets (even using the `secrets` primitive up to Mesos 1.4) will be available at `/proc/<pid>/environ` so file-based is better more secure. I'm tempted to say having an insecure _option_ is worse than having less flexibility.
--- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org