[GitHub] [flink] steveniemitz opened a new pull request, #21457: [FLINK-30309][runtime] Allow users to supply custom SslContexts

Mon, 05 Dec 2022 19:52:30 -0800 


steveniemitz opened a new pull request, #21457:
URL: https://github.com/apache/flink/pull/21457

   ## What is the purpose of the change
   
   This change allows users/operators to override the default SslContext 
configuration/creation with a custom implementation.  For more advanced TLS 
deployments, the built-in flink configuration may not be sufficient.  
   
   Additionally, a useful and intended side-effect of this is that SslContexts 
can be recreated if needed, rather than being only created once statically at 
startup.  This allows things like hot-reloading key material if it changes at 
runtime.
   
   
   ## Brief change log
   
     - Add `security.ssl.internal.ssl-context-supplier` and 
`security.ssl.rest.ssl-context-supplier` configuration settings for internal 
and REST communication respectively. If either are set to a valid class 
implementing `Supplier<SslContext>`, it will be used to provide SslContext 
instances when required.
     
   ## Verifying this change
   
   This change added tests and can be verified as follows:
   
     - Added tests to SSLUtils that tests internal/rest and client/server 
variations of the suppliers.
     - Manually verified the change on cluster with multiple JobManagers and 
TaskManagers.
   
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): no
     - The public API, i.e., is any changed class annotated with 
`@Public(Evolving)`: no
     - The serializers: no
     - The runtime per-record code paths (performance sensitive): no
     - Anything that affects deployment or recovery: JobManager (and its 
components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
     - The S3 file system connector: no
   
   ## Documentation
   
     - Does this pull request introduce a new feature? yes
     - If yes, how is the feature documented? docs
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to