All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.flink.runtime.security.SecurityConfiguration Maven / Gradle / Ivy

There is a newer version: 1.13.6
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.flink.runtime.security;

import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.IllegalConfigurationException;
import org.apache.flink.configuration.SecurityOptions;

import org.apache.commons.lang3.StringUtils;

import java.io.File;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

import static org.apache.flink.configuration.SecurityOptions.SECURITY_CONTEXT_FACTORY_CLASSES;
import static org.apache.flink.configuration.SecurityOptions.SECURITY_MODULE_FACTORY_CLASSES;
import static org.apache.flink.util.Preconditions.checkNotNull;

/**
 * The global security configuration.
 *
 * 

See {@link SecurityOptions} for corresponding configuration options. */ public class SecurityConfiguration { private final List securityContextFactory; private final List securityModuleFactories; private final Configuration flinkConfig; private final boolean isZkSaslDisable; private final boolean useTicketCache; private final String keytab; private final String principal; private final List loginContextNames; private final String zkServiceName; private final String zkLoginContextName; /** * Create a security configuration from the global configuration. * * @param flinkConf the Flink global configuration. */ public SecurityConfiguration(Configuration flinkConf) { this( flinkConf, flinkConf.get(SECURITY_CONTEXT_FACTORY_CLASSES), flinkConf.get(SECURITY_MODULE_FACTORY_CLASSES)); } /** * Create a security configuration from the global configuration. * * @param flinkConf the Flink global configuration. * @param securityModuleFactories the security modules to apply. */ public SecurityConfiguration( Configuration flinkConf, List securityContextFactory, List securityModuleFactories) { this.isZkSaslDisable = flinkConf.getBoolean(SecurityOptions.ZOOKEEPER_SASL_DISABLE); this.keytab = flinkConf.getString(SecurityOptions.KERBEROS_LOGIN_KEYTAB); this.principal = flinkConf.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL); this.useTicketCache = flinkConf.getBoolean(SecurityOptions.KERBEROS_LOGIN_USETICKETCACHE); this.loginContextNames = parseList(flinkConf.getString(SecurityOptions.KERBEROS_LOGIN_CONTEXTS)); this.zkServiceName = flinkConf.getString(SecurityOptions.ZOOKEEPER_SASL_SERVICE_NAME); this.zkLoginContextName = flinkConf.getString(SecurityOptions.ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME); this.securityModuleFactories = Collections.unmodifiableList(securityModuleFactories); this.securityContextFactory = securityContextFactory; this.flinkConfig = checkNotNull(flinkConf); validate(); } public boolean isZkSaslDisable() { return isZkSaslDisable; } public String getKeytab() { return keytab; } public String getPrincipal() { return principal; } public boolean useTicketCache() { return useTicketCache; } public Configuration getFlinkConfig() { return flinkConfig; } public List getSecurityContextFactories() { return securityContextFactory; } public List getSecurityModuleFactories() { return securityModuleFactories; } public List getLoginContextNames() { return loginContextNames; } public String getZooKeeperServiceName() { return zkServiceName; } public String getZooKeeperLoginContextName() { return zkLoginContextName; } private void validate() { if (!StringUtils.isBlank(keytab)) { // principal is required if (StringUtils.isBlank(principal)) { throw new IllegalConfigurationException( "Kerberos login configuration is invalid: keytab requires a principal."); } // check the keytab is readable File keytabFile = new File(keytab); if (!keytabFile.exists() || !keytabFile.isFile()) { throw new IllegalConfigurationException( "Kerberos login configuration is invalid: keytab [" + keytab + "] doesn't exist!"); } else if (!keytabFile.canRead()) { throw new IllegalConfigurationException( "Kerberos login configuration is invalid: keytab [" + keytab + "] is unreadable!"); } } } private static List parseList(String value) { if (value == null || value.isEmpty()) { return Collections.emptyList(); } return Arrays.asList(value.trim().replaceAll("(\\s*,+\\s*)+", ",").split(",")); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy