Package org.apache.flink.configuration
Class SecurityOptions
- java.lang.Object
-
- org.apache.flink.configuration.SecurityOptions
-
@PublicEvolving public class SecurityOptions extends Object
The set of configuration options relating to security.
-
-
Field Summary
Fields Modifier and Type Field Description static ConfigOption<Boolean>
DELEGATION_TOKEN_PROVIDER_ENABLED
static String
DELEGATION_TOKEN_PROVIDER_PREFIX
static ConfigOption<Boolean>
DELEGATION_TOKENS_ENABLED
static ConfigOption<Duration>
DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF
static ConfigOption<Double>
DELEGATION_TOKENS_RENEWAL_TIME_RATIO
static ConfigOption<List<String>>
KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS
static ConfigOption<String>
KERBEROS_KRB5_PATH
static ConfigOption<String>
KERBEROS_LOGIN_CONTEXTS
static ConfigOption<String>
KERBEROS_LOGIN_KEYTAB
static ConfigOption<String>
KERBEROS_LOGIN_PRINCIPAL
static ConfigOption<Boolean>
KERBEROS_LOGIN_USETICKETCACHE
static ConfigOption<Duration>
KERBEROS_RELOGIN_PERIOD
static ConfigOption<List<String>>
SECURITY_CONTEXT_FACTORY_CLASSES
static ConfigOption<List<String>>
SECURITY_MODULE_FACTORY_CLASSES
static ConfigOption<String>
SSL_ALGORITHMS
The standard SSL algorithms to be supported.static ConfigOption<String>
SSL_INTERNAL_CERT_FINGERPRINT
For internal SSL, the sha1 fingerprint of the internal certificate to verify the client.static ConfigOption<Integer>
SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT
SSL session timeout after flushing the close_notify message.static ConfigOption<Boolean>
SSL_INTERNAL_ENABLED
Enable SSL for internal communication (pekko rpc, netty data transport, blob server).static ConfigOption<Integer>
SSL_INTERNAL_HANDSHAKE_TIMEOUT
SSL session timeout during handshakes.static ConfigOption<String>
SSL_INTERNAL_KEY_PASSWORD
For internal SSL, the password to decrypt the private key.static ConfigOption<String>
SSL_INTERNAL_KEYSTORE
For internal SSL, the Java keystore file containing the private key and certificate.static ConfigOption<String>
SSL_INTERNAL_KEYSTORE_PASSWORD
For internal SSL, the password to decrypt the keystore file containing the certificate.static ConfigOption<String>
SSL_INTERNAL_KEYSTORE_TYPE
For internal SSL, the type of the keystore.static ConfigOption<Integer>
SSL_INTERNAL_SESSION_CACHE_SIZE
SSL session cache size.static ConfigOption<Integer>
SSL_INTERNAL_SESSION_TIMEOUT
SSL session timeout.static ConfigOption<String>
SSL_INTERNAL_TRUSTSTORE
For internal SSL, the truststore file containing the public CA certificates to verify the ssl peers.static ConfigOption<String>
SSL_INTERNAL_TRUSTSTORE_PASSWORD
For internal SSL, the secret to decrypt the truststore.static ConfigOption<String>
SSL_INTERNAL_TRUSTSTORE_TYPE
For internal SSL, the type of the truststore.static ConfigOption<String>
SSL_KEY_PASSWORD
Secret to decrypt the server key.static ConfigOption<String>
SSL_KEYSTORE
The Java keystore file containing the flink endpoint key and certificate.static ConfigOption<String>
SSL_KEYSTORE_PASSWORD
Secret to decrypt the keystore file.static ConfigOption<String>
SSL_PROTOCOL
SSL protocol version to be supported.static ConfigOption<String>
SSL_PROVIDER
SSL engine provider.static ConfigOption<Boolean>
SSL_REST_AUTHENTICATION_ENABLED
Enable mututal SSL authentication for external REST endpoints.static ConfigOption<String>
SSL_REST_CERT_FINGERPRINT
For external (REST) SSL, the sha1 fingerprint of the rest client certificate to verify.static ConfigOption<Boolean>
SSL_REST_ENABLED
Enable SSL for external REST endpoints.static ConfigOption<String>
SSL_REST_KEY_PASSWORD
For external (REST) SSL, the password to decrypt the private key.static ConfigOption<String>
SSL_REST_KEYSTORE
For external (REST) SSL, the Java keystore file containing the private key and certificate.static ConfigOption<String>
SSL_REST_KEYSTORE_PASSWORD
For external (REST) SSL, the password to decrypt the keystore file containing the certificate.static ConfigOption<String>
SSL_REST_KEYSTORE_TYPE
For external (REST) SSL, the type of the keystore.static ConfigOption<String>
SSL_REST_TRUSTSTORE
For external (REST) SSL, the truststore file containing the public CA certificates to verify the ssl peers.static ConfigOption<String>
SSL_REST_TRUSTSTORE_PASSWORD
For external (REST) SSL, the secret to decrypt the truststore.static ConfigOption<String>
SSL_REST_TRUSTSTORE_TYPE
For external (REST) SSL, the type of the truststore.static ConfigOption<String>
SSL_TRUSTSTORE
The truststore file containing the public CA certificates to verify the ssl peers.static ConfigOption<String>
SSL_TRUSTSTORE_PASSWORD
Secret to decrypt the truststore.static ConfigOption<Boolean>
SSL_VERIFY_HOSTNAME
Flag to enable/disable hostname verification for the ssl connections.static ConfigOption<Boolean>
ZOOKEEPER_SASL_DISABLE
static ConfigOption<String>
ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME
static ConfigOption<String>
ZOOKEEPER_SASL_SERVICE_NAME
-
Constructor Summary
Constructors Constructor Description SecurityOptions()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static Configuration
forProvider(Configuration configuration, String providerName)
Returns a view over the given configuration via which options can be set/retrieved for the given provider.static boolean
isInternalSSLEnabled(Configuration sslConfig)
Checks whether SSL for internal communication (rpc, data transport, blob server) is enabled.static boolean
isRestSSLAuthenticationEnabled(Configuration sslConfig)
Checks whether mutual SSL authentication for the external REST endpoint is enabled.static boolean
isRestSSLEnabled(Configuration sslConfig)
Checks whether SSL for the external REST endpoint is enabled.
-
-
-
Field Detail
-
DELEGATION_TOKEN_PROVIDER_PREFIX
public static final String DELEGATION_TOKEN_PROVIDER_PREFIX
- See Also:
- Constant Field Values
-
SECURITY_CONTEXT_FACTORY_CLASSES
public static final ConfigOption<List<String>> SECURITY_CONTEXT_FACTORY_CLASSES
-
SECURITY_MODULE_FACTORY_CLASSES
public static final ConfigOption<List<String>> SECURITY_MODULE_FACTORY_CLASSES
-
KERBEROS_LOGIN_PRINCIPAL
public static final ConfigOption<String> KERBEROS_LOGIN_PRINCIPAL
-
KERBEROS_LOGIN_KEYTAB
public static final ConfigOption<String> KERBEROS_LOGIN_KEYTAB
-
KERBEROS_KRB5_PATH
public static final ConfigOption<String> KERBEROS_KRB5_PATH
-
KERBEROS_LOGIN_USETICKETCACHE
public static final ConfigOption<Boolean> KERBEROS_LOGIN_USETICKETCACHE
-
KERBEROS_LOGIN_CONTEXTS
public static final ConfigOption<String> KERBEROS_LOGIN_CONTEXTS
-
KERBEROS_RELOGIN_PERIOD
public static final ConfigOption<Duration> KERBEROS_RELOGIN_PERIOD
-
KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS
public static final ConfigOption<List<String>> KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS
-
DELEGATION_TOKENS_ENABLED
public static final ConfigOption<Boolean> DELEGATION_TOKENS_ENABLED
-
DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF
public static final ConfigOption<Duration> DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF
-
DELEGATION_TOKENS_RENEWAL_TIME_RATIO
public static final ConfigOption<Double> DELEGATION_TOKENS_RENEWAL_TIME_RATIO
-
DELEGATION_TOKEN_PROVIDER_ENABLED
public static final ConfigOption<Boolean> DELEGATION_TOKEN_PROVIDER_ENABLED
-
ZOOKEEPER_SASL_DISABLE
public static final ConfigOption<Boolean> ZOOKEEPER_SASL_DISABLE
-
ZOOKEEPER_SASL_SERVICE_NAME
public static final ConfigOption<String> ZOOKEEPER_SASL_SERVICE_NAME
-
ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME
public static final ConfigOption<String> ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME
-
SSL_INTERNAL_ENABLED
public static final ConfigOption<Boolean> SSL_INTERNAL_ENABLED
Enable SSL for internal communication (pekko rpc, netty data transport, blob server).
-
SSL_REST_ENABLED
public static final ConfigOption<Boolean> SSL_REST_ENABLED
Enable SSL for external REST endpoints.
-
SSL_REST_AUTHENTICATION_ENABLED
public static final ConfigOption<Boolean> SSL_REST_AUTHENTICATION_ENABLED
Enable mututal SSL authentication for external REST endpoints.
-
SSL_KEYSTORE
public static final ConfigOption<String> SSL_KEYSTORE
The Java keystore file containing the flink endpoint key and certificate.
-
SSL_KEYSTORE_PASSWORD
public static final ConfigOption<String> SSL_KEYSTORE_PASSWORD
Secret to decrypt the keystore file.
-
SSL_KEY_PASSWORD
public static final ConfigOption<String> SSL_KEY_PASSWORD
Secret to decrypt the server key.
-
SSL_TRUSTSTORE
public static final ConfigOption<String> SSL_TRUSTSTORE
The truststore file containing the public CA certificates to verify the ssl peers.
-
SSL_TRUSTSTORE_PASSWORD
public static final ConfigOption<String> SSL_TRUSTSTORE_PASSWORD
Secret to decrypt the truststore.
-
SSL_INTERNAL_KEYSTORE
public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE
For internal SSL, the Java keystore file containing the private key and certificate.
-
SSL_INTERNAL_KEYSTORE_PASSWORD
public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE_PASSWORD
For internal SSL, the password to decrypt the keystore file containing the certificate.
-
SSL_INTERNAL_KEY_PASSWORD
public static final ConfigOption<String> SSL_INTERNAL_KEY_PASSWORD
For internal SSL, the password to decrypt the private key.
-
SSL_INTERNAL_KEYSTORE_TYPE
public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE_TYPE
For internal SSL, the type of the keystore.
-
SSL_INTERNAL_TRUSTSTORE
public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE
For internal SSL, the truststore file containing the public CA certificates to verify the ssl peers.
-
SSL_INTERNAL_TRUSTSTORE_PASSWORD
public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE_PASSWORD
For internal SSL, the secret to decrypt the truststore.
-
SSL_INTERNAL_TRUSTSTORE_TYPE
public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE_TYPE
For internal SSL, the type of the truststore.
-
SSL_INTERNAL_CERT_FINGERPRINT
public static final ConfigOption<String> SSL_INTERNAL_CERT_FINGERPRINT
For internal SSL, the sha1 fingerprint of the internal certificate to verify the client.
-
SSL_REST_KEYSTORE
public static final ConfigOption<String> SSL_REST_KEYSTORE
For external (REST) SSL, the Java keystore file containing the private key and certificate.
-
SSL_REST_KEYSTORE_PASSWORD
public static final ConfigOption<String> SSL_REST_KEYSTORE_PASSWORD
For external (REST) SSL, the password to decrypt the keystore file containing the certificate.
-
SSL_REST_KEY_PASSWORD
public static final ConfigOption<String> SSL_REST_KEY_PASSWORD
For external (REST) SSL, the password to decrypt the private key.
-
SSL_REST_KEYSTORE_TYPE
public static final ConfigOption<String> SSL_REST_KEYSTORE_TYPE
For external (REST) SSL, the type of the keystore.
-
SSL_REST_TRUSTSTORE
public static final ConfigOption<String> SSL_REST_TRUSTSTORE
For external (REST) SSL, the truststore file containing the public CA certificates to verify the ssl peers.
-
SSL_REST_TRUSTSTORE_PASSWORD
public static final ConfigOption<String> SSL_REST_TRUSTSTORE_PASSWORD
For external (REST) SSL, the secret to decrypt the truststore.
-
SSL_REST_TRUSTSTORE_TYPE
public static final ConfigOption<String> SSL_REST_TRUSTSTORE_TYPE
For external (REST) SSL, the type of the truststore.
-
SSL_REST_CERT_FINGERPRINT
public static final ConfigOption<String> SSL_REST_CERT_FINGERPRINT
For external (REST) SSL, the sha1 fingerprint of the rest client certificate to verify.
-
SSL_PROTOCOL
public static final ConfigOption<String> SSL_PROTOCOL
SSL protocol version to be supported.
-
SSL_ALGORITHMS
public static final ConfigOption<String> SSL_ALGORITHMS
The standard SSL algorithms to be supported.More options here - http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
-
SSL_VERIFY_HOSTNAME
public static final ConfigOption<Boolean> SSL_VERIFY_HOSTNAME
Flag to enable/disable hostname verification for the ssl connections.
-
SSL_PROVIDER
public static final ConfigOption<String> SSL_PROVIDER
SSL engine provider.
-
SSL_INTERNAL_SESSION_CACHE_SIZE
public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_CACHE_SIZE
SSL session cache size.
-
SSL_INTERNAL_SESSION_TIMEOUT
public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_TIMEOUT
SSL session timeout.
-
SSL_INTERNAL_HANDSHAKE_TIMEOUT
public static final ConfigOption<Integer> SSL_INTERNAL_HANDSHAKE_TIMEOUT
SSL session timeout during handshakes.
-
SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT
public static final ConfigOption<Integer> SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT
SSL session timeout after flushing the close_notify message.
-
-
Method Detail
-
forProvider
@Experimental public static Configuration forProvider(Configuration configuration, String providerName)
Returns a view over the given configuration via which options can be set/retrieved for the given provider.Configuration config = ... SecurityOptions.forProvider(config, "my_provider") .set(SecurityOptions.DELEGATION_TOKEN_PROVIDER_ENABLED, false) ...
- Parameters:
configuration
- backing configurationproviderName
- provider name- Returns:
- view over configuration
-
isInternalSSLEnabled
public static boolean isInternalSSLEnabled(Configuration sslConfig)
Checks whether SSL for internal communication (rpc, data transport, blob server) is enabled.
-
isRestSSLEnabled
public static boolean isRestSSLEnabled(Configuration sslConfig)
Checks whether SSL for the external REST endpoint is enabled.
-
isRestSSLAuthenticationEnabled
public static boolean isRestSSLAuthenticationEnabled(Configuration sslConfig)
Checks whether mutual SSL authentication for the external REST endpoint is enabled.
-
-