public class SecurityOptions extends Object
Modifier and Type | Field and Description |
---|---|
static ConfigOption<Boolean> |
DELEGATION_TOKEN_PROVIDER_ENABLED |
static String |
DELEGATION_TOKEN_PROVIDER_PREFIX |
static ConfigOption<Boolean> |
DELEGATION_TOKENS_ENABLED |
static ConfigOption<Duration> |
DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF |
static ConfigOption<Double> |
DELEGATION_TOKENS_RENEWAL_TIME_RATIO |
static ConfigOption<Boolean> |
KERBEROS_FETCH_DELEGATION_TOKEN
Deprecated.
|
static ConfigOption<List<String>> |
KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS |
static ConfigOption<String> |
KERBEROS_KRB5_PATH |
static ConfigOption<String> |
KERBEROS_LOGIN_CONTEXTS |
static ConfigOption<String> |
KERBEROS_LOGIN_KEYTAB |
static ConfigOption<String> |
KERBEROS_LOGIN_PRINCIPAL |
static ConfigOption<Boolean> |
KERBEROS_LOGIN_USETICKETCACHE |
static ConfigOption<Duration> |
KERBEROS_RELOGIN_PERIOD |
static ConfigOption<Duration> |
KERBEROS_TOKENS_RENEWAL_RETRY_BACKOFF
Deprecated.
|
static ConfigOption<Double> |
KERBEROS_TOKENS_RENEWAL_TIME_RATIO
Deprecated.
|
static ConfigOption<List<String>> |
SECURITY_CONTEXT_FACTORY_CLASSES |
static ConfigOption<List<String>> |
SECURITY_MODULE_FACTORY_CLASSES |
static ConfigOption<String> |
SSL_ALGORITHMS
The standard SSL algorithms to be supported.
|
static ConfigOption<Boolean> |
SSL_ENABLED
Deprecated.
Use
SSL_INTERNAL_ENABLED and SSL_REST_ENABLED instead. |
static ConfigOption<String> |
SSL_INTERNAL_CERT_FINGERPRINT
For internal SSL, the sha1 fingerprint of the internal certificate to verify the client.
|
static ConfigOption<Integer> |
SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT
SSL session timeout after flushing the close_notify message.
|
static ConfigOption<Boolean> |
SSL_INTERNAL_ENABLED
Enable SSL for internal communication (pekko rpc, netty data transport, blob server).
|
static ConfigOption<Integer> |
SSL_INTERNAL_HANDSHAKE_TIMEOUT
SSL session timeout during handshakes.
|
static ConfigOption<String> |
SSL_INTERNAL_KEY_PASSWORD
For internal SSL, the password to decrypt the private key.
|
static ConfigOption<String> |
SSL_INTERNAL_KEYSTORE
For internal SSL, the Java keystore file containing the private key and certificate.
|
static ConfigOption<String> |
SSL_INTERNAL_KEYSTORE_PASSWORD
For internal SSL, the password to decrypt the keystore file containing the certificate.
|
static ConfigOption<Integer> |
SSL_INTERNAL_SESSION_CACHE_SIZE
SSL session cache size.
|
static ConfigOption<Integer> |
SSL_INTERNAL_SESSION_TIMEOUT
SSL session timeout.
|
static ConfigOption<String> |
SSL_INTERNAL_TRUSTSTORE
For internal SSL, the truststore file containing the public CA certificates to verify the ssl
peers.
|
static ConfigOption<String> |
SSL_INTERNAL_TRUSTSTORE_PASSWORD
For internal SSL, the secret to decrypt the truststore.
|
static ConfigOption<String> |
SSL_KEY_PASSWORD
Secret to decrypt the server key.
|
static ConfigOption<String> |
SSL_KEYSTORE
The Java keystore file containing the flink endpoint key and certificate.
|
static ConfigOption<String> |
SSL_KEYSTORE_PASSWORD
Secret to decrypt the keystore file.
|
static ConfigOption<String> |
SSL_PROTOCOL
SSL protocol version to be supported.
|
static ConfigOption<String> |
SSL_PROVIDER
SSL engine provider.
|
static ConfigOption<Boolean> |
SSL_REST_AUTHENTICATION_ENABLED
Enable mututal SSL authentication for external REST endpoints.
|
static ConfigOption<String> |
SSL_REST_CERT_FINGERPRINT
For external (REST) SSL, the sha1 fingerprint of the rest client certificate to verify.
|
static ConfigOption<Boolean> |
SSL_REST_ENABLED
Enable SSL for external REST endpoints.
|
static ConfigOption<String> |
SSL_REST_KEY_PASSWORD
For external (REST) SSL, the password to decrypt the private key.
|
static ConfigOption<String> |
SSL_REST_KEYSTORE
For external (REST) SSL, the Java keystore file containing the private key and certificate.
|
static ConfigOption<String> |
SSL_REST_KEYSTORE_PASSWORD
For external (REST) SSL, the password to decrypt the keystore file containing the
certificate.
|
static ConfigOption<String> |
SSL_REST_TRUSTSTORE
For external (REST) SSL, the truststore file containing the public CA certificates to verify
the ssl peers.
|
static ConfigOption<String> |
SSL_REST_TRUSTSTORE_PASSWORD
For external (REST) SSL, the secret to decrypt the truststore.
|
static ConfigOption<String> |
SSL_TRUSTSTORE
The truststore file containing the public CA certificates to verify the ssl peers.
|
static ConfigOption<String> |
SSL_TRUSTSTORE_PASSWORD
Secret to decrypt the truststore.
|
static ConfigOption<Boolean> |
SSL_VERIFY_HOSTNAME
Flag to enable/disable hostname verification for the ssl connections.
|
static ConfigOption<Boolean> |
ZOOKEEPER_SASL_DISABLE |
static ConfigOption<String> |
ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME |
static ConfigOption<String> |
ZOOKEEPER_SASL_SERVICE_NAME |
Constructor and Description |
---|
SecurityOptions() |
Modifier and Type | Method and Description |
---|---|
static Configuration |
forProvider(Configuration configuration,
String providerName)
Returns a view over the given configuration via which options can be set/retrieved for the
given provider.
|
static boolean |
isInternalSSLEnabled(Configuration sslConfig)
Checks whether SSL for internal communication (rpc, data transport, blob server) is enabled.
|
static boolean |
isRestSSLAuthenticationEnabled(Configuration sslConfig)
Checks whether mutual SSL authentication for the external REST endpoint is enabled.
|
static boolean |
isRestSSLEnabled(Configuration sslConfig)
Checks whether SSL for the external REST endpoint is enabled.
|
public static final String DELEGATION_TOKEN_PROVIDER_PREFIX
public static final ConfigOption<List<String>> SECURITY_CONTEXT_FACTORY_CLASSES
public static final ConfigOption<List<String>> SECURITY_MODULE_FACTORY_CLASSES
public static final ConfigOption<String> KERBEROS_LOGIN_PRINCIPAL
public static final ConfigOption<String> KERBEROS_LOGIN_KEYTAB
public static final ConfigOption<String> KERBEROS_KRB5_PATH
public static final ConfigOption<Boolean> KERBEROS_LOGIN_USETICKETCACHE
public static final ConfigOption<String> KERBEROS_LOGIN_CONTEXTS
@Deprecated public static final ConfigOption<Boolean> KERBEROS_FETCH_DELEGATION_TOKEN
DELEGATION_TOKENS_ENABLED
.public static final ConfigOption<Duration> KERBEROS_RELOGIN_PERIOD
@Deprecated public static final ConfigOption<Duration> KERBEROS_TOKENS_RENEWAL_RETRY_BACKOFF
DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF
.@Deprecated public static final ConfigOption<Double> KERBEROS_TOKENS_RENEWAL_TIME_RATIO
DELEGATION_TOKENS_RENEWAL_TIME_RATIO
.public static final ConfigOption<List<String>> KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS
public static final ConfigOption<Boolean> DELEGATION_TOKENS_ENABLED
public static final ConfigOption<Duration> DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF
public static final ConfigOption<Double> DELEGATION_TOKENS_RENEWAL_TIME_RATIO
public static final ConfigOption<Boolean> DELEGATION_TOKEN_PROVIDER_ENABLED
public static final ConfigOption<Boolean> ZOOKEEPER_SASL_DISABLE
public static final ConfigOption<String> ZOOKEEPER_SASL_SERVICE_NAME
public static final ConfigOption<String> ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME
@Deprecated public static final ConfigOption<Boolean> SSL_ENABLED
SSL_INTERNAL_ENABLED
and SSL_REST_ENABLED
instead.public static final ConfigOption<Boolean> SSL_INTERNAL_ENABLED
public static final ConfigOption<Boolean> SSL_REST_ENABLED
public static final ConfigOption<Boolean> SSL_REST_AUTHENTICATION_ENABLED
public static final ConfigOption<String> SSL_KEYSTORE
public static final ConfigOption<String> SSL_KEYSTORE_PASSWORD
public static final ConfigOption<String> SSL_KEY_PASSWORD
public static final ConfigOption<String> SSL_TRUSTSTORE
public static final ConfigOption<String> SSL_TRUSTSTORE_PASSWORD
public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE
public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE_PASSWORD
public static final ConfigOption<String> SSL_INTERNAL_KEY_PASSWORD
public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE
public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE_PASSWORD
public static final ConfigOption<String> SSL_INTERNAL_CERT_FINGERPRINT
public static final ConfigOption<String> SSL_REST_KEYSTORE
public static final ConfigOption<String> SSL_REST_KEYSTORE_PASSWORD
public static final ConfigOption<String> SSL_REST_KEY_PASSWORD
public static final ConfigOption<String> SSL_REST_TRUSTSTORE
public static final ConfigOption<String> SSL_REST_TRUSTSTORE_PASSWORD
public static final ConfigOption<String> SSL_REST_CERT_FINGERPRINT
public static final ConfigOption<String> SSL_PROTOCOL
public static final ConfigOption<String> SSL_ALGORITHMS
More options here - http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
public static final ConfigOption<Boolean> SSL_VERIFY_HOSTNAME
public static final ConfigOption<String> SSL_PROVIDER
public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_CACHE_SIZE
public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_TIMEOUT
public static final ConfigOption<Integer> SSL_INTERNAL_HANDSHAKE_TIMEOUT
public static final ConfigOption<Integer> SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT
@Experimental public static Configuration forProvider(Configuration configuration, String providerName)
Configuration config = ... SecurityOptions.forProvider(config, "my_provider") .set(SecurityOptions.DELEGATION_TOKEN_PROVIDER_ENABLED, false) ...
configuration
- backing configurationproviderName
- provider namepublic static boolean isInternalSSLEnabled(Configuration sslConfig)
public static boolean isRestSSLEnabled(Configuration sslConfig)
public static boolean isRestSSLAuthenticationEnabled(Configuration sslConfig)
Copyright © 2014–2024 The Apache Software Foundation. All rights reserved.