Package org.apache.flink.configuration

Class SecurityOptions

  • @PublicEvolving
public class SecurityOptions
extends Object
    The set of configuration options relating to security.

    • Field Detail

      • SECURITY_CONTEXT_FACTORY_CLASSES

        public static final ConfigOption<List<String>> SECURITY_CONTEXT_FACTORY_CLASSES

      • SECURITY_MODULE_FACTORY_CLASSES

        public static final ConfigOption<List<String>> SECURITY_MODULE_FACTORY_CLASSES

      • KERBEROS_LOGIN_PRINCIPAL

        public static final ConfigOption<String> KERBEROS_LOGIN_PRINCIPAL

      • KERBEROS_LOGIN_USETICKETCACHE

        public static final ConfigOption<Boolean> KERBEROS_LOGIN_USETICKETCACHE

      • KERBEROS_LOGIN_CONTEXTS

        public static final ConfigOption<String> KERBEROS_LOGIN_CONTEXTS

      • KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS

        public static final ConfigOption<List<String>> KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS

      • DELEGATION_TOKENS_ENABLED

        public static final ConfigOption<Boolean> DELEGATION_TOKENS_ENABLED

      • DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF

        public static final ConfigOption<Duration> DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF

      • DELEGATION_TOKENS_RENEWAL_TIME_RATIO

        public static final ConfigOption<Double> DELEGATION_TOKENS_RENEWAL_TIME_RATIO

      • DELEGATION_TOKEN_PROVIDER_ENABLED

        public static final ConfigOption<Boolean> DELEGATION_TOKEN_PROVIDER_ENABLED

      • ZOOKEEPER_SASL_SERVICE_NAME

        public static final ConfigOption<String> ZOOKEEPER_SASL_SERVICE_NAME

      • ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME

        public static final ConfigOption<String> ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME

      • SSL_INTERNAL_ENABLED

        public static final ConfigOption<Boolean> SSL_INTERNAL_ENABLED
        Enable SSL for internal communication (pekko rpc, netty data transport, blob server).

      • SSL_REST_ENABLED

        public static final ConfigOption<Boolean> SSL_REST_ENABLED
        Enable SSL for external REST endpoints.

      • SSL_REST_AUTHENTICATION_ENABLED

        public static final ConfigOption<Boolean> SSL_REST_AUTHENTICATION_ENABLED
        Enable mututal SSL authentication for external REST endpoints.

      • SSL_KEYSTORE

        public static final ConfigOption<String> SSL_KEYSTORE
        The Java keystore file containing the flink endpoint key and certificate.

      • SSL_KEYSTORE_PASSWORD

        public static final ConfigOption<String> SSL_KEYSTORE_PASSWORD
        Secret to decrypt the keystore file.

      • SSL_KEY_PASSWORD

        public static final ConfigOption<String> SSL_KEY_PASSWORD
        Secret to decrypt the server key.

      • SSL_TRUSTSTORE

        public static final ConfigOption<String> SSL_TRUSTSTORE
        The truststore file containing the public CA certificates to verify the ssl peers.

      • SSL_TRUSTSTORE_PASSWORD

        public static final ConfigOption<String> SSL_TRUSTSTORE_PASSWORD
        Secret to decrypt the truststore.

      • SSL_INTERNAL_KEYSTORE

        public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE
        For internal SSL, the Java keystore file containing the private key and certificate.

      • SSL_INTERNAL_KEYSTORE_PASSWORD

        public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE_PASSWORD
        For internal SSL, the password to decrypt the keystore file containing the certificate.

      • SSL_INTERNAL_KEY_PASSWORD

        public static final ConfigOption<String> SSL_INTERNAL_KEY_PASSWORD
        For internal SSL, the password to decrypt the private key.

      • SSL_INTERNAL_KEYSTORE_TYPE

        public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE_TYPE
        For internal SSL, the type of the keystore.

      • SSL_INTERNAL_TRUSTSTORE

        public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE
        For internal SSL, the truststore file containing the public CA certificates to verify the ssl peers.

      • SSL_INTERNAL_TRUSTSTORE_PASSWORD

        public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE_PASSWORD
        For internal SSL, the secret to decrypt the truststore.

      • SSL_INTERNAL_TRUSTSTORE_TYPE

        public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE_TYPE
        For internal SSL, the type of the truststore.

      • SSL_INTERNAL_CERT_FINGERPRINT

        public static final ConfigOption<String> SSL_INTERNAL_CERT_FINGERPRINT
        For internal SSL, the sha1 fingerprint of the internal certificate to verify the client.

      • SSL_REST_KEYSTORE

        public static final ConfigOption<String> SSL_REST_KEYSTORE
        For external (REST) SSL, the Java keystore file containing the private key and certificate.

      • SSL_REST_KEYSTORE_PASSWORD

        public static final ConfigOption<String> SSL_REST_KEYSTORE_PASSWORD
        For external (REST) SSL, the password to decrypt the keystore file containing the certificate.

      • SSL_REST_KEY_PASSWORD

        public static final ConfigOption<String> SSL_REST_KEY_PASSWORD
        For external (REST) SSL, the password to decrypt the private key.

      • SSL_REST_KEYSTORE_TYPE

        public static final ConfigOption<String> SSL_REST_KEYSTORE_TYPE
        For external (REST) SSL, the type of the keystore.

      • SSL_REST_TRUSTSTORE

        public static final ConfigOption<String> SSL_REST_TRUSTSTORE
        For external (REST) SSL, the truststore file containing the public CA certificates to verify the ssl peers.

      • SSL_REST_TRUSTSTORE_PASSWORD

        public static final ConfigOption<String> SSL_REST_TRUSTSTORE_PASSWORD
        For external (REST) SSL, the secret to decrypt the truststore.

      • SSL_REST_TRUSTSTORE_TYPE

        public static final ConfigOption<String> SSL_REST_TRUSTSTORE_TYPE
        For external (REST) SSL, the type of the truststore.

      • SSL_REST_CERT_FINGERPRINT

        public static final ConfigOption<String> SSL_REST_CERT_FINGERPRINT
        For external (REST) SSL, the sha1 fingerprint of the rest client certificate to verify.

      • SSL_PROTOCOL

        public static final ConfigOption<String> SSL_PROTOCOL
        SSL protocol version to be supported.

      • SSL_ALGORITHMS

        public static final ConfigOption<String> SSL_ALGORITHMS
        The standard SSL algorithms to be supported.

        More options here - http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites

      • SSL_VERIFY_HOSTNAME

        public static final ConfigOption<Boolean> SSL_VERIFY_HOSTNAME
        Flag to enable/disable hostname verification for the ssl connections.

      • SSL_PROVIDER

        public static final ConfigOption<String> SSL_PROVIDER
        SSL engine provider.

      • SSL_INTERNAL_SESSION_CACHE_SIZE

        public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_CACHE_SIZE
        SSL session cache size.

      • SSL_INTERNAL_SESSION_TIMEOUT

        public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_TIMEOUT
        SSL session timeout.

      • SSL_INTERNAL_HANDSHAKE_TIMEOUT

        public static final ConfigOption<Integer> SSL_INTERNAL_HANDSHAKE_TIMEOUT
        SSL session timeout during handshakes.

      • SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT

        public static final ConfigOption<Integer> SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT
        SSL session timeout after flushing the close_notify message.

    • Constructor Detail

      • SecurityOptions

        public SecurityOptions()

    • Method Detail

      • forProvider

        @Experimental
public static Configuration forProvider​(Configuration configuration,
                                        String providerName)
        Returns a view over the given configuration via which options can be set/retrieved for the given provider. 
             Configuration config = ...
     SecurityOptions.forProvider(config, "my_provider")
         .set(SecurityOptions.DELEGATION_TOKEN_PROVIDER_ENABLED, false)
         ...
        Parameters:
        configuration - backing configuration
        providerName - provider name
        Returns:
        view over configuration

      • isInternalSSLEnabled

        public static boolean isInternalSSLEnabled​(Configuration sslConfig)
        Checks whether SSL for internal communication (rpc, data transport, blob server) is enabled.

      • isRestSSLEnabled

        public static boolean isRestSSLEnabled​(Configuration sslConfig)
        Checks whether SSL for the external REST endpoint is enabled.

      • isRestSSLAuthenticationEnabled

        public static boolean isRestSSLAuthenticationEnabled​(Configuration sslConfig)
        Checks whether mutual SSL authentication for the external REST endpoint is enabled.