[FLINK-29435][client] SecurityConfiguration supports dynamic configur…

…ation This closes apache#20910
BugsEverywhere · Oct 26, 2022 · a8c72cc · a8c72cc
1 parent 1c05344
commit a8c72cc
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/flink-clients/src/main/java/org/apache/flink/client/cli/CliFrontend.java b/flink-clients/src/main/java/org/apache/flink/client/cli/CliFrontend.java
@@ -1163,8 +1163,12 @@ public static void main(final String[] args) {
         int retCode = 31;
         try {
             final CliFrontend cli = new CliFrontend(configuration, customCommandLines);
-
-            SecurityUtils.install(new SecurityConfiguration(cli.configuration));
+            CommandLine commandLine =
+                    cli.getCommandLine(
+                            new Options(), Arrays.copyOfRange(args, 1, args.length), true);
+            Configuration securityConfig = new Configuration(cli.configuration);
+            DynamicPropertiesUtil.encodeDynamicProperties(commandLine, securityConfig);
+            SecurityUtils.install(new SecurityConfiguration(securityConfig));
             retCode = SecurityUtils.getInstalledContext().runSecured(() -> cli.parseAndRun(args));
         } catch (Throwable t) {
             final Throwable strippedThrowable =

diff --git a/...k-clients/src/test/java/org/apache/flink/client/cli/CliFrontendDynamicPropertiesTest.java b/...k-clients/src/test/java/org/apache/flink/client/cli/CliFrontendDynamicPropertiesTest.java
@@ -21,16 +21,20 @@
 import org.apache.flink.client.program.PackagedProgram;
 import org.apache.flink.configuration.Configuration;
 import org.apache.flink.configuration.CoreOptions;
+import org.apache.flink.configuration.SecurityOptions;
+import org.apache.flink.runtime.security.SecurityConfiguration;
 import org.apache.flink.util.ChildFirstClassLoader;
 import org.apache.flink.util.FlinkUserCodeClassLoaders.ParentFirstClassLoader;
 
+import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 
+import java.io.File;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -167,6 +171,28 @@ public void testDynamicPropertiesWithClientTimeoutAndDefaultParallelism() throws
                 configuration, args, cliUnderTest, expectedConfigValues);
     }
 
+    @Test
+    public void testSecurityConfigWithDynamicProperties(@TempDir File tempDir) throws Exception {
+        File keytabFile = new File(tempDir, "keytab.file");
+        keytabFile.createNewFile();
+        String[] args = {
+            "-e",
+            "test-executor",
+            "-D" + SecurityOptions.KERBEROS_LOGIN_KEYTAB.key() + "=" + keytabFile.getPath(),
+            "-D" + SecurityOptions.KERBEROS_LOGIN_PRINCIPAL.key() + "=principal",
+            getTestJarPath(),
+        };
+        TestingCliFrontendWithDynamicProperties testFrontend =
+                new TestingCliFrontendWithDynamicProperties(
+                        configuration, cliUnderTest, null, null);
+        CommandLine commandLine = testFrontend.getCommandLine(new Options(), args, true);
+        Configuration securityConfig = new Configuration(configuration);
+        DynamicPropertiesUtil.encodeDynamicProperties(commandLine, securityConfig);
+        SecurityConfiguration securityConfiguration = new SecurityConfiguration(securityConfig);
+        assertThat(securityConfiguration.getKeytab()).isEqualTo(keytabFile.getPath());
+        assertThat(securityConfiguration.getPrincipal()).isEqualTo("principal");
+    }
+
     // --------------------------------------------------------------------------------------------
 
     public static void verifyCliFrontendWithDynamicProperties(