[SPARK-31282][DOC] Supplement version for configuration appear in security doc
### What changes were proposed in this pull request? This PR supplements version for configuration appear in security doc. I sorted out some information show below. Item name | Since version | JIRA ID | Commit ID | Note -- | -- | -- | -- | -- spark.network.crypto.keyLength | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 | spark.network.crypto.keyFactoryAlgorithm | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 | spark.network.crypto.config.* | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 | spark.network.crypto.saslFallback | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 | spark.authenticate.enableSaslEncryption | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 | spark.network.sasl.serverAlwaysEncrypt | 1.4.0 | SPARK-6229 | 38d4e9e446b425ca6a8fe8d8080f387b08683842#diff-d2ce9b38bdc38ca9d7119f9c2cf79907 | spark.ui.filters | 1.0.0 | SPARK-1189 | 7edbea41b43e0dc11a2de156be220db8b7952d01#diff-f79a5ead735b3d0b34b6b94486918e1c | spark.acls.enable | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 | spark.ui.view.acls | 1.0.0 | SPARK-1189 | 7edbea41b43e0dc11a2de156be220db8b7952d01#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 | spark.ui.view.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 | spark.admin.acls | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 | spark.admin.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 | spark.modify.acls | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 | spark.modify.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 | spark.user.groups.mapping | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 | spark.history.ui.acls.enable | 1.0.1 | Spark 1489 | c8dd13221215275948b1a6913192d40e0c8cbadd#diff-b49b5b9c31ddb36a9061004b5b723058 | spark.history.ui.admin.acls | 2.1.1 | SPARK-19033 | 4ca1788805e4a0131ba8f0ccb7499ee0e0242837#diff-a7befb99e7bd7e3ab5c46c2568aa5b3e | spark.history.ui.admin.acls.groups | 2.1.1 | SPARK-19033 | 4ca1788805e4a0131ba8f0ccb7499ee0e0242837#diff-a7befb99e7bd7e3ab5c46c2568aa5b3e | spark.ui.xXssProtection | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 | spark.ui.xContentTypeOptions.enabled | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 | spark.ui.strictTransportSecurity | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 | spark.security.credentials.${service}.enabled | 2.3.0 | SPARK-20434 | a18d637112b97d2caaca0a8324bdd99086664b24#diff-da6c1fd6d8b0c7538a3e77a09e06a083 | spark.kerberos.access.hadoopFileSystems | 3.0.0 | SPARK-26766 | d0443a74d185ec72b747fa39994fa9a40ce974cf#diff-6bdad48cfc34314e89599655442ff210 | ### Why are the changes needed? Supplemental configuration version information. ### Does this PR introduce any user-facing change? 'No'. ### How was this patch tested? Jenkins test Closes #28044 from beliefer/supplement-version-to-security-doc. Authored-by: beliefer <beliefer@163.com> Signed-off-by: HyukjinKwon <gurwls223@apache.org>
This commit is contained in:
parent
18b73a5b59
commit
fc5d67fe22
|
@ -158,7 +158,7 @@ The following table describes the different options available for configuring th
|
|||
<td>
|
||||
The length in bits of the encryption key to generate. Valid values are 128, 192 and 256.
|
||||
</td>
|
||||
<td></td>
|
||||
<td>2.2.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.network.crypto.keyFactoryAlgorithm</code></td>
|
||||
|
@ -167,7 +167,7 @@ The following table describes the different options available for configuring th
|
|||
The key factory algorithm to use when generating encryption keys. Should be one of the
|
||||
algorithms supported by the javax.crypto.SecretKeyFactory class in the JRE being used.
|
||||
</td>
|
||||
<td></td>
|
||||
<td>2.2.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.network.crypto.config.*</code></td>
|
||||
|
@ -177,7 +177,7 @@ The following table describes the different options available for configuring th
|
|||
use. The config name should be the name of commons-crypto configuration without the
|
||||
<code>commons.crypto</code> prefix.
|
||||
</td>
|
||||
<td></td>
|
||||
<td>2.2.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.network.crypto.saslFallback</code></td>
|
||||
|
@ -196,6 +196,7 @@ The following table describes the different options available for configuring th
|
|||
<td>
|
||||
Enable SASL-based encrypted communication.
|
||||
</td>
|
||||
<td>2.2.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.network.sasl.serverAlwaysEncrypt</code></td>
|
||||
|
@ -204,6 +205,7 @@ The following table describes the different options available for configuring th
|
|||
Disable unencrypted connections for ports using SASL authentication. This will deny connections
|
||||
from clients that have authentication enabled, but do not request SASL-based encryption.
|
||||
</td>
|
||||
<td>1.4.0</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
@ -286,7 +288,7 @@ below.
|
|||
The following options control the authentication of Web UIs:
|
||||
|
||||
<table class="table">
|
||||
<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
|
||||
<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
|
||||
<tr>
|
||||
<td><code>spark.ui.filters</code></td>
|
||||
<td>None</td>
|
||||
|
@ -294,6 +296,7 @@ The following options control the authentication of Web UIs:
|
|||
See the <a href="configuration.html#spark-ui">Spark UI</a> configuration for how to configure
|
||||
filters.
|
||||
</td>
|
||||
<td>1.0.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.acls.enable</code></td>
|
||||
|
@ -303,6 +306,7 @@ The following options control the authentication of Web UIs:
|
|||
permissions to view or modify the application. Note this requires the user to be authenticated,
|
||||
so if no authentication filter is installed, this option does not do anything.
|
||||
</td>
|
||||
<td>1.1.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.admin.acls</code></td>
|
||||
|
@ -310,6 +314,7 @@ The following options control the authentication of Web UIs:
|
|||
<td>
|
||||
Comma-separated list of users that have view and modify access to the Spark application.
|
||||
</td>
|
||||
<td>1.1.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.admin.acls.groups</code></td>
|
||||
|
@ -317,6 +322,7 @@ The following options control the authentication of Web UIs:
|
|||
<td>
|
||||
Comma-separated list of groups that have view and modify access to the Spark application.
|
||||
</td>
|
||||
<td>2.0.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.modify.acls</code></td>
|
||||
|
@ -324,6 +330,7 @@ The following options control the authentication of Web UIs:
|
|||
<td>
|
||||
Comma-separated list of users that have modify access to the Spark application.
|
||||
</td>
|
||||
<td>1.1.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.modify.acls.groups</code></td>
|
||||
|
@ -331,6 +338,7 @@ The following options control the authentication of Web UIs:
|
|||
<td>
|
||||
Comma-separated list of groups that have modify access to the Spark application.
|
||||
</td>
|
||||
<td>2.0.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.ui.view.acls</code></td>
|
||||
|
@ -338,6 +346,7 @@ The following options control the authentication of Web UIs:
|
|||
<td>
|
||||
Comma-separated list of users that have view access to the Spark application.
|
||||
</td>
|
||||
<td>1.0.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.ui.view.acls.groups</code></td>
|
||||
|
@ -345,6 +354,7 @@ The following options control the authentication of Web UIs:
|
|||
<td>
|
||||
Comma-separated list of groups that have view access to the Spark application.
|
||||
</td>
|
||||
<td>2.0.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.user.groups.mapping</code></td>
|
||||
|
@ -361,6 +371,7 @@ The following options control the authentication of Web UIs:
|
|||
Windows environment is currently <b>not</b> supported. However, a new platform/protocol can
|
||||
be supported by implementing the trait mentioned above.
|
||||
</td>
|
||||
<td>2.0.0</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
@ -375,7 +386,7 @@ servlet filters.
|
|||
To enable authorization in the SHS, a few extra options are used:
|
||||
|
||||
<table class="table">
|
||||
<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
|
||||
<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
|
||||
<tr>
|
||||
<td><code>spark.history.ui.acls.enable</code></td>
|
||||
<td>false</td>
|
||||
|
@ -389,6 +400,7 @@ To enable authorization in the SHS, a few extra options are used:
|
|||
If disabled, no access control checks are made for any application UIs available through
|
||||
the history server.
|
||||
</td>
|
||||
<td>1.0.1</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.history.ui.admin.acls</code></td>
|
||||
|
@ -397,6 +409,7 @@ To enable authorization in the SHS, a few extra options are used:
|
|||
Comma separated list of users that have view access to all the Spark applications in history
|
||||
server.
|
||||
</td>
|
||||
<td>2.1.1</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.history.ui.admin.acls.groups</code></td>
|
||||
|
@ -405,6 +418,7 @@ To enable authorization in the SHS, a few extra options are used:
|
|||
Comma separated list of groups that have view access to all the Spark applications in history
|
||||
server.
|
||||
</td>
|
||||
<td>2.1.1</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
@ -620,7 +634,7 @@ Apache Spark can be configured to include HTTP headers to aid in preventing Cros
|
|||
Security.
|
||||
|
||||
<table class="table">
|
||||
<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
|
||||
<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
|
||||
<tr>
|
||||
<td><code>spark.ui.xXssProtection</code></td>
|
||||
<td><code>1; mode=block</code></td>
|
||||
|
@ -635,6 +649,7 @@ Security.
|
|||
of the page if an attack is detected.)</li>
|
||||
</ul>
|
||||
</td>
|
||||
<td>2.3.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.ui.xContentTypeOptions.enabled</code></td>
|
||||
|
@ -642,7 +657,8 @@ Security.
|
|||
<td>
|
||||
When enabled, X-Content-Type-Options HTTP response header will be set to "nosniff".
|
||||
</td>
|
||||
</tr>
|
||||
<td>2.3.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.ui.strictTransportSecurity</code></td>
|
||||
<td>None</td>
|
||||
|
@ -656,6 +672,7 @@ Security.
|
|||
<li><code>max-age=<expire-time>; preload</code></li>
|
||||
</ul>
|
||||
</td>
|
||||
<td>2.3.0</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
@ -796,16 +813,17 @@ deployment-specific page for more information.
|
|||
The following options provides finer-grained control for this feature:
|
||||
|
||||
<table class="table">
|
||||
<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
|
||||
<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
|
||||
<tr>
|
||||
<td><code>spark.security.credentials.${service}.enabled</code></td>
|
||||
<td><code>true</code></td>
|
||||
<td>
|
||||
Controls whether to obtain credentials for services when security is enabled.
|
||||
By default, credentials for all supported services are retrieved when those services are
|
||||
configured, but it's possible to disable that behavior if it somehow conflicts with the
|
||||
application being run.
|
||||
Controls whether to obtain credentials for services when security is enabled.
|
||||
By default, credentials for all supported services are retrieved when those services are
|
||||
configured, but it's possible to disable that behavior if it somehow conflicts with the
|
||||
application being run.
|
||||
</td>
|
||||
<td>2.3.0</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>spark.kerberos.access.hadoopFileSystems</code></td>
|
||||
|
@ -818,6 +836,7 @@ The following options provides finer-grained control for this feature:
|
|||
or in a trusted realm). Spark acquires security tokens for each of the filesystems so that
|
||||
the Spark application can access those remote Hadoop filesystems.
|
||||
</td>
|
||||
<td>3.0.0</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
|
Loading…
Reference in a new issue