ODIn/spark-instrumented-optimizer
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[SPARK-31282][DOC] Supplement version for configuration appear in security doc

Browse source 
### What changes were proposed in this pull request?
This PR supplements version for configuration appear in security doc.
I sorted out some information show below.

Item name | Since version | JIRA ID | Commit ID | Note
-- | -- | -- | -- | --
spark.network.crypto.keyLength | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |  
spark.network.crypto.keyFactoryAlgorithm | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |  
spark.network.crypto.config.* | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |  
spark.network.crypto.saslFallback | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |  
spark.authenticate.enableSaslEncryption | 2.2.0 | SPARK-19139 | 8f3f73abc1fe62496722476460c174af0250e3fe#diff-0ac65da2bc6b083fb861fe410c7688c2 |  
spark.network.sasl.serverAlwaysEncrypt | 1.4.0 | SPARK-6229 | 38d4e9e446b425ca6a8fe8d8080f387b08683842#diff-d2ce9b38bdc38ca9d7119f9c2cf79907 |  
spark.ui.filters | 1.0.0 | SPARK-1189 | 7edbea41b43e0dc11a2de156be220db8b7952d01#diff-f79a5ead735b3d0b34b6b94486918e1c |  
spark.acls.enable | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |  
spark.ui.view.acls | 1.0.0 | SPARK-1189 | 7edbea41b43e0dc11a2de156be220db8b7952d01#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |  
spark.ui.view.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |  
spark.admin.acls | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |  
spark.admin.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |  
spark.modify.acls | 1.1.0 | SPARK-1890 and SPARK-1891 | e3fe6571decfdc406ec6d505fd92f9f2b85a618c#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |  
spark.modify.acls.groups | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |  
spark.user.groups.mapping | 2.0.0 | SPARK-4224 | ae79032dcf160796851ca29116cca146c4d86ada#diff-afd88f677ec5ff8b5e96a5cbbe00cd98 |  
spark.history.ui.acls.enable | 1.0.1 | Spark 1489 | c8dd13221215275948b1a6913192d40e0c8cbadd#diff-b49b5b9c31ddb36a9061004b5b723058 |  
spark.history.ui.admin.acls | 2.1.1 | SPARK-19033 | 4ca1788805e4a0131ba8f0ccb7499ee0e0242837#diff-a7befb99e7bd7e3ab5c46c2568aa5b3e |  
spark.history.ui.admin.acls.groups | 2.1.1 | SPARK-19033 | 4ca1788805e4a0131ba8f0ccb7499ee0e0242837#diff-a7befb99e7bd7e3ab5c46c2568aa5b3e |  
spark.ui.xXssProtection | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 |  
spark.ui.xContentTypeOptions.enabled | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 |  
spark.ui.strictTransportSecurity | 2.3.0 | SPARK-22188 | 5a07aca4d464e96d75ea17bf6768e24b829872ec#diff-6bdad48cfc34314e89599655442ff210 |  
spark.security.credentials.${service}.enabled | 2.3.0 | SPARK-20434 | a18d637112b97d2caaca0a8324bdd99086664b24#diff-da6c1fd6d8b0c7538a3e77a09e06a083 |  
spark.kerberos.access.hadoopFileSystems | 3.0.0 | SPARK-26766 | d0443a74d185ec72b747fa39994fa9a40ce974cf#diff-6bdad48cfc34314e89599655442ff210 |  

### Why are the changes needed?
Supplemental configuration version information.

### Does this PR introduce any user-facing change?
'No'.

### How was this patch tested?
Jenkins test

Closes #28044 from beliefer/supplement-version-to-security-doc.

Authored-by: beliefer <beliefer@163.com>
Signed-off-by: HyukjinKwon <gurwls223@apache.org>
This commit is contained in:
beliefer 2020-03-31 12:33:01 +09:00 committed by HyukjinKwon
parent 18b73a5b59
commit fc5d67fe22
1 changed files with 31 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
docs/security.md
View file

@ -158,7 +158,7 @@ The following table describes the different options available for configuring th
<td>
The length in bits of the encryption key to generate. Valid values are 128, 192 and 256.
</td>
<td></td>
<td>2.2.0</td>
</tr>
<tr>
<td><code>spark.network.crypto.keyFactoryAlgorithm</code></td>
@ -167,7 +167,7 @@ The following table describes the different options available for configuring th
The key factory algorithm to use when generating encryption keys. Should be one of the
algorithms supported by the javax.crypto.SecretKeyFactory class in the JRE being used.
</td>
<td></td>
<td>2.2.0</td>
</tr>
<tr>
<td><code>spark.network.crypto.config.*</code></td>
@ -177,7 +177,7 @@ The following table describes the different options available for configuring th
use. The config name should be the name of commons-crypto configuration without the
<code>commons.crypto</code> prefix.
</td>
<td></td>
<td>2.2.0</td>
</tr>
<tr>
<td><code>spark.network.crypto.saslFallback</code></td>
@ -196,6 +196,7 @@ The following table describes the different options available for configuring th
<td>
Enable SASL-based encrypted communication.
</td>
<td>2.2.0</td>
</tr>
<tr>
<td><code>spark.network.sasl.serverAlwaysEncrypt</code></td>
@ -204,6 +205,7 @@ The following table describes the different options available for configuring th
Disable unencrypted connections for ports using SASL authentication. This will deny connections
from clients that have authentication enabled, but do not request SASL-based encryption.
</td>
<td>1.4.0</td>
</tr>
</table>
@ -286,7 +288,7 @@ below.
The following options control the authentication of Web UIs:
<table class="table">
<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
<tr>
<td><code>spark.ui.filters</code></td>
<td>None</td>
@ -294,6 +296,7 @@ The following options control the authentication of Web UIs:
See the <a href="configuration.html#spark-ui">Spark UI</a> configuration for how to configure
filters.
</td>
<td>1.0.0</td>
</tr>
<tr>
<td><code>spark.acls.enable</code></td>
@ -303,6 +306,7 @@ The following options control the authentication of Web UIs:
permissions to view or modify the application. Note this requires the user to be authenticated,
so if no authentication filter is installed, this option does not do anything.
</td>
<td>1.1.0</td>
</tr>
<tr>
<td><code>spark.admin.acls</code></td>
@ -310,6 +314,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of users that have view and modify access to the Spark application.
</td>
<td>1.1.0</td>
</tr>
<tr>
<td><code>spark.admin.acls.groups</code></td>
@ -317,6 +322,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of groups that have view and modify access to the Spark application.
</td>
<td>2.0.0</td>
</tr>
<tr>
<td><code>spark.modify.acls</code></td>
@ -324,6 +330,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of users that have modify access to the Spark application.
</td>
<td>1.1.0</td>
</tr>
<tr>
<td><code>spark.modify.acls.groups</code></td>
@ -331,6 +338,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of groups that have modify access to the Spark application.
</td>
<td>2.0.0</td>
</tr>
<tr>
<td><code>spark.ui.view.acls</code></td>
@ -338,6 +346,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of users that have view access to the Spark application.
</td>
<td>1.0.0</td>
</tr>
<tr>
<td><code>spark.ui.view.acls.groups</code></td>
@ -345,6 +354,7 @@ The following options control the authentication of Web UIs:
<td>
Comma-separated list of groups that have view access to the Spark application.
</td>
<td>2.0.0</td>
</tr>
<tr>
<td><code>spark.user.groups.mapping</code></td>
@ -361,6 +371,7 @@ The following options control the authentication of Web UIs:
Windows environment is currently <b>not</b> supported. However, a new platform/protocol can
be supported by implementing the trait mentioned above.
</td>
<td>2.0.0</td>
</tr>
</table>
@ -375,7 +386,7 @@ servlet filters.
To enable authorization in the SHS, a few extra options are used:
<table class="table">
<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
<tr>
<td><code>spark.history.ui.acls.enable</code></td>
<td>false</td>
@ -389,6 +400,7 @@ To enable authorization in the SHS, a few extra options are used:
If disabled, no access control checks are made for any application UIs available through
the history server.
</td>
<td>1.0.1</td>
</tr>
<tr>
<td><code>spark.history.ui.admin.acls</code></td>
@ -397,6 +409,7 @@ To enable authorization in the SHS, a few extra options are used:
Comma separated list of users that have view access to all the Spark applications in history
server.
</td>
<td>2.1.1</td>
</tr>
<tr>
<td><code>spark.history.ui.admin.acls.groups</code></td>
@ -405,6 +418,7 @@ To enable authorization in the SHS, a few extra options are used:
Comma separated list of groups that have view access to all the Spark applications in history
server.
</td>
<td>2.1.1</td>
</tr>
</table>
@ -620,7 +634,7 @@ Apache Spark can be configured to include HTTP headers to aid in preventing Cros
Security.
<table class="table">
<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
<tr>
<td><code>spark.ui.xXssProtection</code></td>
<td><code>1; mode=block</code></td>
@ -635,6 +649,7 @@ Security.
of the page if an attack is detected.)</li>
</ul>
</td>
<td>2.3.0</td>
</tr>
<tr>
<td><code>spark.ui.xContentTypeOptions.enabled</code></td>
@ -642,7 +657,8 @@ Security.
<td>
When enabled, X-Content-Type-Options HTTP response header will be set to "nosniff".
</td>
</tr>
<td>2.3.0</td>
</tr>
<tr>
<td><code>spark.ui.strictTransportSecurity</code></td>
<td>None</td>
@ -656,6 +672,7 @@ Security.
<li><code>max-age=&lt;expire-time&gt;; preload</code></li>
</ul>
</td>
<td>2.3.0</td>
</tr>
</table>
@ -796,16 +813,17 @@ deployment-specific page for more information.
The following options provides finer-grained control for this feature:
<table class="table">
<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr>
<tr><th>Property Name</th><th>Default</th><th>Meaning</th><th>Since Version</th></tr>
<tr>
<td><code>spark.security.credentials.${service}.enabled</code></td>
<td><code>true</code></td>
<td>
Controls whether to obtain credentials for services when security is enabled.
By default, credentials for all supported services are retrieved when those services are
configured, but it's possible to disable that behavior if it somehow conflicts with the
application being run.
Controls whether to obtain credentials for services when security is enabled.
By default, credentials for all supported services are retrieved when those services are
configured, but it's possible to disable that behavior if it somehow conflicts with the
application being run.
</td>
<td>2.3.0</td>
</tr>
<tr>
<td><code>spark.kerberos.access.hadoopFileSystems</code></td>
@ -818,6 +836,7 @@ The following options provides finer-grained control for this feature:
or in a trusted realm). Spark acquires security tokens for each of the filesystems so that
the Spark application can access those remote Hadoop filesystems.
</td>
<td>3.0.0</td>
</tr>
</table>