diff --git a/docs/security.md b/docs/security.md index 5496879d8c..aef6e69382 100644 --- a/docs/security.md +++ b/docs/security.md @@ -158,7 +158,7 @@ The following table describes the different options available for configuring th The length in bits of the encryption key to generate. Valid values are 128, 192 and 256. - + 2.2.0 spark.network.crypto.keyFactoryAlgorithm @@ -167,7 +167,7 @@ The following table describes the different options available for configuring th The key factory algorithm to use when generating encryption keys. Should be one of the algorithms supported by the javax.crypto.SecretKeyFactory class in the JRE being used. - + 2.2.0 spark.network.crypto.config.* @@ -177,7 +177,7 @@ The following table describes the different options available for configuring th use. The config name should be the name of commons-crypto configuration without the commons.crypto prefix. - + 2.2.0 spark.network.crypto.saslFallback @@ -196,6 +196,7 @@ The following table describes the different options available for configuring th Enable SASL-based encrypted communication. + 2.2.0 spark.network.sasl.serverAlwaysEncrypt @@ -204,6 +205,7 @@ The following table describes the different options available for configuring th Disable unencrypted connections for ports using SASL authentication. This will deny connections from clients that have authentication enabled, but do not request SASL-based encryption. + 1.4.0 @@ -286,7 +288,7 @@ below. The following options control the authentication of Web UIs: - + @@ -294,6 +296,7 @@ The following options control the authentication of Web UIs: See the Spark UI configuration for how to configure filters. + @@ -303,6 +306,7 @@ The following options control the authentication of Web UIs: permissions to view or modify the application. Note this requires the user to be authenticated, so if no authentication filter is installed, this option does not do anything. + @@ -310,6 +314,7 @@ The following options control the authentication of Web UIs: + @@ -317,6 +322,7 @@ The following options control the authentication of Web UIs: + @@ -324,6 +330,7 @@ The following options control the authentication of Web UIs: + @@ -331,6 +338,7 @@ The following options control the authentication of Web UIs: + @@ -338,6 +346,7 @@ The following options control the authentication of Web UIs: + @@ -345,6 +354,7 @@ The following options control the authentication of Web UIs: + @@ -361,6 +371,7 @@ The following options control the authentication of Web UIs: Windows environment is currently not supported. However, a new platform/protocol can be supported by implementing the trait mentioned above. +
Property NameDefaultMeaning
Property NameDefaultMeaningSince Version
spark.ui.filters None1.0.0
spark.acls.enable1.1.0
spark.admin.acls Comma-separated list of users that have view and modify access to the Spark application. 1.1.0
spark.admin.acls.groups Comma-separated list of groups that have view and modify access to the Spark application. 2.0.0
spark.modify.acls Comma-separated list of users that have modify access to the Spark application. 1.1.0
spark.modify.acls.groups Comma-separated list of groups that have modify access to the Spark application. 2.0.0
spark.ui.view.acls Comma-separated list of users that have view access to the Spark application. 1.0.0
spark.ui.view.acls.groups Comma-separated list of groups that have view access to the Spark application. 2.0.0
spark.user.groups.mapping2.0.0
@@ -375,7 +386,7 @@ servlet filters. To enable authorization in the SHS, a few extra options are used: - + @@ -389,6 +400,7 @@ To enable authorization in the SHS, a few extra options are used: If disabled, no access control checks are made for any application UIs available through the history server. + @@ -397,6 +409,7 @@ To enable authorization in the SHS, a few extra options are used: Comma separated list of users that have view access to all the Spark applications in history server. + @@ -405,6 +418,7 @@ To enable authorization in the SHS, a few extra options are used: Comma separated list of groups that have view access to all the Spark applications in history server. +
Property NameDefaultMeaning
Property NameDefaultMeaningSince Version
spark.history.ui.acls.enable false1.0.1
spark.history.ui.admin.acls2.1.1
spark.history.ui.admin.acls.groups2.1.1
@@ -620,7 +634,7 @@ Apache Spark can be configured to include HTTP headers to aid in preventing Cros Security. - + @@ -635,6 +649,7 @@ Security. of the page if an attack is detected.) + @@ -642,7 +657,8 @@ Security. - + + @@ -656,6 +672,7 @@ Security.
  • max-age=<expire-time>; preload
    • +
    Property NameDefaultMeaning
    Property NameDefaultMeaningSince Version
    spark.ui.xXssProtection 1; mode=block 2.3.0
    spark.ui.xContentTypeOptions.enabled When enabled, X-Content-Type-Options HTTP response header will be set to "nosniff".
    2.3.0
    spark.ui.strictTransportSecurity None 2.3.0
    @@ -796,16 +813,17 @@ deployment-specific page for more information. The following options provides finer-grained control for this feature: - + + @@ -818,6 +836,7 @@ The following options provides finer-grained control for this feature: or in a trusted realm). Spark acquires security tokens for each of the filesystems so that the Spark application can access those remote Hadoop filesystems. +
    Property NameDefaultMeaning
    Property NameDefaultMeaningSince Version
    spark.security.credentials.${service}.enabled true - Controls whether to obtain credentials for services when security is enabled. - By default, credentials for all supported services are retrieved when those services are - configured, but it's possible to disable that behavior if it somehow conflicts with the - application being run. + Controls whether to obtain credentials for services when security is enabled. + By default, credentials for all supported services are retrieved when those services are + configured, but it's possible to disable that behavior if it somehow conflicts with the + application being run. 2.3.0
    spark.kerberos.access.hadoopFileSystems3.0.0