Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-35263 FLIP-446: Kubernetes Operator State Snapshot CRD
  3. FLINK-36162

Remove flinkStateSnapshotReference and namespace from FlinkStateSnapshot jobReference

    XMLWordPrintableJSON

Details

    Description

      I think in the initial version we should remove both the newly introduced job.spec.flinkStateSnapshotReference and FlinkStateSnapshot.jobReference.namspace fields as they generally allow users to trigger and access savepoint paths from namespaces where the user may not have permissions.

      Let me give you 2 examples:

      jobReference.namespace, allows us to trigger a savepoint for a job in a different namespace. This works as long as the operator has access to the user and does not verify that the current user in fact does. This may ultimately allow us to trigger a savepoint to a custom place and even steal the state.

      In a similar way the initial flinkStateSnapshot reference would allow us to steal a savepoint path that we normally don't know/have access to and store it in our resource.

      I suggest to simply remove these until we have a good way to solve these issues, I think there is generally not much use for these fields overall.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #874

          Activity

            People

              gyfora Gyula Fora
              gyfora Gyula Fora
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: