Sign inTry Free

Security and Permissions

On this page

SQL Permissions

The Spark user must have access to the SingleStore Helios workspace.

Additionally, SingleStore has a Permissions Matrix which describes the permissions required to run each command.

To perform any SQL operations through the SingleStore Spark Connector, you should have different permissions for different types of operations. The following matrix describes the minimum permissions required to perform some operations. The ALL PRIVILEGES permission allows you to perform any operation.

Operation

Min. Permission

Alternative Permission

READ from collection

SELECT

ALL PRIVILEGES

WRITE to collection

SELECT, INSERT

ALL PRIVILEGES

DROP database or collection

SELECT, INSERT, DROP

ALL PRIVILEGES

CREATE database or collection

SELECT, INSERT, CREATE

ALL PRIVILEGES

SSL Support

The SingleStore Spark Connector uses the SingleStore JDBC Driver under the hood and thus supports SSL configuration out of the box.

Once you have setup SSL on your server, use the following options to enable SSL:

spark.conf.set("spark.datasource.singlestore.useSSL", "true")
spark.conf.set("spark.datasource.singlestore.serverSslCert", "PATH/TO/CERT")

Note: The serverSslCert option may be server’s certificate in DER form, or the server’s CA certificate. It can be used in one of the following three forms:

  • Full path to certificate: serverSslCert=/path/to/cert.pem

  • Relative to current classpath: serverSslCert=classpath:relative/cert.pem

  • Verbatim DER-encoded certificate string: ------BEGIN CERTIFICATE-----...

Depending on your SSL configuration, set these additional options:

spark.conf.set("spark.datasource.singlestore.trustServerCertificate", "true")
spark.conf.set("spark.datasource.singlestore.disableSslHostnameVerification", "true")

See The SingleStore JDBC Driver for more information. If you are still using the MariaDB JDBC driver, see MariaDB JDBC Connector for more information.

Authenticate via JWTs

To authenticate your connection to a SingleStore Helios workspace using the SingleStore Spark connector with a JWT, specify the following parameters:

  • credentialType=JWT

  • password=<jwt-token>

Note

To authenticate your connection to the SingleStore workspace using JWTs, the SingleStore user must connect via SSL and use JWT for authentication. To create a SingleStore user that can authenticate with a JWT, execute the following command:

CREATE USER 'email@example.com'@'%' IDENTIFIED WITH authentication_jwt REQUIRE SSL;

See Authenticate via JWT for more information.

Last modified: May 3, 2023

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK