[STORM-224] Storm should use stricter ACLs within zookeeper - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.10.0
Component/s: storm-core
Labels:
None

Description

In a stand alone environment storm stores everything wide open in ZK. We really should lock this down with ACLs so that individual topologies cannot modify data that the storm system uses, and so that other topologies cannot modify/interfere with each other.

The current code from Yahoo will generate a random username/password for each topology that is launched. This works great for most topologies, but for trident topologies because they store long lived data in ZK the user has to keep the credentials around themselves. We would love to switch ZK access over to use a forwarded TGT, but have not finished the work to do this yet.

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Derek Dagit

Reporter:: Robert Joseph Evans

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Feb/14 16:47

Updated:: 09/Oct/15 00:58

Resolved:: 17/Jun/14 20:46

Agile

View on Board

Storm should use stricter ACLs within zookeeper

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment