aurora-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Farner (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AURORA-1643) Support authentication between announcer and ZK
Date Thu, 17 Mar 2016 22:48:33 GMT

    [ https://issues.apache.org/jira/browse/AURORA-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15200550#comment-15200550
] 

Bill Farner commented on AURORA-1643:
-------------------------------------

I'd like to suggest this schema:

{noformat}
[
  {
    "scheme": "<scheme>",
    "credential": "<credential>",
    "permissions": {
      "read": <bool>,
      "write": <bool>,
      "create": <bool>,
      "delete": <bool>,
      "admin": <bool>,
      "all": <bool>
    }
  }
]
{noformat}

Summary of the changes to the previously-posted schema:
- list of ACLs (for parity with the ZK API)
- support schemes other than 'digest'
- added a convenience {{all}} permission, matching ZK APIs

An implied change here is that our code would _not_ use kazoo's {{make_digest_acl}} or {{make_digest_acl_credential}}
conveniences.  Instead, the encoding/hashing associated with the digest scheme must be done
externally.

> Support authentication between announcer and ZK
> -----------------------------------------------
>
>                 Key: AURORA-1643
>                 URL: https://issues.apache.org/jira/browse/AURORA-1643
>             Project: Aurora
>          Issue Type: Story
>            Reporter: Kunal Thakar
>
> We want to restrict access to the ZK service discovery cluster through ACLs. Currently,
the announcer does not support creating ZK nodes with ACLs. The Kazoo client supports ACLs,
so it should be straightforward to plumb in support for ACLs in the announcer (how do we pass
ACL credentials to the announcer is another question). 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message