[
https://issues.apache.org/jira/browse/STORM-689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14357136#comment-14357136
]
ASF GitHub Bot commented on STORM-689:
--------------------------------------
Github user Parth-Brahmbhatt commented on a diff in the pull request:
https://github.com/apache/storm/pull/445#discussion_r26228849
--- Diff: storm-core/src/jvm/backtype/storm/Config.java ---
@@ -339,6 +339,13 @@
public static final Object NIMBUS_ADMINS_SCHEMA =
ConfigValidation.StringsValidator;
/**
+ * A list of users that are the only ones allowed to run user
operation on storm cluster.
+ * To use this set nimbus.authorizer to
backtype.storm.security.auth.authorizer.SimpleACLAuthorizer
+ */
+ public static final String NIMBUS_USERS = "nimbus.users";
--- End diff --
We should modify security.MD to document this config.
> SimpleACLAuthorizer should provide a way to restrict who can submit topologies
> ------------------------------------------------------------------------------
>
> Key: STORM-689
> URL: https://issues.apache.org/jira/browse/STORM-689
> Project: Apache Storm
> Issue Type: Improvement
> Reporter: Sriharsha Chintalapani
> Assignee: Sriharsha Chintalapani
> Priority: Trivial
>
> SimpleACLAuthorizer currently allows anyone with a valid kerberos ticket to
> submit topologies. There are cases where storm admins want to allow only
> selected users to submit topologies. I am proposing nimbus.users config
> option if its added to storm.yaml only the listed users can deploy the storm
> topologies.
> cc [~revans2]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
