[
https://issues.apache.org/jira/browse/STORM-689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14357798#comment-14357798
]
ASF GitHub Bot commented on STORM-689:
--------------------------------------
Github user revans2 commented on a diff in the pull request:
https://github.com/apache/storm/pull/445#discussion_r26266419
--- Diff:
storm-core/src/jvm/backtype/storm/security/auth/authorizer/SimpleACLAuthorizer.java
---
@@ -96,7 +101,10 @@ public boolean permit(ReqContext context, String
operation, Map topology_conf) {
}
if (_userCommands.contains(operation)) {
- return true;
+ if (_nimbusUsers.size() > 0 && _nimbusUsers.contains(user))
+ return true;
+ else if (_nimbusUsers.size() == 0)
+ return true;
--- End diff --
I personally think
```
return _nimbusUsers.size() == 0 || _nimbusUsers.contains(user);
```
is more readable than what is here, but this is really minor.
> SimpleACLAuthorizer should provide a way to restrict who can submit topologies
> ------------------------------------------------------------------------------
>
> Key: STORM-689
> URL: https://issues.apache.org/jira/browse/STORM-689
> Project: Apache Storm
> Issue Type: Improvement
> Reporter: Sriharsha Chintalapani
> Assignee: Sriharsha Chintalapani
> Priority: Trivial
>
> SimpleACLAuthorizer currently allows anyone with a valid kerberos ticket to
> submit topologies. There are cases where storm admins want to allow only
> selected users to submit topologies. I am proposing nimbus.users config
> option if its added to storm.yaml only the listed users can deploy the storm
> topologies.
> cc [~revans2]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
