[jira] [Commented] (STORM-615) Add REST API to upload topology

Tue, 14 Jul 2015 09:31:46 -0700 

    [ 
https://issues.apache.org/jira/browse/STORM-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14626595#comment-14626595
 ] 

Robert Joseph Evans commented on STORM-615:
-------------------------------------------

Using policy files would work to prevent the code from doing bad things in the 
OS as a privileged user.  But I don't think it solves the issue if 
authentication with nimbus still.  No matter how we run the user code it still 
needs to authenticate with nimbus.  We need to give the that code credentials 
to do so.  We cannot use the UI user's credentials to do it because the end 
user could steal them, unless we do something where we hand the code a nimbus 
connection that is already authenticated and locked down in such a way that 
nimbus will enforce it being the user that we want.  But that code does not 
currently exist, either on the client side or not the nimbus side.

If we are going to make big changes like that I would much rather have us look 
at flux, and see if we can submit a topology with a jar, and a config file.  
Possibly having both of them in a single jar file.  Instead of having the bolts 
and spouts deserialized in the worker, we could call a constructor and 
instantiate them directly in the worker, like what flux does.  There is already 
a thrift definition for some of this, but I am not sure how advanced/tested it 
is, or what changes we would need to make to flux to support it.  With this we 
no longer need to run any user code outside of the worker at all, or load an 
untrusted jar file.  We just read the config file and submit the topology using 
the proxy settings.

> Add REST API to upload topology
> -------------------------------
>
>                 Key: STORM-615
>                 URL: https://issues.apache.org/jira/browse/STORM-615
>             Project: Apache Storm
>          Issue Type: Bug
>            Reporter: Sriharsha Chintalapani
>            Assignee: Arun Mahadevan
>             Fix For: 0.10.0
>
>
> Add REST api /api/v1/submitTopology to upload topology jars and config using 
> REST api.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to