Github user revans2 commented on the issue: https://github.com/apache/storm/pull/2433 @HeartSaVioR Perhaps we should have a call on the Metrics V2 work and what is its status for storm 2.0 because I don't totally know myself. What I think is mandatory for this patch is. 1) wait for delegation token work to go in so we can authenticate connections between the worker and nimbus/supervisors. 2) Add in some form of authorization to the newly added APIs. - getSupervisorAssignments should only be allowed from a supervisor - sendSupervisorWorkerHeartbeats should only be allowed from a supervisor. - sendSupervisorWorkerHeartbeat should verify that it has come from the owner of the topology the heartbeat is for - sendSupervisorAssignments needs to verify that it came from nimbus. - getLocalAssignmentForStorm needs to verify that it came from the owner of the topology. - sendSupervisorWorkerHeartbeat needs to verify that it came from the owner of the topology. 3) supervisor needs to pick a port from a configured allowable range of ports and get that information to everyone who is going to need it. If someone wants to drop the old heartbeat mechanisms for talking to nimbus and the supervisors that is fine with me. However, if we do drop it I really would love to have a way to maintain backwards compatibility because otherwise I will have to add it back in myself. If we don't drop it now I would like to see a follow on JIRA to remove it, but for that to work as part of a rolling upgrade we would need to support both mechanisms at the same time.
---