GitHub user revans2 opened a pull request:
https://github.com/apache/storm/pull/2531
STORM-2898: Support for WorkerToken authentication
This adds in support for workers to be able to authenticate with either
nimbus or drpc invocation servers using WorkerTokens.
A WorkerToken is a lot like a delegation token in Hadoop. See the jira for
the design of this.
Some of the things I did in this beyond just worker tokens.
1. I ported auth-test to java (STORM-1301). Because I wanted to reuse the
code there to verify that this feature was working properly, and I didn't want
to leave it in clojure.
2. I refactored how the zookeeper ACLs are passed into the
StormClusterStateImpl. They now are done from methods in DaemonType because I
though it made the code cleaner, and provided a good place to add in the new
ACLs needed to secure WorkerToken private keys that need to be shared in one
case among all nimbus instances and in another case with the DRPC servers.
3. I refactored the digest authentication sasl code. I did this to make it
simpler to add in support for tokens that also use the same method and get a
more code reuse.
4. I deprecated the sasl plain auth transport plugin. It was not being
used by any tests. It is totally insecure in so many ways, and I didn't want
anyone to mistakenly think it was OK to use it. If others are using it for
some of their testing internally I can remove the deprecation.
5. I cleaned up some check style violations for code that I was touching.
I know this is a lot of code, so thanks to anyone who can help review it.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/revans2/incubator-storm STORM-2898
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/storm/pull/2531.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2531
----
commit fa8a7f37c5b71c2c3e999a53d04f38fda207e1f1
Author: Robert (Bobby) Evans <evans@...>
Date: 2018-01-12T22:37:56Z
STORM-2898: Support for WorkerToken authentication
----
---
