Github user revans2 commented on a diff in the pull request:
https://github.com/apache/incubator-storm/pull/190#discussion_r15419109
--- Diff: storm-core/src/clj/backtype/storm/daemon/nimbus.clj ---
@@ -1046,7 +1047,10 @@
(dissoc storm-conf
STORM-ZOOKEEPER-TOPOLOGY-AUTH-SCHEME STORM-ZOOKEEPER-TOPOLOGY-AUTH-PAYLOAD))
total-storm-conf (merge conf storm-conf)
topology (normalize-topology total-storm-conf topology)
+ nimbus-autocred-plugins
(AuthUtils/getNimbusAutoCredPlugins total-storm-conf)
--- End diff --
Why does the plugin need to be cleaned up as soon as the submission is
over? Creating an object each time a method is called feels like a lot of
overhead to me. It also makes it so that the plugin does not have the option
to cache things and amortize the overhead across multiple calls. Not that the
code currently needs to worry about it, as the current code is more or less
just a static function.
> If we generate these instances at startup then it means anyone wanting to
use it will have to change the nimbus config and restart nimbus.
Yes, I can see that. But that is kind of what I want. It becomes a
balancing act between convenience/insecurity and security/inconvenience. I
just feel nervous that anything on the classpath the user gets to decide to
load it into memory. It feels like it is too open ended, but honestly if you
feel strongly about it I will not push it. I would just want the config
changed so that it is prefixed with topology instead of nimbus so that it is
obvious that it is a topology specific config.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
