Hello, I would like to reach out to the community to see if there are any inputs on the Admin server authentication and authorization.
We are looking into adding the snapshot and restore command to the admin server. Thanks for the work from maoling. https://github.com/apache/zookeeper/pull/1044. In addition to providing the commands, we also want to make sure only authenticated admin users can issue the commands. I came across the following comment in https://github.com/apache/zookeeper/pull/917. ZooKeeperAdmin supports all sorts of authentications built in ZK and we can extend it such that only admin (or any users that explicitly being granted admin access to cluster) can issue snap command. It seems that ZookeerAdmin doesn't have support for auth. The auth on the reconfig is implemented using write permission on /zookeeper/config node. I wonder if there has been any discussions on adding auth support to the Admin Server commands. Thanks, Li