[
https://issues.apache.org/jira/browse/AURORA-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15200550#comment-15200550
]
Bill Farner commented on AURORA-1643:
-------------------------------------
I'd like to suggest this schema:
{noformat}
[
{
"scheme": "<scheme>",
"credential": "<credential>",
"permissions": {
"read": <bool>,
"write": <bool>,
"create": <bool>,
"delete": <bool>,
"admin": <bool>,
"all": <bool>
}
}
]
{noformat}
Summary of the changes to the previously-posted schema:
- list of ACLs (for parity with the ZK API)
- support schemes other than 'digest'
- added a convenience {{all}} permission, matching ZK APIs
An implied change here is that our code would _not_ use kazoo's
{{make_digest_acl}} or {{make_digest_acl_credential}} conveniences. Instead,
the encoding/hashing associated with the digest scheme must be done externally.
> Support authentication between announcer and ZK
> -----------------------------------------------
>
> Key: AURORA-1643
> URL: https://issues.apache.org/jira/browse/AURORA-1643
> Project: Aurora
> Issue Type: Story
> Reporter: Kunal Thakar
>
> We want to restrict access to the ZK service discovery cluster through ACLs.
> Currently, the announcer does not support creating ZK nodes with ACLs. The
> Kazoo client supports ACLs, so it should be straightforward to plumb in
> support for ACLs in the announcer (how do we pass ACL credentials to the
> announcer is another question).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
