[
https://issues.apache.org/jira/browse/AURORA-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15197772#comment-15197772
]
Kunal Thakar commented on AURORA-1643:
--------------------------------------
Proposal:
- The Kazoo client, which is instantiated in the announcer supports
'default_acl'
(http://kazoo.readthedocs.org/en/latest/api/client.html#kazoo.client.KazooClient),
which will be used for subsequent node creations.
- The 'default_acl' can be generated by calling make_digest_acl
(http://kazoo.readthedocs.org/en/latest/api/security.html#kazoo.security.make_digest_acl).
The username, password and perms can be made available to the announcer
through a new config file or through environment variables.
> Support authentication between announcer and ZK
> -----------------------------------------------
>
> Key: AURORA-1643
> URL: https://issues.apache.org/jira/browse/AURORA-1643
> Project: Aurora
> Issue Type: Story
> Reporter: Kunal Thakar
>
> We want to restrict access to the ZK service discovery cluster through ACLs.
> Currently, the announcer does not support creating ZK nodes with ACLs. The
> Kazoo client supports ACLs, so it should be straightforward to plumb in
> support for ACLs in the announcer (how do we pass ACL credentials to the
> announcer is another question).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
