[jira] [Commented] (BOOKKEEPER-390) Provide support for ZooKeeper authentication

Wed, 09 Nov 2016 08:24:08 -0800 

    [ 
https://issues.apache.org/jira/browse/BOOKKEEPER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15651343#comment-15651343
 ] 

Enrico Olivelli commented on BOOKKEEPER-390:
--------------------------------------------

I have pushed my first PR for this issue.

Some questions:
- do we have to provide a command-line tool to apply ACLs to existing z-nodes ?
- how many test  cases are needed ? I have attached one only simple test case 
which touches the addEntry feature

As soon as next Apache Curator will be relased we can switch to it and clean up 
the test, which sets directly a system property used internally by ZooKeeper to 
enable SASL authentication

> Provide support for ZooKeeper authentication
> --------------------------------------------
>
>                 Key: BOOKKEEPER-390
>                 URL: https://issues.apache.org/jira/browse/BOOKKEEPER-390
>             Project: Bookkeeper
>          Issue Type: New Feature
>          Components: bookkeeper-client, bookkeeper-server
>    Affects Versions: 4.0.0
>            Reporter: Rakesh R
>            Assignee: Enrico Olivelli
>             Fix For: 4.5.0
>
>         Attachments: BOOKKEEPER-390-Acl-draftversion.patch, 
> BOOKKEEPER-390-Authentication-interfaces-draftversion.patch
>
>
> This JIRA adds support for protecting the state of Bookkeeper znodes on a 
> multi-tenant ZooKeeper cluster.
> Use case: When user tries to run a ZK cluster in multitenant mode,  where 
> more than one client service would like to share a single ZK service instance 
> (cluster). In this case the client services typically want to protect their 
> data (ZK znodes) from access by other services (tenants) on the cluster. Say 
> you are running BK, HBase or ZKFC instances, etc... having 
> authentication/authorization on the znodes is important for both security and 
> helping to ensure that services don't interact negatively (touch each other's 
> data).
> Presently Bookkeeper does not have support for authentication or 
> authorization while accessing to ZK. This should be added to the BK 
> clients/server that are accessing the ZK cluster. In general it means calling 
> addAuthInfo once after a session is established



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to