[
https://issues.apache.org/jira/browse/STORM-1851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15291416#comment-15291416
]
ASF GitHub Bot commented on STORM-1851:
---------------------------------------
GitHub user arunmahadevan opened a pull request:
https://github.com/apache/storm/pull/1435
[STORM-1851] Fix default nimbus impersonation authorizer config
"nimbus.impersonation.authorizer" is set to "ImpersonationAuthorizer" by
default and this causes issues when a user tries to submit topology as a
different user in secure mode since the "nimbus.impersonation.acl"
configuration is not set by default. Users need to set nimbus.impersonation.acl
first before they can submit topology as any user other than "storm" in secure
mode.
Removing this config allows users to submit topologies in secure mode as
any user by default. Users can set up impersonation by providing both
authorizer and the acls via storm.yaml.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/arunmahadevan/storm authorizer
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/storm/pull/1435.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1435
----
commit 1dc6de8817c857c97734e19861d7c85639b3499c
Author: Arun Mahadevan <[email protected]>
Date: 2016-05-19T11:34:05Z
[STORM-1851] Fix default nimbus impersonation authorizer config
"nimbus.impersonation.authorizer" is set to "ImpersonationAuthorizer" by
default and this causes issues when a user tries to submit topology as a
different user in secure mode since the "nimbus.impersonation.acl"
configuration is not set by default. Users need to set nimbus.impersonation.acl
first before they can submit topology as any user other than "storm" in secure
mode.
Removing this config allows users to submit topologies in secure mode as
any user by default. Users can set up impersonation by providing both
authorizer and the acls via storm.yaml.
----
> Nimbus impersonation authorizer in defaults.yaml causes issues in secure mode
> -----------------------------------------------------------------------------
>
> Key: STORM-1851
> URL: https://issues.apache.org/jira/browse/STORM-1851
> Project: Apache Storm
> Issue Type: Bug
> Reporter: Arun Mahadevan
> Assignee: Arun Mahadevan
> Priority: Minor
>
> "nimbus.impersonation.authorizer" is set to "ImpersonationAuthorizer" by
> default and this causes issues when a user tries to submit topology as a
> different user in secure mode since the "nimbus.impersonation.acl"
> configuration is not set by default. Users need to set
> nimbus.impersonation.acl first before they can submit topology as a user
> other than "storm" in secure mode.
> Removing this config allows users to submit topologies as any user in secure
> mode by default. Users can set up impersonation by providing both authorizer
> and the acls in storm.yaml.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
