acl for zookeeper is added #2190
Conversation
|
Looks reasonable. Thanks for the patch! Can you add some basic testing in |
|
👍 Do you mind signing the CLA here? http://druid.io/community/cla.html |
|
@fjy just signed. |
|
@drcrallen Do you mean something like testHostName()? I'm confused because I can't see any tests for zkSessionTimeoutMs and enableCompression parameters. |
|
@drcrallen Same thoughts here. We have to create the framework so it is easy for contributors to add their UT. |
|
@genevien with just this, how is zookeeper server going to identify the connecting user to be able to enforce ACL ? |
|
@himanshug on my local environment I have configured zookeeper server according to https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL and I have run druid process setting "-Djava.security.auth.login.config=/path/to/client/jaas/file.conf" |
|
@genevien thanks, can you also update https://github.com/druid-io/druid/blob/master/server/src/test/java/io/druid/curator/CuratorConfigTest.java to check that serde for acl attribute is working as expected. |
|
@genevien can you update the documentation to reflect this new setting? |
|
@himanshug @xvrl sure, I will do it after the weekends. |
With this patch you can enable ACL security for zookeeper. By default it will be disabled. In order to enable it you should add this line in your druid properties file:
druid.zk.service.acl=true