...
As shown in the above diagram, the CDAP and SENTRY support are configured as a plugin app installed in the Hue system. Hue's front system is implemented in Django, which provides good isolation and extension for multiple apps running together in a web service. A separate panel section will be created in the Hue's default UI for related operations. This app will communicate with the CDAP system through CDAP's restful api service. All the live entities will be displayed in Hue's UI. Communication with Apache SENTRY is enabled by SENTRY's thrift service. When admin grants/ evokes certain privileges through the Hue UI, it will be propagated to the SENTRY system and take effects on the further request coming from CDAP.
UI Mockup
Configuration
One possible UI layout is shown below. All the entities in CDAP can be listed hierarchically in the left. When click on one specific entity, user is able to view the detailed properties of this entity and manage the acl rules associated with this entity. The actual UI may vary in colors and relative layout of elements but stick to this concept.
Configuration
To configure the CDAP app in HUE, simply run ''' '''
Code Block | ||||
---|---|---|---|---|
| ||||
interface AuthEnforcer {
/**
* Enforces authorization for the specified {@link Principal} for the specified {@link Action} on the specified {@link EntityId}.
*
* @param principal the principal that performs the actions. This could be a user, group or a role
* @param entity the entity on which an action is being performed
* @param action the action being performed
* @throws AuthorizationException if the principal is not authorized to perform action on the entity
*/
void enforce(Principal principal, EntityId entity, Action action) throws AuthorizationException;
} |
Prototype