...
- As a Hue admin, I should be able to easily configure CDAP as a plugin app in the Hue system
- As a CDAP user or a CDAPadmin, I should be able to explore all the entities of CDAP (ex: Namespaces, Streams, Programs etc.) in Cloudera Hue's UI.
- As a CDAP user, I should be able to perform all the ACL management operations provided by Apache Sentry through Cloudera Hue's admin UI.
- CDAP superusers can manage all the rules
- A user/groups who have ADMIN on one entity can give ACL on that entity to other users/groups
Scenerios
#Scenario 1
A user (typically a CDH usersuser) who are is using Hue for exploring and managing ACL and other operations for all the different services on their cluster prefers . He would prefer to use Hue and the consistent UI to manage ACLs for CDAP from a central place rather than separately in CDAP UI.
Design
The system utilize This integration application will be part of the Cloudera Hue's interface to manage the access control configuration between CDAP and Apache Sentry. The Hue/app itself does not store any state during this process.
...
| URL | Response |
|---|---|
| GET /cdap/ | index.mako (main page) |
| GET /cdap/details/path/to/entity/entity_id/ | json of entity properties |
| GET /cdap/acl/path/to/entity/entity_id/ | json of entity ACLs |
| POST /cdap/acl/add/entity_id/ --data {groupid, operation} | 200 ok / 500 error |
| POST /cdap/acl/revoke/entity_id/ --data {groupid} | 200 ok / 500 error |
Out of Scope
In the above design, the system only supports listing all entities in CDAP and perform ACL management on these entities, while there is no full-support for manage the entities. These cases are listed as below and might be supported in the future.
...