Versions Compared

Old Version 16

changes.mady.by.user Nishith Nand

Saved on

compared with

New Version 17

changes.mady.by.user Nishith Nand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejava
titleSecure Store Programmatic API
// Represents the metadata about the data
interface SecureStoreMetaData {
  String getName();
  String getDescription();
  long getLastModifiedTime();
  Map<String, String> getProperties();
}
 
// Represents the secure data
interface SecureStoreData {
  // Returns the meta data about the secure data
  SecureStoreMetaData getMetaData();
 
  // Returns the secure data
  byte[] get();
}
 
// Provides read-only access to secure store
interface SecureStore {
  // Returns a map with names as key and descriptions as the value of available 
  // secure data in the store.
  Map<String, String> list();
  // Returns a list of metadata objects for the list of data items
  List<SecureStoreMetaData> getMetadata(List<String> namesString namespace);
 
  // Gets the secure data
  SecureStoreData get(String namespace, String name);
}
 
// Manager interface for managing secure data
interface SecureStoreManager {
  // Stores the secure data
  void put(String namespace, String name, byte[] data, Map<String, String> properties);
 
  // Remove the secure data
  void delete(String namespace, String name);
}

 

REST API

GET /v3/security/store/namespaces/<namespace>/keys/metadata?key=<key-name>&key=<key-name>,

200 OK

Content-Type: application/json

[ { "name" : "<name>" "description" : " <description>" "created" : <millis-epoch> //long "properties" : { "key" : "value" ... } } { "name" : "<name>" "description" : "<description>" "created" : <millis-epoch> //long "properties" : { "key" : "value" ... } }
OperationREST APIBodyResponse
PutPUT /v3/security/store/namespaces/<namespace>/key

Content-Type: application/json

Code Block
titlePut Data
{
  "name"        :  "<name>"
  "description" :  "<description>"
  "data"        :  "<data>"  //utf-8
  "properties"  :  {
    "key"  :  "value"
	...
  }
}

200 OK

DeleteDELETE /v3/security/store/namespaces/<namespace>/keys/<key-name>N/A

200 OK

404 Not Found

Get

GET /v3/security/store/namespaces/<namespace>/keys/<key-name>

N/A

200 OK

Content-Type: application/json

Code Block
{
  "name"  :  "<name>"
  "data"  :  "<data>"  //utf-8
}

404 Not Found

Get MetadataGET /v3/security/store/namespaces/<namespace>/keys/<key-name>/metadataN/A

200 OK

Content-Type: application/json

Code Block
{
  "name"        :  "<name>"
  "description" :  "<description>"
  "created"     :  <millis-epoch> //long
  "properties"  :  {
    "key"  :  "value"
	...
  }
}

404 Not Found

ListGET /v3/security/store/namespaces/<namespace>/keys/N/A

200 OK

Content-Type: application/json

Code Block
[
  {
	"name"        : "<name>"
	"description" : "<description>"
  }
  {
	"name"        : "<name>"
	"description" : "<description>"

  }
  {
	"name"        : "<name>"
	"description" : "<description>"

  }
  ...
]
Get multiple Metadata
...
N/A
Code Block

]

 

 

Access Control

The secure store can be protected with a key in the CDAP master keystore, which CDAP already requires the user to provide in order to have SSL enabled. Since the program will be executed in the same JVM as the SDK process, access to the sensitive data can be done directly through the proper Guice binding that binds the SecureStore interface to the actual implementation.

...