...
Publicly routed REST APIs in AppFabric Service
Application Deployment
...
Applications with non-existing dataset
- Client --> RouterRouter HTTP:
deployApp(artifact, appConfig)
- Router --> AppFabricAppFabric HTTP:
deployApp(artifact, appConfig, SecurityRequestContext.userId)
- AppFabric --> AuthEnforcer:
!authorized(SecurityRequestContext(.userId) ) ? UnauthorizedException
- AppFabric --> AppFabric:
doAs(namespace, deploy(jar, config))
- AppFabric --> DatasetServiceClient:
createDataset()
- DatasetServiceClient --> DatasetServiceDatasetService HTTP
: createDataset(ds, Header(CDAP-UserId=SecurityRequestContext.userId))
- DatasetService --> AuthEnforcer
: !authorized(SecurityRequestContext.userId) ? UnauthorizedException
- DatasetService --> AuthorizerAuthorizer Thrift:
revoke(ds); grant(ds, SecurityRequestContext SecurityRequestContext.userId, ALL)
- DatasetService --> DatasetOpExecutorDatasetOpExecutor HTTP:
success = doAs doAs(namespace, createDataset(ds))
- DatasetService --> AuthorizerAuthorizer Thrift:
!success ? revoke(ds)
- DatasetService --> AppFabric --> Router --> Client HTTP:
result
Applications with existing dataset
- Client --> Router HTTP:
deployApp(artifact, appConfig)
- Router --> AppFabric HTTP:
deployApp(artifact, appConfig, SecurityRequestContext.userId)
- AppFabric --> AuthEnforcer:
!authorized(SecurityRequestContext.userId) ? UnauthorizedException
- AppFabric --> AppFabric:
doAs(namespace, deploy(jar, config))
- AppFabric --> DatasetServiceClient: !
compatibleUpdate ? IncompatibleException
- DatasetServiceClient --> DatasetService HTTP
: update(ds, Header(CDAP-UserId=SecurityRequestContext.userId))
- DatasetService --> AuthEnforcer
: !authorized(SecurityRequestContext.userId) ? UnauthorizedException
- DatasetService --> DatasetService:
success = update(ds)
- DatasetService --> AppFabric --> Router --> ClientClient HTTP:
result
Applications with non-existing streams
Applications with existing streams
Namespace Creation
Namespace Deletion
...