Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Task marked complete

...

  1. Key Management

  2. Secure impersonation
  3. Authorization of dataset and stream access
  4. Authorization for listing and viewing entities
  5. Ability to map a namespace to user-provided storage provider namespaces
  6. Cross-namespace dataset access
  7. Support long-running programs in secure (kerberos) mode

Checklist

  •  User stories documented (Rohit/Ali/Bhooshan)
  •  User stories reviewed (Nitin)
  •  Design documented (Rohit/Ali/Bhooshan)
  •  Design reviewed (Andreas)
  •  Feature merged (Rohit/Ali/Bhooshan)
  •  Examples and guides (Rohit)
  •  Integration tests (Ali) 
  •  Documentation for feature (Bhooshan)
  •  Blog post 

User Stories

Scenarios

Scenario #1

Scenario #2

Scenario #3

Entities, Operations and Privileges

EntityOperationRequired PrivilegesResultant Privileges
NamespacecreateADMIN (Instance)ADMIN (Namespace)
 updateADMIN (Namespace) 
 listREAD (Instance) 
 getREAD (Namespace) 
 deleteADMIN (Namespace) 
 set preferenceWRITE (Namespace) 
 get preferenceREAD (Namespace) 
 searchREAD (Namespace) 
ArtifactaddWRITE (Namespace)ADMIN (Artifact)
 deleteADMIN (Artifact) 
 getREAD (Artifact) 
 listREAD (Namespace) 
 write propertyADMIN (Artifact) 
 delete propertyADMIN (Artifact) 
 get propertyREAD (Artifact) 
 refreshWRITE (Instance) 
 write metadataADMIN (Artifact) 
 read metadataREAD (Artifact) 
ApplicationdeployWRITE (Namespace)ADMIN (Application)
 getREAD (Application) 
 listREAD (Namespace) 
 updateADMIN (Application) 
 deleteADMIN (Application) 
 set preferenceWRITE (Application) 
 get preferenceREAD (Application) 
 add metadataADMIN (Application) 
 get metadataREAD (Application) 
Programsstart/stop/debugEXECUTE (Program) 
 set instancesADMIN (Program) 
 listREAD (Namespace) 
 set runtime argsEXECUTE (Program) 
 get runtime argsREAD (Program) 
 get instancesREAD (Program) 
 set preferenceADMIN (Program) 
 get preferenceREAD (Program) 
 get statusREAD (Program) 
 get historyREAD (Program) 
 add metadataADMIN (Program) 
 get metadataREAD (Program) 
 emit logsWRITE (question) (Program) 
 view logsREAD (Program) 
 emit metricsWRITE (question) (Program) 
 view metricsREAD (Program) 
StreamscreateWRITE (Namespace)ADMIN (Stream)
 update propertiesADMIN (Stream) 
 deleteADMIN (Stream) 
 truncateADMIN (Stream) 
 enqueue
asyncEnqueue
batch
WRITE (Stream) 
 getREAD (Stream) 
 listREAD (Namespace) 
 read eventsREAD (Stream) 
 set preferencesADMIN (Stream) 
 get preferencesREAD (Stream) 
 add metadataADMIN (Stream) 
 get metadataREAD (Stream) 
 view lineageREAD (Stream) 
 emit metricsWRITE (question) (Stream) 
 view metricsREAD (Stream) 
DatasetslistREAD (Namespace) 
 getREAD (Dataset) 
 createWRITE (Namespace)ADMIN (Dataset)
 updateADMIN (Dataset) 
 dropADMIN (Dataset) 
 executeAdmin (exists/truncate/upgrade)ADMIN (Dataset) 
 add metadataADMIN (Dataset) 
 get metadataREAD (Dataset) 
 view lineageREAD (Dataset) 
 emit metricsWRITE (question) (Dataset) 
 view metricsREAD (Dataset) 

NOTE: Cells marked green were done in 3.4

Design

Hue Integration

Testing

Installation

Questions

Out-of-scope User Stories (3.5 and beyond)

  1. As a CDAP admin, I should be able to authorize reads/writes to datasets
  2. As a CDAP admin, I should be able to authorize metadata changes to CDAP entities
  3. As a CDAP system, I should be able to push down ACLs to storage providers
  4. As a CDAP admin, I should be able to authorize reads/writes to custom datasets
  5. As a CDAP system, I should be able to judge, document and improve the performance impact of authorization
  6. As a CDAP authorization system, I should be able to interact with an external authentication system
  7. As a CDAP admin, I should be able to use external UIs like Hue for ACL Management
  8. As a CDAP admin, I should be able to see an audit log of all authorization-related changes in CDAP
  9. As a CDAP admin, I should be able to authorize all thrift-based traffic, so transaction management is also authorized.

...

  1. As a CDAP security admin, I want CDAP programs to be run as the user running the program, and not as the headless "cdap" user. (User Impersonation)
  2. As a CDAP user, I would like to specify a user for a namespace and all program running in that namespace should be run as the specified user. (User Impersonation)
  3. As a CDAP/Hydrator security admin, I want all sensitive information like passwords not be stored in plaintext. (Key Management)
  4. As a CDAP security admin, I want all operations on datasets/streams to be governed by my configured authorization system. (Authorization)
  5. As a CDAP security admin, I want list operations for all CDAP entities to only return entities that the logged-in user is authorized to view. (Authorization)
  6. As a CDAP security admin, I want view operations for a CDAP entity to only succeed if the logged-in user is authorized to view that entity (Authorization)
  7. As a CDAP user, I would like to specify the namespace in an underlying storage provider (e.g. HBase namespace, Hive database) to use for a particular CDAP namespace. (Namespaces)
  8. As a CDAP admin, I want to allow users to access a dataset from a program in a different namespace, as long as the said user is authorized to access that dataset. (Namespaces)
  9. As a CDAP user, I want to be able to run long running Mapreduce, Spark or Hive programs on a secure (kerberos-enabled) cluster.

Design

Hue Integration

Namespace - Security 3.5

Authorization - CDAP 3.5

Secure Impersonation - Security 3.5