|Table of Contents|
- User Stories Documented
- User Stories Reviewed
- Design Reviewed
- APIs reviewed
- Release priorities assigned
- Test cases reviewed
- Blog post
Currently CDAP has Authentication feature for Standalone and Distributed deployments. Up until now there was no such functionality in CDAP running on Kubernetes. This feature is about bringing this capability in so that all deployments have Authentication feature available for the users.
Enable Authentication capability for CDAP on Kubernetes deployment.
- As an engineer I want to be able to configure CDAP on Kubernetes with enabled Authentication so that I can make my deployment secure.
Cover details on assumptions made, design alternatives considered, high level design
Changes on CDAP repository
Introduce a new class similar to one of the *ServiceMain classes (any class that extends from the AbstractServiceMain class) for starting the Authentication server. The code is very similar to the AuthenticationServerMain class, except the differences in Guice bindings and added dependency on Zookeeper for secret key propagation. Update RouterServiceMain class to depend on Zookeeper for access to the secret key and use distributed Security module when security is enabled.
Changes on CDAP Operator repository
An update to the CDAP operator https://github.com/cdapio/cdap-operator to introduce a new optional Authentication service, similar to the "Runtime" service.
High Level design
New Programmatic APIs
Deprecated Programmatic APIs
CLI Impact or Changes
UI Impact or Changes
Application will be more secure since owners of the platform will be able to enable authentication
Impact on Infrastructure Outages
No impact on infrastructure outages.
|Test ID||Test Description||Expected Results|
- Work #1
- Work #2
- Work #3