Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-8176

Store namespace principal in OwnerStore

    Details

    • Type: Task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.1.0
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
    • Rank:
      1|hzzt4v:

      Description

      To support namespace impersonation we added feature to take namespace principal and keytab during namespace creation. These information are stored in NamespaceMeta in NamespaceStore.

      To support app/stream/dataset level impersonation (CDAP-8110) we added a separate store called OwnerStore which store the owner principal of the entities. If a direct owner of a app/dataset/stream is not present we look up namespace meta to get the namespace owner if one was specified.

      It will be better to store the namespace owner principal in the OwnerStore rather than in namespace store.

      Note: This also need an upgrade step to migrate all the existing namespace meta which has owner to owner store.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                poorna Poorna Chandra
                Reporter:
                rsinha Rohit Sinha
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: