Checklist
Currently CDAP has Authentication feature for Standalone and Distributed deployments. Up until now there was no such functionality in CDAP running on Kubernetes. This feature is about bringing this capability in so that all deployments have Authentication feature available for the users.
Enable Authentication capability for CDAP on Kubernetes deployment.
Introduce a new class similar to one of the *ServiceMain classes (any class that extends from the AbstractServiceMain class) for starting the Authentication server. The code is very similar to the AuthenticationServerMain class, except the differences in Guice bindings and added dependency on Zookeeper for secret key propagation. Update RouterServiceMain class to depend on Zookeeper for access to the secret key and use distributed Security module when security is enabled.
An update to the CDAP operator https://github.com/cdapio/cdap-operator to introduce a new optional Authentication service, similar to the "Runtime" service.
None
None
None
None
Application will be more secure since owners of the platform will be able to enable authentication
No impact on infrastructure outages.
Test ID | Test Description | Expected Results |
---|---|---|