...

JIRA : SQOOP-1834 and its sub tickets, SQOOP-2048 and its sub tickets

Problem

Sqoop 2 needs a pluggable role based access controller (RBAC), which is responsible for the authorization to Sqoop 2 resources, such as server, connector, link, job, etc.

...

...

• Restful call API is handled by org.apache.sqoop.handler.AuthorizationEngine.java in sqoop-server
  • PUT POST /authorization/roleroles/create
    
    • Create new role with role_{name}
  • DELETE /authorization/role/{role_-name}
    
    
  • GET /authorization/roleroles
    • Show all roles
  • GET /authorization/principalprincipals?role_name={role_name}
    
    • Show all principals in role with {role_name}
  • GET /authorization/roleroles?principal_type={type}&principal_name={name}
    
    • Show all roles in principal with {name, type}
  • PUT /authorization/roles/grant_role
    • Grant a role to a user/group/role
    • PUT data of JsonObject role(role_name) and principal (name, type)
  • PUT /authorization/roles/revoke_role
    • Revoke a role to a user/group/role
    • PUT data of JsonObject role(role_name) and principal (name, type)
  • PUT /authorization/privileges/grant_privilege
    • Grant a privilege to a principal
    • PUT data of JsonObject principal(name, type) and privilege (resource (-name, resource-type), action, with_-grant_-option)
  • PUT /authorization/privileges/revoke_privilege
    • Revoke a privilege to a principal
    • PUT data of JsonObject principal(name, type) and privilege (resource (-name, resource-type), action, with_-grant_-option)
    • If privilege is null, then revoke all privileges for principal(name, type)
  • GET /authorization/privilegeprivileges?principal_type={type}&principal_name={name}&resource_type={type}&resource_name={name}
    • Show all privileges in principal with {name, type} and resource with {resource_-name, resource_-type}
    • If resource is null, then show all privileges in principal with {name, type}

...