Elgato_dark/zeppelin
1
0
Fork 0
mirror of https://github.com/apache/zeppelin synced 2026-05-24 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeppelin/docs/security/datasource_authorization.md
AhyoungRyu d87f2e5dfb [ZEPPELIN-1054] Improve "Credentials" UI 
### What is this PR for?
Currently, users can add new their credential info for data source authentication in Zeppelin "Credentials" menu. Even though it was saved successfully, they can't see the whole list of credentials in Zeppelin UI.
This PR enables to `get` all credential list, `edit` and `remove` via UI.

*NOTE : Since this patch was implemented based on #1030 API, should be tested after #1030 merged.*

### What type of PR is it?
Improvement & Documentation

### Todos
* [x] - rename `interpreter_authorization.md` -> `datasource_authorization.md`
* [x] - remove `Interpreter Authorization` section (since we don't have this feature yet : [ZEPPELIN-945](https://issues.apache.org/jira/browse/ZEPPELIN-945))
* [x] - rebase after #1030 & #1064 merged
* [ ] - address reviews

### What is the Jira issue?
[ZEPPELIN-1054](https://issues.apache.org/jira/browse/ZEPPELIN-1054)

### How should this be tested?
1. Apply this patch and build `zeppelin-web` as described in [here](https://github.com/apache/zeppelin/tree/master/zeppelin-web#configured-environment).
2. Go to `Credentials` menu.
3. Add new credentials -> you can see the credential info in the credential list table.
4. You can edit & delete them. -> Compare with `conf/credentials.json`

### Screenshots (if appropriate)
- Before
<img width="952" alt="screen shot 2016-06-28 at 12 37 10 am" src="https://cloud.githubusercontent.com/assets/10060731/16407604/69b0c4d8-3cc9-11e6-8284-9abe2969cdc1.png">

- After
![add_credential](https://cloud.githubusercontent.com/assets/10060731/16576765/3671aa16-42cc-11e6-9d9f-dfe1f33f8d37.gif)
If there is no credential
<img width="957" alt="screen shot 2016-06-28 at 12 19 46 am" src="https://cloud.githubusercontent.com/assets/10060731/16407620/7838995e-3cc9-11e6-90ba-1bd0173a1b49.png">

- `datasource_authorization.md`
<img width="845" alt="screen shot 2016-06-28 at 7 58 24 pm" src="https://cloud.githubusercontent.com/assets/10060731/16439169/d4026034-3d6a-11e6-930f-86de12e5fc49.png">
<img width="851" alt="screen shot 2016-06-28 at 7 58 44 pm" src="https://cloud.githubusercontent.com/assets/10060731/16439170/d62f2842-3d6a-11e6-9d3f-ecc5cda29c77.png">
<img width="846" alt="screen shot 2016-06-28 at 8 00 20 pm" src="https://cloud.githubusercontent.com/assets/10060731/16439200/fed58390-3d6a-11e6-9aa2-8cff5a1b7b66.png">

### Questions:
* Does the licenses files need update? no
* Is there breaking changes for older versions? no
* Does this needs documentation? yes

Author: AhyoungRyu <fbdkdud93@hanmail.net>

Closes #1100 from AhyoungRyu/ZEPPELIN-1054 and squashes the following commits:

7c38c90 [AhyoungRyu] Fix checkstyle error with jscs rule
ab9814c [AhyoungRyu] Remove cancelCredentialInfoUpdate()
899bb15 [AhyoungRyu] Fix a bug reported by @Leemoonsoo
57cb280 [AhyoungRyu] Make focusing to text inputbox after update cancel
cea8c93 [AhyoungRyu] Fix typos in datasource_authorization.md
cc72ae8 [AhyoungRyu] update xeditable license version
c100a64 [AhyoungRyu] Delete interpreter_authorization.md
304e684 [AhyoungRyu] Add datasource_authorization.md docs
5768604 [AhyoungRyu] Add datasource_authorization.md to index & navi menu
64bf6fe [AhyoungRyu] Update angular-xeditable version
573c3d1 [AhyoungRyu] Enable credential info to get list, edit and remove via UI
2016-07-11 18:18:42 +09:00

3 KiB
Raw Blame History

layout title description group
page Data Source Authorization Data Source Authorization security

Data Source Authorization in Apache Zeppelin

Overview

Data source authorization involves authenticating to the data source like a Mysql database and letting it determine user permissions. Apache Zeppelin allows users to use their own credentials to authenticate with Data Sources.

For example, let's assume you have an account in the Vertica databases with credentials. You might want to use this account to create a JDBC connection instead of a shared account with all users who are defined in conf/shiro.ini. In this case, you can add your credential information to Apache Zeppelin and use them with below simple steps.

How to save the credential information?

You can add new credentials in the dropdown menu for your data source which can be passed to interpreters.

Entity can be the key that distinguishes each credential sets. Type Username & Password for your own credentials. ex) user & password of Mysql

The credentials saved as per users defined in conf/shiro.ini. If you didn't activate shiro authentication in Apache Zeppelin, your credential information will be saved as anonymous. All credential information also can be found in conf/credentials.json.

JDBC interpreter

You need to maintain per-user connection pools. The interpret method takes the user string as a parameter and executes the jdbc call using a connection in the user's connection pool.

Presto

You don't need a password if the Presto DB server runs backend code using HDFS authorization for the user.

Vertica and Mysql

You have to store the password information for users.

Please note

As a first step of data source authentication feature, ZEPPELIN-828 was proposed and implemented in Pull Request #860. Currently, only customized 3rd party interpreters can use this feature. We are planning to apply this mechanism to the community interpreters in the near future. Please keep track ZEPPELIN-1070.