[EPIC] Support credential vending in Gravitino

apache / gravitino

World's most powerful open data catalog for building a high-performance, geo-distributed and federated metadata lake.

https://gravitino.apache.org

Apache License 2.0

1.09k stars 344 forks source link

[EPIC] Support credential vending in Gravitino #4398

Open jerryshao opened 3 months ago

jerryshao commented 3 months ago

Describe the proposal

As a centralized service, Gravitino should provide a mechanism to let third-party applications/service integrate with it to get temporary access to the underlying services, like S3, HDFS, HMS, etc on behalf of their users. the credential vending mechanism is heavily adopted in the cloud service. So Gravitino should provide a similar mehanism.

Task list

[x] #4992
[x] #4993
[x] #4994
[x] #5068
[ ] #5619
[ ] #5620
[ ] #5621
[ ] #5622
[ ] #5623
[ ] #5624
[ ] #5625

lw-yang commented 3 months ago

This is the Proposal of the secret management system, which should be related to credentials vending

https://docs.google.com/document/d/1CUUtUXJHU89zbaOUkQRMVTfbAS5qlg_xiz5y6kHd37s/edit

FANNG1 commented 2 months ago

based on the design of @lw-yang , proposed a new design https://docs.google.com/document/d/1fovK0ylSmI45ynrCPcnRZqzyPDn7DRNb_ExdbjVPq0k/edit