Open
Description
We currently do not support authorizing requests against HBase.
This epic is intended to track the subtasks that we need to accomplish in order to add this functionality.
For the purpose of this epic I think we can ignore authentication, which should be covered under a separate issue.
This needs serious refining, below I have added a few first thoughts around this issue that hopefully can serve as pointers during refinement:
- investigate if we can reuse the Ranger authorizer with OPA (I have some code available for this)
- adapt operator to allow enabling secure mode
- integrate with opa operator
- create opa ruleset to authorize based on data sent by authorizer
- define crds to specify access control lists for hdfs in k8s and cretae functionality for operator to translate this for opa
- much more