Notice: This is an early release of the GCP Token Broker. This project might be changed in backward-incompatible ways and is not subject to any SLA or deprecation policy.
The GCP Token Broker enables end-to-end Kerberos security and Cloud IAM integration for Hadoop workloads on Google Cloud Platform (GCP).
This project aims to achieve the following goals:
This project also strives to address the following requirements, which many enterprise customers have when they're looking to migrate on-premise workloads to the cloud:
See the full documentation here.
This repository contains:
apps: Server applications, including:
authorizer: Web UI for the OAuth flow that users must go through to authorize the broker service.
broker: The broker service itself.
deploy: Helm charts for deploying the broker service and the authorizer app to a Kubernetes cluster.
docs: Technical documentation for this project.
connector: Extension for the GCS Connector to allow Hadoop to communicate with the broker.
init-action: Initialization action to install the broker dependencies in a Cloud Dataproc cluster.
load-testing: Scripts for running loads tests for the broker service.
terraform: Terraform scripts to deploy a sample demo environment. This is provided only as a reference and should not be used as-is in production.
Included in the current early release:
Plans for the stable releases:
Plans for future releases:
We'd love to accept your patches and contributions to this project. There are just a few small guidelines you need to follow. See the contributing guide for more details.