You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/06/18 20:52:41 UTC

[GitHub] [pulsar] ltamber opened a new pull request #10969: support ranger

ltamber opened a new pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969


   Fixes #8553
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] github-actions[bot] commented on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-1058890028


   @ltamber:Thanks for your contribution. For this PR, do we need to update docs?
   (The [PR template contains info about doc](https://github.com/apache/pulsar/blob/master/.github/PULL_REQUEST_TEMPLATE.md#documentation), which helps others know more about the changes. Can you provide doc-related info in this and future PR descriptions? Thanks)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] cckellogg commented on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

cckellogg commented on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-866118937


   Thanks for your contribution but I think that this authorization plugin should not be part of the main code base. It could live in its own repo and then users can package or include it if they want to use it.  


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] codelipenghui commented on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

codelipenghui commented on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-1058889256


   The pr had no activity for 30 days, mark with Stale label.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] complone edited a comment on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

complone edited a comment on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-890431892


   @ltamber  @cckellogg 
   
   https://github.com/aries-demos/dataops/tree/master/stack-hooks/before-INSTALL/scripts/ranger
   
   The following example illustrates the following scenario
   
   > solved problem
   
   Unified authority control for hdfs, yarn, hive, spark, hbase, storm, kafka, atlas, solr, etc.
   Managed data flow
       - ```ranger-admin``` is responsible for strategy storage and provision of http restful api extensions to provide strategy and modification services
       - ```ranger-usersync``` focuses on synchronizing user and user group data from ldap to ranger
       - ```ranger-tagsync``` is responsible for synchronizing the tags on the atlas to ranger
   > Data flow of the plug-in
      - After the plug-in is allowed, http periodically (30 seconds by default) downloads the policy from ranger-admin to the local /etc/ranger
       - Through the parsing strategy, it is similar to a big hashmap. When the request comes, filter (checkPermission) for permission control
       - The result log is written back to solr, hdfs (the new version of kafka is not enabled)
   
   
   *Pulsar is also here as a component that requires permission verification. Maybe you can synchronize the tags marked by Pulsar on Atlas to ranger based on ranger-tagsync?*


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] complone edited a comment on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

complone edited a comment on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-890431892


   @ltamber  @cckellogg 
   
   About: 
   https://github.com/aries-demos/dataops/tree/master/stack-hooks/before-INSTALL/scripts/ranger
   
   https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741207
   chapter:Ranger Stacks - How to add a custom plugin?
   
   
   The following example illustrates the following scenario
   
   > solved problem
   
   Unified authority control for hdfs, yarn, hive, spark, hbase, storm, kafka, atlas, solr, etc.
   Managed data flow
       - ```ranger-admin``` is responsible for strategy storage and provision of http restful api extensions to provide strategy and modification services
       - ```ranger-usersync``` focuses on synchronizing user and user group data from ldap to ranger
       - ```ranger-tagsync``` is responsible for synchronizing the tags on the atlas to ranger
   > Data flow of the plug-in
      - After the plug-in is allowed, http periodically (30 seconds by default) downloads the policy from ranger-admin to the local /etc/ranger
       - Through the parsing strategy, it is similar to a big hashmap. When the request comes, filter (checkPermission) for permission control
       - The result log is written back to solr, hdfs (the new version of kafka is not enabled)
   
   
   *Pulsar is also here as a component that requires permission verification. Maybe you can synchronize the tags marked by Pulsar on Atlas to ranger based on ranger-tagsync?*


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] ltamber commented on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

ltamber commented on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-863867773


   /pulsarbot run-failure-checks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] complone edited a comment on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

complone edited a comment on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-890431892


   @ltamber  @cckellogg 
   
   The related implementation of ```RangerAuthorizationService``` can refer to the following link:
   
   http://mail-archives.apache.org/mod_mbox/ranger-commits/201503.mbox/%3Ca78f268998254c62be5ac9aca4f9da42@git.apache.org%3E
   
   https://www.mail-archive.com/commits@ranger.apache.org/msg02308.html


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] complone edited a comment on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

complone edited a comment on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-890431892


   @ltamber  @cckellogg 
   
   About: 
   https://github.com/aries-demos/dataops/tree/master/stack-hooks/before-INSTALL/scripts/ranger
   
   https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741207
   chapter:Ranger Stacks - How to add a custom plugin?
   
   
   The following ranger example illustrates the following problem
   
   > solved problem
   
   Unified authority control for hdfs, yarn, hive, spark, hbase, storm, kafka, atlas, solr, etc.
   Managed data flow
       - ```ranger-admin``` is responsible for strategy storage and provision of http restful api extensions to provide strategy and modification services
       - ```ranger-usersync``` focuses on synchronizing user and user group data from ldap to ranger
       - ```ranger-tagsync``` is responsible for synchronizing the tags on the atlas to ranger
   > Data flow of the plug-in
      - After the plug-in is allowed, http periodically (30 seconds by default) downloads the policy from ranger-admin to the local /etc/ranger
       - Through the parsing strategy, it is similar to a big hashmap. When the request comes, filter (checkPermission) for permission control
       - The result log is written back to solr, hdfs (the new version of kafka is not enabled)
   
   
   *Pulsar is also here as a component that requires permission verification. Maybe you can synchronize the tags marked by Pulsar on Atlas to ranger based on ranger-tagsync?*


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] complone edited a comment on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

complone edited a comment on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-890431892


   @ltamber 
   
   https://github.com/aries-demos/dataops/tree/master/stack-hooks/before-INSTALL/scripts/ranger
   
   The following example illustrates the following scenario
   
   > solved problem
   
   Unified authority control for hdfs, yarn, hive, spark, hbase, storm, kafka, atlas, solr, etc.
   Managed data flow
       - ```ranger-admin``` is responsible for strategy storage and provision of http restful api extensions to provide strategy and modification services
       - ```ranger-usersync``` focuses on synchronizing user and user group data from ldap to ranger
       - ```ranger-tagsync``` is responsible for synchronizing the tags on the atlas to ranger
   > Data flow of the plug-in
      - After the plug-in is allowed, http periodically (30 seconds by default) downloads the policy from ranger-admin to the local /etc/ranger
       - Through the parsing strategy, it is similar to a big hashmap. When the request comes, filter (checkPermission) for permission control
       - The result log is written back to solr, hdfs (the new version of kafka is not enabled)
   
   
   *Pulsar is also here as a component that requires permission verification. Maybe you can synchronize the tags marked by Pulsar on Atlas to ranger based on ranger-tagsync?*


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] complone edited a comment on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

complone edited a comment on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-890431892


   @ltamber  @cckellogg 
   
   About: 
   https://github.com/aries-demos/dataops/tree/master/stack-hooks/before-INSTALL/scripts/ranger
   
   https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741207
   chapter:Ranger Stacks - How to add a custom plugin?
   
   https://cwiki.apache.org/confluence/display/RANGER/Tag+Based+Policies
   
   
   The following ranger example illustrates the following problem
   
   > solved problem
   
   Unified authority control for hdfs, yarn, hive, spark, hbase, storm, kafka, atlas, solr, etc.
   Managed data flow
       - ```ranger-admin``` is responsible for strategy storage and provision of http restful api extensions to provide strategy and modification services
       - ```ranger-usersync``` focuses on synchronizing user and user group data from ldap to ranger
       - ```ranger-tagsync``` is responsible for synchronizing the tags on the atlas to ranger
   > Data flow of the plug-in
      - After the plug-in is allowed, http periodically (30 seconds by default) downloads the policy from ranger-admin to the local /etc/ranger
       - Through the parsing strategy, it is similar to a big hashmap. When the request comes, filter (checkPermission) for permission control
       - The result log is written back to solr, hdfs (the new version of kafka is not enabled)
   
   
   *Pulsar is also here as a component that requires permission verification. Maybe you can synchronize the tags marked by Pulsar on Atlas to ranger based on ranger-tagsync?*


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] complone commented on pull request #10969: [Broker]support ranger

Posted by GitBox <gi...@apache.org>.

complone commented on pull request #10969:
URL: https://github.com/apache/pulsar/pull/10969#issuecomment-890431892


   @ltamber 
   
   https://github.com/aries-demos/dataops/tree/master/stack-hooks/before-INSTALL/scripts/ranger
   
   
   
   The following example illustrates the following scenario
   
   > solved problem
   
       Unified authority control for hdfs, yarn, hive, spark, hbase, storm, kafka, atlas, solr, etc.
   Managed data flow
       - ```ranger-admin``` is responsible for strategy storage and provision of http restful api extensions to provide strategy and modification services
       - ```ranger-usersync``` focuses on synchronizing user and user group data from ldap to ranger
       - ```ranger-tagsync``` is responsible for synchronizing the tags on the atlas to ranger
   > Data flow of the plug-in
      - After the plug-in is allowed, http periodically (30 seconds by default) downloads the policy from ranger-admin to the local /etc/ranger
       - Through the parsing strategy, it is similar to a big hashmap. When the request comes, filter (checkPermission) for permission control
       - The result log is written back to solr, hdfs (the new version of kafka is not enabled)
   
   
   *Pulsar is also here as a component that requires permission verification. Maybe you can synchronize the tags marked by Pulsar on Atlas to ranger based on ranger-tagsync?*


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org