You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Sridhar S <sr...@gmail.com> on 2015/01/24 11:45:13 UTC
Server Changes for a new Component.
Hi,
I am attempting to create a new component with the following policy - User
Permissions would have a list of users with allowed datatypes for each
user. Other fields such as name, audit logging remain the same as in the
existing HDFS policy details. I would like to first code the server
changes to the new component and test it independently of the front end.
Which file/enum should i create the new repositoryType in?
Since there are no new fields (permList of VXPermObj can store the list of
allowed datatypes), i do not have to change the VXPolicy or VXRepository
nor the entity objects. Is this assumption correct?
Any help appreciated.
Sridhar
Re: Server Changes for a new Component. [WARNING: DKIM validation failed]
Posted by Sridhar S <sr...@gmail.com>.
Hi Madhan,
It is indeed nice to note a pluggable component is coming up. Thanks
very much for the pointers.
Sridhar
On Fri, Jan 30, 2015 at 2:42 PM, Madhan Neethiraj <
mneethiraj@hortonworks.com> wrote:
> Sridhar,
>
> To make it easier to integrate new components into Ranger, the team is
> working on a pluggable-service-model implementation. This development is
> being done in Œstack¹ branch of Ranger and should be ready/available for
> use in a week or two. This would significantly reduce the effort needed to
> add support for a new component.
>
> Here are the high level steps to integrate a new component into Ranger:
> 1. Define various aspects of the service (component) - like resources,
> access-types, configuration etc. in a JSON file.
> 2. Import the service definition to Ranger.
> After this step, it will be possible to create services (currently
> called repositories) and policies in Ranger Admin.
> 3. Implement the plugin for the service, to:
> - intercept the resource accesses in the service
> - create an access request with details of the resource, access-type,
> user, etc
> - call Ranger policy-engine to authorize the access and generate audit
> - allow or deny access to the resource based on the result returned
> 4. Install and configure the plugin to run in the service
>
>
> Until more detailed documentation is available, I would suggest looking at
> stack branch for the implementation of HDFS plugin
> (RangerFSPermissionChecker.java) and Hive plugin
> (RangerHiveAuthorizer.java). For details of the service-definition, you
> can refer to the attached JSON for HDFS service-type.
>
> Hope this helps.
>
> Thanks,
> Madhan
>
> On 1/29/15, 8:37 PM, "Sridhar S" <sr...@gmail.com> wrote:
>
> >Hi,
> > Any help on the below would be much appreciated.
> >Sridhar
> >
> >On Sat, Jan 24, 2015 at 4:15 PM, Sridhar S <sr...@gmail.com>
> >wrote:
> >
> >> Hi,
> >> I am attempting to create a new component with the following policy -
> >> User Permissions would have a list of users with allowed datatypes for
> >>each
> >> user. Other fields such as name, audit logging remain the same as in the
> >> existing HDFS policy details. I would like to first code the server
> >> changes to the new component and test it independently of the front end.
> >> Which file/enum should i create the new repositoryType in?
> >> Since there are no new fields (permList of VXPermObj can store the list
> >> of allowed datatypes), i do not have to change the VXPolicy or
> >>VXRepository
> >> nor the entity objects. Is this assumption correct?
> >> Any help appreciated.
> >> Sridhar
> >>
> >
> >
> >
> >--
> >Sridhar
>
>
--
Sridhar
Re: Server Changes for a new Component. [WARNING: DKIM validation
failed]
Posted by Madhan Neethiraj <mn...@hortonworks.com>.
Sridhar,
To make it easier to integrate new components into Ranger, the team is
working on a pluggable-service-model implementation. This development is
being done in Œstack¹ branch of Ranger and should be ready/available for
use in a week or two. This would significantly reduce the effort needed to
add support for a new component.
Here are the high level steps to integrate a new component into Ranger:
1. Define various aspects of the service (component) - like resources,
access-types, configuration etc. in a JSON file.
2. Import the service definition to Ranger.
After this step, it will be possible to create services (currently
called repositories) and policies in Ranger Admin.
3. Implement the plugin for the service, to:
- intercept the resource accesses in the service
- create an access request with details of the resource, access-type,
user, etc
- call Ranger policy-engine to authorize the access and generate audit
- allow or deny access to the resource based on the result returned
4. Install and configure the plugin to run in the service
Until more detailed documentation is available, I would suggest looking at
stack branch for the implementation of HDFS plugin
(RangerFSPermissionChecker.java) and Hive plugin
(RangerHiveAuthorizer.java). For details of the service-definition, you
can refer to the attached JSON for HDFS service-type.
Hope this helps.
Thanks,
Madhan
On 1/29/15, 8:37 PM, "Sridhar S" <sr...@gmail.com> wrote:
>Hi,
> Any help on the below would be much appreciated.
>Sridhar
>
>On Sat, Jan 24, 2015 at 4:15 PM, Sridhar S <sr...@gmail.com>
>wrote:
>
>> Hi,
>> I am attempting to create a new component with the following policy -
>> User Permissions would have a list of users with allowed datatypes for
>>each
>> user. Other fields such as name, audit logging remain the same as in the
>> existing HDFS policy details. I would like to first code the server
>> changes to the new component and test it independently of the front end.
>> Which file/enum should i create the new repositoryType in?
>> Since there are no new fields (permList of VXPermObj can store the list
>> of allowed datatypes), i do not have to change the VXPolicy or
>>VXRepository
>> nor the entity objects. Is this assumption correct?
>> Any help appreciated.
>> Sridhar
>>
>
>
>
>--
>Sridhar
Re: Server Changes for a new Component.
Posted by Sridhar S <sr...@gmail.com>.
Hi,
Any help on the below would be much appreciated.
Sridhar
On Sat, Jan 24, 2015 at 4:15 PM, Sridhar S <sr...@gmail.com> wrote:
> Hi,
> I am attempting to create a new component with the following policy -
> User Permissions would have a list of users with allowed datatypes for each
> user. Other fields such as name, audit logging remain the same as in the
> existing HDFS policy details. I would like to first code the server
> changes to the new component and test it independently of the front end.
> Which file/enum should i create the new repositoryType in?
> Since there are no new fields (permList of VXPermObj can store the list
> of allowed datatypes), i do not have to change the VXPolicy or VXRepository
> nor the entity objects. Is this assumption correct?
> Any help appreciated.
> Sridhar
>
--
Sridhar