ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sridhar S <sridharsrr2...@gmail.com>
Subject Re: Server Changes for a new Component. [WARNING: DKIM validation failed]
Date Fri, 30 Jan 2015 11:17:21 GMT
Hi Madhan,
   It is indeed nice to note a pluggable component is coming up. Thanks
very much for the pointers.
Sridhar

On Fri, Jan 30, 2015 at 2:42 PM, Madhan Neethiraj <
mneethiraj@hortonworks.com> wrote:

> Sridhar,
>
> To make it easier to integrate new components into Ranger, the team is
> working on a pluggable-service-model implementation. This development is
> being done in Œstack¹ branch of Ranger and should be ready/available for
> use in a week or two. This would significantly reduce the effort needed to
> add support for a new component.
>
> Here are the high level steps to integrate a new component into Ranger:
> 1. Define various aspects of the service (component) - like resources,
> access-types, configuration etc. in a JSON file.
> 2. Import the service definition to Ranger.
>    After this step, it will be possible to create services (currently
> called repositories) and policies in Ranger Admin.
> 3. Implement the plugin for the service, to:
>    - intercept the resource accesses in the service
>    - create an access request with details of the resource, access-type,
> user, etc
>    - call Ranger policy-engine to authorize the access and generate audit
>    - allow or deny access to the resource based on the result returned
> 4. Install and configure the plugin to run in the service
>
>
> Until more detailed documentation is available, I would suggest looking at
> stack branch for the implementation of HDFS plugin
> (RangerFSPermissionChecker.java) and Hive plugin
> (RangerHiveAuthorizer.java). For details of the service-definition, you
> can refer to the attached JSON for HDFS service-type.
>
> Hope this helps.
>
> Thanks,
> Madhan
>
> On 1/29/15, 8:37 PM, "Sridhar S" <sridharsrr2015@gmail.com> wrote:
>
> >Hi,
> > Any help on the below would be much appreciated.
> >Sridhar
> >
> >On Sat, Jan 24, 2015 at 4:15 PM, Sridhar S <sridharsrr2015@gmail.com>
> >wrote:
> >
> >> Hi,
> >>  I am attempting to create a new component with the following policy -
> >> User Permissions would have a list of users with allowed datatypes for
> >>each
> >> user. Other fields such as name, audit logging remain the same as in the
> >> existing HDFS policy details.  I would like to first code the server
> >> changes to the new component and test it independently of the front end.
> >>  Which file/enum should i create the new repositoryType in?
> >>  Since there are no new fields (permList of VXPermObj can store the list
> >> of allowed datatypes), i do not have to change the VXPolicy or
> >>VXRepository
> >> nor the entity objects. Is this assumption correct?
> >>  Any help appreciated.
> >> Sridhar
> >>
> >
> >
> >
> >--
> >Sridhar
>
>


-- 
Sridhar

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message