ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mneethi...@hortonworks.com>
Subject Re: Server Changes for a new Component. [WARNING: DKIM validation failed]
Date Fri, 30 Jan 2015 09:12:44 GMT
Sridhar,

To make it easier to integrate new components into Ranger, the team is
working on a pluggable-service-model implementation. This development is
being done in Œstack¹ branch of Ranger and should be ready/available for
use in a week or two. This would significantly reduce the effort needed to
add support for a new component.

Here are the high level steps to integrate a new component into Ranger:
1. Define various aspects of the service (component) - like resources,
access-types, configuration etc. in a JSON file.
2. Import the service definition to Ranger.
   After this step, it will be possible to create services (currently
called repositories) and policies in Ranger Admin.
3. Implement the plugin for the service, to:
   - intercept the resource accesses in the service
   - create an access request with details of the resource, access-type,
user, etc
   - call Ranger policy-engine to authorize the access and generate audit
   - allow or deny access to the resource based on the result returned
4. Install and configure the plugin to run in the service


Until more detailed documentation is available, I would suggest looking at
stack branch for the implementation of HDFS plugin
(RangerFSPermissionChecker.java) and Hive plugin
(RangerHiveAuthorizer.java). For details of the service-definition, you
can refer to the attached JSON for HDFS service-type.

Hope this helps.

Thanks,
Madhan

On 1/29/15, 8:37 PM, "Sridhar S" <sridharsrr2015@gmail.com> wrote:

>Hi,
> Any help on the below would be much appreciated.
>Sridhar
>
>On Sat, Jan 24, 2015 at 4:15 PM, Sridhar S <sridharsrr2015@gmail.com>
>wrote:
>
>> Hi,
>>  I am attempting to create a new component with the following policy -
>> User Permissions would have a list of users with allowed datatypes for
>>each
>> user. Other fields such as name, audit logging remain the same as in the
>> existing HDFS policy details.  I would like to first code the server
>> changes to the new component and test it independently of the front end.
>>  Which file/enum should i create the new repositoryType in?
>>  Since there are no new fields (permList of VXPermObj can store the list
>> of allowed datatypes), i do not have to change the VXPolicy or
>>VXRepository
>> nor the entity objects. Is this assumption correct?
>>  Any help appreciated.
>> Sridhar
>>
>
>
>
>-- 
>Sridhar


Mime
View raw message