This is an automated email from the ASF dual-hosted git repository.

spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 9b8eaa3  RANGER-2325: Incorporated review comments and removed some 
unnecessary white spaces
9b8eaa3 is described below

commit 9b8eaa3d3179e13fceb896f677debb248b9529f0
Author: Sailaja Polavarapu <[email protected]>
AuthorDate: Tue Jul 30 15:30:18 2019 -0700

    RANGER-2325: Incorporated review comments and removed some unnecessary 
white spaces
---
 .../plugin/store/EmbeddedServiceDefsUtil.java      |   8 +-
 .../service-defs/ranger-servicedef-ozone.json      | 282 +++++++++++++++++++++
 plugin-ozone/conf/ozone-ranger-env.sh              |  33 +++
 plugin-ozone/conf/ranger-ozone-audit-changes.cfg   |  58 +++++
 plugin-ozone/conf/ranger-ozone-audit.xml           | 258 +++++++++++++++++++
 .../conf/ranger-ozone-security-changes.cfg         |  28 ++
 plugin-ozone/conf/ranger-ozone-security.xml        |  83 ++++++
 plugin-ozone/conf/ranger-policymgr-ssl-changes.cfg |  21 ++
 plugin-ozone/conf/ranger-policymgr-ssl.xml         |  49 ++++
 plugin-ozone/pom.xml                               |  78 ++++++
 plugin-ozone/scripts/install.properties            | 141 +++++++++++
 .../ozone/authorizer/RangerOzoneAuthorizer.java    | 191 ++++++++++++++
 .../ranger/services/ozone/RangerServiceOzone.java  | 111 ++++++++
 .../ranger/services/ozone/client/OzoneClient.java  | 197 ++++++++++++++
 .../services/ozone/client/OzoneConnectionMgr.java  | 103 ++++++++
 .../services/ozone/client/OzoneResourceMgr.java    | 180 +++++++++++++
 pom.xml                                            |  34 +++
 ranger-ozone-plugin-shim/pom.xml                   |  91 +++++++
 .../ozone/authorizer/RangerOzoneAuthorizer.java    | 113 +++++++++
 src/main/assembly/admin-web.xml                    |  34 +++
 src/main/assembly/plugin-ozone.xml                 | 178 +++++++++++++
 21 files changed, 2270 insertions(+), 1 deletion(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
index d82fd70..c7ea948 100755
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
@@ -48,7 +48,7 @@ public class EmbeddedServiceDefsUtil {
 
 
        // following servicedef list should be reviewed/updated whenever a new 
embedded service-def is added
-       public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = 
"tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch,presto";
+       public static final String DEFAULT_BOOTSTRAP_SERVICEDEF_LIST = 
"tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,nifi,nifi-registry,sqoop,kylin,elasticsearch,presto,ozone";
        private static final String PROPERTY_SUPPORTED_SERVICE_DEFS = 
"ranger.supportedcomponents";
        private Set<String> supportedServiceDefs;
        public static final String EMBEDDED_SERVICEDEF_TAG_NAME  = "tag";
@@ -70,6 +70,7 @@ public class EmbeddedServiceDefsUtil {
        public static final String EMBEDDED_SERVICEDEF_ABFS_NAME  = "abfs";
        public static final String EMBEDDED_SERVICEDEF_ELASTICSEARCH_NAME = 
"elasticsearch";
        public static final String EMBEDDED_SERVICEDEF_PRESTO_NAME  = "presto";
+       public static final String EMBEDDED_SERVICEDEF_OZONE_NAME  = "ozone";
 
        public static final String PROPERTY_CREATE_EMBEDDED_SERVICE_DEFS = 
"ranger.service.store.create.embedded.service-defs";
 
@@ -85,6 +86,7 @@ public class EmbeddedServiceDefsUtil {
        public static final String NIFI_IMPL_CLASS_NAME  = 
"org.apache.ranger.services.nifi.RangerServiceNiFi";
        public static final String ATLAS_IMPL_CLASS_NAME  = 
"org.apache.ranger.services.atlas.RangerServiceAtlas";
        public static final String PRESTO_IMPL_CLASS_NAME  = 
"org.apache.ranger.services.presto.RangerServicePresto";
+       public static final String OZONE_IMPL_CLASS_NAME  = 
"org.apache.ranger.services.ozone.RangerServiceOzone";
 
        private static EmbeddedServiceDefsUtil instance = new 
EmbeddedServiceDefsUtil();
 
@@ -107,6 +109,7 @@ public class EmbeddedServiceDefsUtil {
        private RangerServiceDef abfsServiceDef;
        private RangerServiceDef elasticsearchServiceDef;
        private RangerServiceDef prestoServiceDef;
+       private RangerServiceDef ozoneServiceDef;
 
        private RangerServiceDef tagServiceDef;
 
@@ -152,6 +155,7 @@ public class EmbeddedServiceDefsUtil {
                        abfsServiceDef = getOrCreateServiceDef(store, 
EMBEDDED_SERVICEDEF_ABFS_NAME);
                        elasticsearchServiceDef = getOrCreateServiceDef(store, 
EMBEDDED_SERVICEDEF_ELASTICSEARCH_NAME);
                        prestoServiceDef = getOrCreateServiceDef(store, 
EMBEDDED_SERVICEDEF_PRESTO_NAME);
+                       ozoneServiceDef = getOrCreateServiceDef(store, 
EMBEDDED_SERVICEDEF_OZONE_NAME);
 
                        // Ensure that tag service def is updated with access 
types of all service defs
                        store.updateTagServiceDefForAccessTypes();
@@ -229,6 +233,8 @@ public class EmbeddedServiceDefsUtil {
 
        public long getPrestoServiceDefId() { return getId(prestoServiceDef); }
 
+       public long getOzoneServiceDefId() { return getId(ozoneServiceDef); }
+
        public RangerServiceDef getEmbeddedServiceDef(String defType) throws 
Exception {
                RangerServiceDef serviceDef=null;
                if(StringUtils.isNotEmpty(defType)){
diff --git 
a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json 
b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
new file mode 100755
index 0000000..5787d93
--- /dev/null
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
@@ -0,0 +1,282 @@
+{
+       "id":201,
+       "name": "ozone",
+       "implClass": "org.apache.ranger.services.ozone.RangerServiceOzone",
+       "label": "OZONE",
+       "description": "Ozone Repository",
+       "guid": "",
+       "resources":
+       [
+               {
+                       "itemId": 1,
+                       "name": "volume",
+                       "type": "string",
+                       "level": 10,
+                       "parent": "",
+                       "mandatory": true,
+                       "lookupSupported": true,
+                       "recursiveSupported": true,
+                       "excludesSupported": false,
+                       "matcher": 
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+                       "matcherOptions": { "wildCard":true, "ignoreCase":false 
},
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ozone Volume",
+                       "description": "Ozone Volume",
+                       "isValidLeaf": true
+               },
+               {
+                       "itemId": 2,
+                       "name": "bucket",
+                       "type": "string",
+                       "level": 20,
+                       "parent": "volume",
+                       "mandatory": true,
+                       "lookupSupported": true,
+                       "recursiveSupported": false,
+                       "excludesSupported": true,
+                       "matcher": 
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+                       "matcherOptions": { "wildCard":true, "ignoreCase":true 
},
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ozone Bucket",
+                       "description": "Ozone Bucket",
+                       "isValidLeaf": true
+               },
+
+               {
+                       "itemId": 3,
+                       "name": "key",
+                       "type": "string",
+                       "level": 30,
+                       "parent": "bucket",
+                       "mandatory": true,
+                       "lookupSupported": true,
+                       "recursiveSupported": false,
+                       "excludesSupported": true,
+                       "matcher": 
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
+                       "matcherOptions": { "wildCard":true, "ignoreCase":true 
},
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Ozone Key",
+                       "description": "Ozone Key",
+                       "isValidLeaf": true
+               }
+       ],
+
+       "accessTypes":
+       [
+               {
+                        "itemId": 8,
+                        "name": "all",
+                        "label": "All",
+                        "impliedGrants":
+                        [
+                                "read",
+                                "write",
+                                "create",
+                                "list",
+                                "delete"
+                        ]
+                },
+               {
+                       "itemId": 1,
+                       "name": "read",
+                       "label": "Read"
+               },
+
+               {
+                       "itemId": 2,
+                       "name": "write",
+                       "label": "Write"
+               },
+
+               {
+                       "itemId": 3,
+                       "name": "create",
+                       "label": "Create"
+               },
+
+               {
+                       "itemId": 4,
+                       "name": "list",
+                       "label": "List"
+               },
+
+               {
+                       "itemId": 5,
+                       "name": "delete",
+                       "label": "Delete"
+               }
+       ],
+
+       "configs":
+       [
+               {
+                       "itemId": 1,
+                       "name": "username",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": true,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Username"
+               },
+
+               {
+                       "itemId": 2,
+                       "name": "password",
+                       "type": "password",
+                       "subType": "",
+                       "mandatory": true,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Password"
+               },
+
+               {
+                       "itemId": 3,
+                       "name": "ozone.om.http-address",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": true,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"{\"TextFieldWithIcon\":true, \"info\": \"For 
Ozone Url, eg.<br>&lt;host&gt;:&lt;port&gt;<br>\"}",
+                       "label": "Ozone URL"
+               },
+
+               {
+                       "itemId": 4,
+                       "name": "hadoop.security.authorization",
+                       "type": "bool",
+                       "subType": "YesTrue:NoFalse",
+                       "mandatory": true,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Authorization Enabled",
+                       "defaultValue": "false"
+               },
+
+               {
+                       "itemId": 5,
+                       "name": "hadoop.security.authentication",
+                       "type": "enum",
+                       "subType": "authnType",
+                       "mandatory": true,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Authentication Type",
+                       "defaultValue": "simple"
+               },
+
+               {
+                       "itemId": 6,
+                       "name": "hadoop.security.auth_to_local",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":""
+               },
+
+               {
+                       "itemId": 7,
+                       "name": "dfs.datanode.kerberos.principal",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":""
+               },
+
+               {
+                       "itemId": 8,
+                       "name": "dfs.namenode.kerberos.principal",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":""
+               },
+
+               {
+                       "itemId": 9,
+                       "name": "dfs.secondary.namenode.kerberos.principal",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":""
+               },
+
+               {
+                       "itemId": 10,
+                       "name": "commonNameForCertificate",
+                       "type": "string",
+                       "subType": "",
+                       "mandatory": false,
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "Common Name for Certificate"
+               }
+       ],
+
+       "enums":
+       [
+               {
+                       "itemId": 1,
+                       "name": "authnType",
+                       "elements":
+                       [
+                               {
+                                       "itemId": 1,
+                                       "name": "simple",
+                                       "label": "Simple"
+                               },
+
+                               {
+                                       "itemId": 2,
+                                       "name": "kerberos",
+                                       "label": "Kerberos"
+                               }
+                       ],
+
+                       "defaultIndex": 0
+               }
+       ],
+
+       "contextEnrichers":
+       [
+       ],
+
+       "policyConditions":
+
+       [
+
+               {
+                       "itemId": 1,
+                       "name": "ip-range",
+                       "evaluator": 
"org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
+                       "evaluatorOptions": { },
+                       "validationRegEx":"",
+                       "validationMessage": "",
+                       "uiHint":"",
+                       "label": "IP Address Range",
+                       "description": "IP Address Range"
+               }
+
+       ]
+}
diff --git a/plugin-ozone/conf/ozone-ranger-env.sh 
b/plugin-ozone/conf/ozone-ranger-env.sh
new file mode 100755
index 0000000..8234aa0
--- /dev/null
+++ b/plugin-ozone/conf/ozone-ranger-env.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+classpathmunge () {
+        escaped=`echo $1 | sed -e 's:\*:\\\\*:g'`
+        if ! echo ${CLASSPATH} | /bin/egrep -q "(^|:)${escaped}($|:)" ; then
+           if [ "$2" = "before" ] ; then
+              CLASSPATH=$1:${CLASSPATH}
+           else
+              CLASSPATH=${CLASSPATH}:$1
+           fi
+        fi
+}
+classpathmunge /etc/ozone/conf
+classpathmunge '/usr/hdp/current/hadoop-hdfs-client/*'
+classpathmunge '/usr/hdp/current/hadoop-hdfs-client/lib/*'
+classpathmunge '/etc/hadoop/conf'
+export CLASSPATH
+unset classpathmunge
diff --git a/plugin-ozone/conf/ranger-ozone-audit-changes.cfg 
b/plugin-ozone/conf/ranger-ozone-audit-changes.cfg
new file mode 100644
index 0000000..e5adb76
--- /dev/null
+++ b/plugin-ozone/conf/ranger-ozone-audit-changes.cfg
@@ -0,0 +1,58 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#xasecure.audit.db.is.enabled                        %XAAUDIT.DB.IS_ENABLED%   
                                      mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.url         %XAAUDIT_DB_JDBC_URL%   
                                                                                
mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.user                
%XAAUDIT.DB.USER_NAME%                                                          
                        mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.password    crypted                 
                                                                                
                mod create-if-not-exists
+#xasecure.audit.credential.provider.file                       
jceks://file%CREDENTIAL_PROVIDER_FILE%                                          
        mod create-if-not-exists
+#xasecure.audit.jpa.javax.persistence.jdbc.driver      
%XAAUDIT_DB_JDBC_DRIVER%                                                        
                mod create-if-not-exists
+
+xasecure.audit.hdfs.is.enabled                                     
%XAAUDIT.HDFS.IS_ENABLED%                               mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.directory                   
%XAAUDIT.HDFS.DESTINATION_DIRECTORY%                    mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.file                        
%XAAUDIT.HDFS.DESTINTATION_FILE%                        mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.flush.interval.seconds      
%XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS%      mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.rollover.interval.seconds   
%XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS%   mod create-if-not-exists
+xasecure.audit.hdfs.config.destination.open.retry.interval.seconds 
%XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS% mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.directory                  
%XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY%                   mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.file                       
%XAAUDIT.HDFS.LOCAL_BUFFER_FILE%                        mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds     
%XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS%      mod create-if-not-exists
+xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds  
%XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS%   mod create-if-not-exists
+xasecure.audit.hdfs.config.local.archive.directory                 
%XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY%                  mod create-if-not-exists
+xasecure.audit.hdfs.config.local.archive.max.file.count            
%XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT%             mod create-if-not-exists
+
+xasecure.audit.solr.is.enabled                                    
%XAAUDIT.SOLR.IS_ENABLED%                               mod create-if-not-exists
+xasecure.audit.solr.solr_url                                      
%XAAUDIT.SOLR.SOLR_URL%                                 mod create-if-not-exists
+
+#V3 configuration
+xasecure.audit.provider.summary.enabled                                  
%XAAUDIT.SUMMARY.ENABLE%                              mod create-if-not-exists
+
+xasecure.audit.destination.solr                                    
%XAAUDIT.SOLR.ENABLE%                               mod create-if-not-exists
+xasecure.audit.destination.solr.urls                               
%XAAUDIT.SOLR.URL%                                 mod create-if-not-exists
+xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod 
create-if-not-exists
+xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod 
create-if-not-exists
+xasecure.audit.destination.solr.zookeepers                         
%XAAUDIT.SOLR.ZOOKEEPER%                           mod create-if-not-exists
+xasecure.audit.destination.solr.batch.filespool.dir                
%XAAUDIT.SOLR.FILE_SPOOL_DIR%                      mod create-if-not-exists
+
+xasecure.audit.destination.hdfs                                           
%XAAUDIT.HDFS.ENABLE%                      mod create-if-not-exists
+xasecure.audit.destination.hdfs.batch.filespool.dir                
%XAAUDIT.HDFS.FILE_SPOOL_DIR%                      mod create-if-not-exists
+xasecure.audit.destination.hdfs.dir                               
%XAAUDIT.HDFS.HDFS_DIR%                      mod create-if-not-exists
+
+AZURE.ACCOUNTNAME                                                              
                                   %XAAUDIT.HDFS.AZURE_ACCOUNTNAME%            
var
+xasecure.audit.destination.hdfs.config.fs.azure.shellkeyprovider.script        
                                   %XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER%     
mod         create-if-not-exists
+xasecure.audit.destination.hdfs.config.fs.azure.account.key.%AZURE.ACCOUNTNAME%.blob.core.windows.net
             %XAAUDIT.HDFS.AZURE_ACCOUNTKEY%             mod         
create-if-not-exists
+xasecure.audit.destination.hdfs.config.fs.azure.account.keyprovider.%AZURE.ACCOUNTNAME%.blob.core.windows.net
     %XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER%    mod         
create-if-not-exists
+
+#xasecure.audit.destination.file                                          
%XAAUDIT.FILE.ENABLE%                      mod create-if-not-exists
+#xasecure.audit.destination.file.dir                              
%XAAUDIT.FILE.DIR%                      mod create-if-not-exists
diff --git a/plugin-ozone/conf/ranger-ozone-audit.xml 
b/plugin-ozone/conf/ranger-ozone-audit.xml
new file mode 100644
index 0000000..05a18d6
--- /dev/null
+++ b/plugin-ozone/conf/ranger-ozone-audit.xml
@@ -0,0 +1,258 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude";>
+       <property>
+               <name>xasecure.audit.is.enabled</name>
+               <value>true</value>
+       </property>
+
+       <!-- DB audit provider configuration -->
+       <property>
+               <name>xasecure.audit.db.is.enabled</name>
+               <value>false</value>
+       </property>
+       <property>
+               <name>xasecure.audit.db.is.async</name>
+               <value>true</value>
+       </property>
+       <property>
+               <name>xasecure.audit.db.async.max.queue.size</name>
+               <value>10240</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.db.async.max.flush.interval.ms</name>
+               <value>30000</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.db.batch.size</name>
+               <value>100</value>
+       </property>
+
+       <!--  Properties whose name begin with "xasecure.audit.jpa." are used 
to configure JPA -->
+       <property>
+               <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name>
+               <value>jdbc:mysql://localhost:3306/ranger_audit</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name>
+               <value>rangerlogger</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name>
+               <value>none</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name>
+               <value>com.mysql.jdbc.Driver</value>
+       </property>
+
+    <property>
+               <name>xasecure.audit.credential.provider.file</name>
+               <value>jceks://file/etc/ranger/ozonedev/auditcred.jceks</value>
+       </property>
+
+
+       <!-- HDFS audit provider configuration -->
+       <property>
+               <name>xasecure.audit.hdfs.is.enabled</name>
+               <value>false</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.hdfs.is.async</name>
+               <value>true</value>
+       </property>
+       <property>
+               <name>xasecure.audit.hdfs.async.max.queue.size</name>
+               <value>1048576</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name>
+               <value>30000</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.hdfs.config.encoding</name>
+               <value></value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.hdfs.config.destination.directory</name>
+               
<value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.hdfs.config.destination.file</name>
+               <value>%hostname%-audit.log</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name>
+               <value>900</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name>
+               <value>86400</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name>
+               <value>60</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.hdfs.config.local.buffer.directory</name>
+               <value>/var/log/ozone/audit</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.hdfs.config.local.buffer.file</name>
+               <value>%time:yyyyMMdd-HHmm.ss%.log</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name>
+               <value>8192</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name>
+               <value>60</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name>
+               <value>600</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.hdfs.config.local.archive.directory</name>
+               <value>/var/log/ozone/audit/archive</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.hdfs.config.local.archive.max.file.count</name>
+               <value>10</value>
+       </property>
+       <!-- Audit to HDFS on Azure Datastore (WASB) requires v3 style 
settings.  Comment the above and uncomment only the
+       following to audit to Azure Blob Datastore via hdfs' WASB schema.
+
+       NOTE: If you specify one audit destination in v3 style then other 
destinations, if any, must also be specified in v3 style
+       ====
+
+       <property>
+               <name>xasecure.audit.destination.hdfs</name>
+               <value>enabled</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.destination.hdfs.dir</name>
+               
<value>wasb://[email protected]</value>
+       </property>
+
+       the following 3 correspond to the properties with similar name in 
core-site.xml, i.e.
+       - fs.azure.account.key.youraccount.blob.core.windows.net => 
xasecure.audit.destination.hdfs.config.fs.azure.account.key.youraccount.blob.core.windows.net
 and
+       - fs.azure.account.keyprovider.youraccount.blob.core.windows.net => 
xasecure.audit.destination.hdfs.config.fs.azure.account.keyprovider.youraccount.blob.core.windows.net,
+       - fs.azure.shellkeyprovider.script => 
xasecure.audit.destination.hdfs.config.fs.azure.shellkeyprovider.script,
+
+       <property>
+               
<name>xasecure.audit.destination.hdfs.config.fs.azure.account.key.youraccount.blob.core.windows.net</name>
+               <value>YOUR ENCRYPTED ACCESS KEY</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.destination.hdfs.config.fs.azure.account.keyprovider.youraccount.blob.core.windows.net</name>
+               
<value>org.apache.hadoop.fs.azure.ShellDecryptionKeyProvider</value>
+       </property>
+
+       <property>
+               
<name>xasecure.audit.destination.hdfs.config.fs.azure.shellkeyprovider.script</name>
+               
<value>/usr/lib/python2.7/dist-packages/hdinsight_common/decrypt.sh</value>
+       </property>
+       -->
+
+       <!-- Log4j audit provider configuration -->
+       <property>
+               <name>xasecure.audit.log4j.is.enabled</name>
+               <value>false</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.log4j.is.async</name>
+               <value>false</value>
+       </property>
+       <property>
+               <name>xasecure.audit.log4j.async.max.queue.size</name>
+               <value>10240</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.log4j.async.max.flush.interval.ms</name>
+               <value>30000</value>
+       </property>
+       <!-- Ozone audit provider configuration -->
+       <property>
+               <name>xasecure.audit.ozone.is.enabled</name>
+               <value>false</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.ozone.async.max.queue.size</name>
+               <value>1</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.ozone.async.max.flush.interval.ms</name>
+               <value>1000</value>
+       </property>
+       <property>
+               <name>xasecure.audit.ozone.broker_list</name>
+               <value>localhost:9092</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.ozone.topic_name</name>
+               <value>ranger_audits</value>
+       </property>
+       <!-- Ranger audit provider configuration -->
+       <property>
+               <name>xasecure.audit.solr.is.enabled</name>
+               <value>false</value>
+       </property>
+       <property>
+               <name>xasecure.audit.solr.async.max.queue.size</name>
+               <value>1</value>
+       </property>
+
+       <property>
+               <name>xasecure.audit.solr.async.max.flush.interval.ms</name>
+               <value>1000</value>
+       </property>
+       <property>
+               <name>xasecure.audit.solr.solr_url</name>
+               <value>http://localhost:6083/solr/ranger_audits</value>
+       </property>
+</configuration>
diff --git a/plugin-ozone/conf/ranger-ozone-security-changes.cfg 
b/plugin-ozone/conf/ranger-ozone-security-changes.cfg
new file mode 100644
index 0000000..e91e7fd
--- /dev/null
+++ b/plugin-ozone/conf/ranger-ozone-security-changes.cfg
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Change the original policy parameter to work with policy manager based.
+#
+#
+ranger.plugin.ozone.service.name %REPOSITORY_NAME% mod create-if-not-exists
+
+ranger.plugin.ozone.policy.source.impl 
org.apache.ranger.admin.client.RangerAdminRESTClient mod create-if-not-exists
+
+ranger.plugin.ozone.policy.rest.url                %POLICY_MGR_URL%            
              mod create-if-not-exists
+ranger.plugin.ozone.policy.rest.ssl.config.file    
/etc/ozone/conf/ranger-policymgr-ssl.xml  mod create-if-not-exists
+ranger.plugin.ozone.policy.pollIntervalMs          30000                       
              mod create-if-not-exists
+ranger.plugin.ozone.policy.cache.dir               %POLICY_CACHE_FILE_PATH%    
              mod create-if-not-exists
+ranger.policy.rest.client.connection.timeoutMs    120000                       
                                                 mod create-if-not-exists
+ranger.policy.rest.client.read.timeoutMs                  30000                
                                                         mod 
create-if-not-exists
\ No newline at end of file
diff --git a/plugin-ozone/conf/ranger-ozone-security.xml 
b/plugin-ozone/conf/ranger-ozone-security.xml
new file mode 100644
index 0000000..40ebdb6
--- /dev/null
+++ b/plugin-ozone/conf/ranger-ozone-security.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude";>
+       <property>
+               <name>ranger.plugin.ozone.service.name</name>
+               <value>ozonedev</value>
+               <description>
+                       Name of the Ranger service containing policies for this 
Ozone instance
+               </description>
+       </property>
+
+       <property>
+               <name>ranger.plugin.ozone.policy.source.impl</name>
+               
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+               <description>
+                       Class to retrieve policies from the source
+               </description>
+       </property>
+
+       <property>
+               <name>ranger.plugin.ozone.policy.rest.url</name>
+               <value>http://policymanagerhost:port</value>
+               <description>
+                       URL to Ranger Admin
+               </description>
+       </property>
+
+       <property>
+               <name>ranger.plugin.ozone.policy.rest.ssl.config.file</name>
+               <value>/etc/ozone/conf/ranger-policymgr-ssl.xml</value>
+               <description>
+                       Path to the file containing SSL details to contact 
Ranger Admin
+               </description>
+       </property>
+
+       <property>
+               <name>ranger.plugin.ozone.policy.pollIntervalMs</name>
+               <value>30000</value>
+               <description>
+                       How often to poll for changes in policies?
+               </description>
+       </property>
+
+       <property>
+               <name>ranger.plugin.ozone.policy.cache.dir</name>
+               <value>/etc/ranger/ozonedev/policycache</value>
+               <description>
+                       Directory where Ranger policies are cached after 
successful retrieval from the source
+               </description>
+       </property>
+
+       <property>
+               
<name>ranger.plugin.ozone.policy.rest.client.connection.timeoutMs</name>
+               <value>120000</value>
+               <description>
+                       RangerRestClient Connection Timeout in Milli Seconds
+               </description>
+       </property>
+
+       <property>
+               
<name>ranger.plugin.ozone.policy.rest.client.read.timeoutMs</name>
+               <value>30000</value>
+               <description>
+                       RangerRestClient read Timeout in Milli Seconds
+               </description>
+       </property>
+</configuration>
diff --git a/plugin-ozone/conf/ranger-policymgr-ssl-changes.cfg 
b/plugin-ozone/conf/ranger-policymgr-ssl-changes.cfg
new file mode 100644
index 0000000..ae347e8
--- /dev/null
+++ b/plugin-ozone/conf/ranger-policymgr-ssl-changes.cfg
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SSL Params
+#
+xasecure.policymgr.clientssl.keystore                                   
%SSL_KEYSTORE_FILE_PATH%                                               mod 
create-if-not-exists
+xasecure.policymgr.clientssl.keystore.credential.file   
jceks://file%CREDENTIAL_PROVIDER_FILE%                 mod create-if-not-exists
+xasecure.policymgr.clientssl.truststore                                     
%SSL_TRUSTSTORE_FILE_PATH%                                         mod 
create-if-not-exists
+xasecure.policymgr.clientssl.truststore.credential.file  
jceks://file%CREDENTIAL_PROVIDER_FILE%         mod create-if-not-exists
diff --git a/plugin-ozone/conf/ranger-policymgr-ssl.xml 
b/plugin-ozone/conf/ranger-policymgr-ssl.xml
new file mode 100644
index 0000000..c01e77f
--- /dev/null
+++ b/plugin-ozone/conf/ranger-policymgr-ssl.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude";>
+       <!--  The following properties are used for 2-way SSL client server 
validation -->
+       <property>
+               <name>xasecure.policymgr.clientssl.keystore</name>
+               <value>ozonedev-clientcert.jks</value>
+               <description>
+                       Java Keystore files
+               </description>
+       </property>
+       <property>
+               <name>xasecure.policymgr.clientssl.truststore</name>
+               <value>cacerts-xasecure.jks</value>
+               <description>
+                       java truststore file
+               </description>
+       </property>
+    <property>
+               
<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+               <value>jceks://file/tmp/keystore-ozonedev-ssl.jceks</value>
+               <description>
+                       java  keystore credential file
+               </description>
+       </property>
+       <property>
+               
<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+               <value>jceks://file/tmp/truststore-ozonedev-ssl.jceks</value>
+               <description>
+                       java  truststore credential file
+               </description>
+       </property>
+</configuration>
diff --git a/plugin-ozone/pom.xml b/plugin-ozone/pom.xml
new file mode 100644
index 0000000..e058d6f
--- /dev/null
+++ b/plugin-ozone/pom.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0";
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>ranger-ozone-plugin</artifactId>
+    <name>Ozone Security Plugin</name>
+    <description>Ozone Security Plugin</description>
+    <packaging>jar</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <parent>
+        <artifactId>ranger</artifactId>
+        <groupId>org.apache.ranger</groupId>
+        <version>2.0.0-SNAPSHOT</version>
+        <relativePath>..</relativePath>
+    </parent>
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>ranger-plugins-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>ranger-plugins-audit</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>credentialbuilder</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-hdfs</artifactId>
+            <version>${hadoop.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore</artifactId>
+            <version>${httpcomponents.httpcore.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-ozone-common</artifactId>
+               <version>0.4.0-alpha</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-hdds-common</artifactId>
+               <version>0.4.0-alpha</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-ozone-client</artifactId>
+               <version>0.4.0-alpha</version>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/plugin-ozone/scripts/install.properties 
b/plugin-ozone/scripts/install.properties
new file mode 100644
index 0000000..276d192
--- /dev/null
+++ b/plugin-ozone/scripts/install.properties
@@ -0,0 +1,141 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Location of component folder
+COMPONENT_INSTALL_DIR_NAME=../ozone
+
+#
+# Location of Policy Manager URL
+#
+# Example:
+# POLICY_MGR_URL=http://policymanager.xasecure.net:6080
+#
+POLICY_MGR_URL=
+
+#
+# This is the repository name created within policy manager
+#
+# Example:
+# REPOSITORY_NAME=ozonedev
+#
+REPOSITORY_NAME=
+
+# AUDIT configuration with V3 properties
+
+#Should audit be summarized at source
+XAAUDIT.SUMMARY.ENABLE=true
+
+# Enable audit logs to Solr
+#Example
+#XAAUDIT.SOLR.ENABLE=true
+#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits
+#XAAUDIT.SOLR.ZOOKEEPER=
+#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ozone/audit/solr/spool
+
+XAAUDIT.SOLR.ENABLE=false
+XAAUDIT.SOLR.URL=NONE
+XAAUDIT.SOLR.USER=NONE
+XAAUDIT.SOLR.PASSWORD=NONE
+XAAUDIT.SOLR.ZOOKEEPER=NONE
+XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ozone/audit/solr/spool
+
+# Enable audit logs to HDFS
+#Example
+#XAAUDIT.HDFS.ENABLE=true
+#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit
+#  If using Azure Blob Storage
+#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>
+#XAAUDIT.HDFS.HDFS_DIR=wasb://[email protected]/ranger/audit
+#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/ozone/audit/hdfs/spool
+
+XAAUDIT.HDFS.ENABLE=false
+XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit
+XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/ozone/audit/hdfs/spool
+
+# Following additional propertis are needed When auditing to Azure Blob 
Storage via HDFS
+# Get these values from your /etc/hadoop/conf/core-site.xml
+#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path>
+XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
+XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
+
+# End of V3 properties
+
+#
+#  Audit to HDFS Configuration
+#
+# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens
+# that start with __REPLACE__ with appropriate values
+#  XAAUDIT.HDFS.IS_ENABLED=true
+#  
XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+#  XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/ozone/audit
+#  XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/ozone/audit/archive
+#
+# Example:
+#  XAAUDIT.HDFS.IS_ENABLED=true
+#  
XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+#  XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/ozone/audit
+#  XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/ozone/audit/archive
+#
+XAAUDIT.HDFS.IS_ENABLED=false
+XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%
+XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/ozone/audit
+XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/ozone/audit/archive
+
+XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log
+XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
+XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
+XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
+XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
+XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
+
+#Solr Audit Provder
+XAAUDIT.SOLR.IS_ENABLED=false
+XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
+XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
+XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits
+
+#
+# SSL Client Certificate Information
+#
+# Example:
+# SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
+# SSL_KEYSTORE_PASSWORD=none
+# SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
+# SSL_TRUSTSTORE_PASSWORD=none
+#
+# You do not need use SSL between agent and security admin tool, please leave 
these sample value as it is.
+#
+SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
+SSL_TRUSTSTORE_PASSWORD=changeit
+
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=ozone
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=hadoop
\ No newline at end of file
diff --git 
a/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
 
b/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
new file mode 100644
index 0000000..40d853d
--- /dev/null
+++ 
b/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
@@ -0,0 +1,191 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.ozone.authorizer;
+
+import com.google.common.collect.Sets;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.IOzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.RequestContext;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.ranger.audit.provider.MiscUtil;
+import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
+import org.apache.ranger.plugin.util.RangerPerfTracer;
+
+import java.util.Date;
+
+public class RangerOzoneAuthorizer implements IAccessAuthorizer {
+       public static final String ACCESS_TYPE_READ = "read";
+       public static final String ACCESS_TYPE_WRITE = "write";
+       public static final String ACCESS_TYPE_CREATE = "create";
+       public static final String ACCESS_TYPE_LIST = "list";
+       public static final String ACCESS_TYPE_DELETE = "delete";
+
+
+    public static final String KEY_RESOURCE_VOLUME = "volume";
+       public static final String KEY_RESOURCE_BUCKET = "bucket";
+       public static final String KEY_RESOURCE_KEY = "key";
+
+       private static final Log PERF_OZONEAUTH_REQUEST_LOG = 
RangerPerfTracer.getPerfLogger("ozoneauth.request");
+
+    private static final Log LOG = 
LogFactory.getLog(RangerOzoneAuthorizer.class);
+
+       private static volatile RangerBasePlugin rangerPlugin = null;
+       RangerDefaultAuditHandler auditHandler = null;
+
+       public RangerOzoneAuthorizer() {
+               rangerPlugin = new RangerBasePlugin("ozone", "ozone");
+
+               rangerPlugin.init(); // this will initialize policy engine and 
policy refresher
+               auditHandler = new RangerDefaultAuditHandler();
+               rangerPlugin.setResultProcessor(auditHandler);
+       }
+
+       @Override
+       public boolean checkAccess(IOzoneObj ozoneObject, RequestContext 
context) {
+               boolean returnValue = false;
+               if (ozoneObject == null) {
+                       LOG.error("Ozone object is null!!");
+                       return returnValue;
+               }
+               OzoneObj ozoneObj = (OzoneObj) ozoneObject;
+               UserGroupInformation ugi = context.getClientUgi();
+               ACLType operation = context.getAclRights();
+               String resource = ozoneObj.getPath();
+
+               if (LOG.isDebugEnabled()) {
+                       LOG.debug("==> RangerOzoneAuthorizer.checkAccess with 
operation = " + operation + ", resource = " +
+                                       resource + ", store type = " + 
OzoneObj.StoreType.values() + ", ugi = " + ugi + ", ip = " + context.getIp() + 
")");
+               }
+
+               if (rangerPlugin == null) {
+                       MiscUtil.logErrorMessageByInterval(LOG,
+                                       "Authorizer is still not initialized");
+                       return returnValue;
+               }
+
+               //TODO: If sorce type is S3 and resource is volume, then allow 
it by default
+               if (ozoneObj.getStoreType() == OzoneObj.StoreType.S3 && 
ozoneObj.getResourceType() == OzoneObj.ResourceType.VOLUME) {
+                       if (LOG.isDebugEnabled()) {
+                               LOG.debug("If store type is s3 and resource is 
volume, then we allow it by default!  Returning true");
+                       }
+                       LOG.warn("Allowing access by default since source type 
is S3 and resource type is Volume!!");
+                       return true;
+               }
+
+               RangerPerfTracer perf = null;
+
+               if 
(RangerPerfTracer.isPerfTraceEnabled(PERF_OZONEAUTH_REQUEST_LOG)) {
+                       perf = 
RangerPerfTracer.getPerfTracer(PERF_OZONEAUTH_REQUEST_LOG, 
"RangerOzoneAuthorizer.authorize(resource=" + resource + ")");
+               }
+
+               Date eventTime = new Date();
+               String accessType = mapToRangerAccessType(operation);
+               if (accessType == null) {
+                       MiscUtil.logErrorMessageByInterval(LOG,
+                                       "Unsupported access type. operation=" + 
operation) ;
+                       LOG.fatal("Unsupported access type. operation=" + 
operation + ", resource=" + resource);
+                       return returnValue;
+               }
+               String action = accessType;
+               String clusterName = rangerPlugin.getClusterName();
+
+               RangerAccessRequestImpl rangerRequest = new 
RangerAccessRequestImpl();
+               rangerRequest.setUser(ugi.getShortUserName());
+               
rangerRequest.setUserGroups(Sets.newHashSet(ugi.getGroupNames()));
+               
rangerRequest.setClientIPAddress(context.getIp().getHostAddress());
+               
rangerRequest.setRemoteIPAddress(context.getIp().getHostAddress());
+               rangerRequest.setAccessTime(eventTime);
+
+               RangerAccessResourceImpl rangerResource = new 
RangerAccessResourceImpl();
+               rangerRequest.setResource(rangerResource);
+               rangerRequest.setAccessType(accessType);
+               rangerRequest.setAction(action);
+               rangerRequest.setRequestData(resource);
+               rangerRequest.setClusterName(clusterName);
+               if (ozoneObj.getStoreType() == OzoneObj.StoreType.S3) {
+                       rangerResource.setValue(KEY_RESOURCE_VOLUME, "s3Vol");
+               } else {
+                       rangerResource.setValue(KEY_RESOURCE_VOLUME, 
ozoneObj.getVolumeName());
+               }
+
+               if (ozoneObj.getResourceType() == OzoneObj.ResourceType.BUCKET) 
{
+                       rangerResource.setValue(KEY_RESOURCE_BUCKET, 
ozoneObj.getBucketName());
+               } else if (ozoneObj.getResourceType() == 
OzoneObj.ResourceType.KEY) {
+                       rangerResource.setValue(KEY_RESOURCE_BUCKET, 
ozoneObj.getBucketName());
+                       rangerResource.setValue(KEY_RESOURCE_KEY, 
ozoneObj.getKeyName());
+               } else {
+                       LOG.fatal("Unsupported resource = " + resource);
+                       MiscUtil.logErrorMessageByInterval(LOG, "Unsupported 
resource = " + resource
+                                       + ", request=" + rangerRequest);
+                       return returnValue;
+               }
+
+               try {
+                       RangerAccessResult result = rangerPlugin
+                                       .isAccessAllowed(rangerRequest);
+                       if (result == null) {
+                               LOG.error("Ranger Plugin returned null. 
Returning false");
+                       } else {
+                               returnValue = result.getIsAllowed();
+                       }
+               } catch (Throwable t) {
+                       LOG.error("Error while calling isAccessAllowed(). 
request="
+                                       + rangerRequest, t);
+               }
+               RangerPerfTracer.log(perf);
+
+               if (LOG.isDebugEnabled()) {
+                       LOG.debug("rangerRequest=" + rangerRequest + ", return="
+                                       + returnValue);
+               }
+               return returnValue;
+       }
+
+       private String mapToRangerAccessType(ACLType operation) {
+               String rangerAccessType = null;
+               switch (operation) {
+                       case READ:
+                               rangerAccessType = ACCESS_TYPE_READ;
+                               break;
+                       case WRITE:
+                               rangerAccessType = ACCESS_TYPE_WRITE;
+                               break;
+                       case CREATE:
+                               rangerAccessType = ACCESS_TYPE_CREATE;
+                               break;
+                       case DELETE:
+                               rangerAccessType = ACCESS_TYPE_DELETE;
+                               break;
+                       case LIST:
+                               rangerAccessType = ACCESS_TYPE_LIST;
+                               break;
+               }
+               return rangerAccessType;
+       }
+}
+
diff --git 
a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
new file mode 100644
index 0000000..25bffc4
--- /dev/null
+++ 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.services.ozone;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.client.HadoopException;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.service.RangerBaseService;
+import org.apache.ranger.plugin.service.ResourceLookupContext;
+import org.apache.ranger.services.ozone.client.OzoneResourceMgr;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class RangerServiceOzone extends RangerBaseService {
+
+    private static final Log LOG = LogFactory.getLog(RangerServiceOzone.class);
+
+    public RangerServiceOzone() {
+        super();
+    }
+
+    @Override
+    public void init(RangerServiceDef serviceDef, RangerService service) {
+        super.init(serviceDef, service);
+    }
+
+    @Override
+    public Map<String,Object> validateConfig() throws Exception {
+        Map<String, Object> ret = new HashMap<String, Object>();
+        String serviceName = getServiceName();
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerServiceOzone.validateConfig Service: (" + 
serviceName + " )");
+        }
+
+        if ( configs != null) {
+            try  {
+                ret = OzoneResourceMgr.connectionTest(serviceName, configs);
+            } catch (HadoopException e) {
+                LOG.error("<== RangerServiceOzone.validateConfig Error: " + 
e.getMessage(),e);
+                throw e;
+            }
+        }
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerServiceOzone.validateConfig Response : (" + 
ret + " )");
+        }
+
+        return ret;
+    }
+
+    @Override
+    public List<String> lookupResource(ResourceLookupContext context) throws 
Exception {
+        List<String> ret           = new ArrayList<String>();
+        String  serviceName        = getServiceName();
+        String  serviceType               = getServiceType();
+        Map<String,String> configs = getConfigs();
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("==> RangerServiceOzone.lookupResource Context: (" + 
context + ")");
+        }
+        if (context != null) {
+            try {
+                ret  = OzoneResourceMgr.getOzoneResources(serviceName, 
serviceType, configs,context);
+            } catch (Exception e) {
+                LOG.error( "<==RangerServiceOzone.lookupResource Error : " + 
e);
+                throw e;
+            }
+        }
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerServiceOzone.lookupResource Response: (" + 
ret + ")");
+        }
+        return ret;
+    }
+
+    @Override
+    public List<RangerPolicy> getDefaultRangerPolicies() throws Exception {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("==> RangerServiceOzone.getDefaultRangerPolicies() ");
+        }
+
+        List<RangerPolicy> ret = super.getDefaultRangerPolicies();
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerServiceOzone.getDefaultRangerPolicies() : " + 
ret);
+        }
+        return ret;
+    }
+
+}
diff --git 
a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
new file mode 100644
index 0000000..0f6be18
--- /dev/null
+++ 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
@@ -0,0 +1,197 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.services.ozone.client;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.ozone.client.OzoneBucket;
+import org.apache.hadoop.ozone.client.OzoneClientFactory;
+import org.apache.hadoop.ozone.client.OzoneKey;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.ranger.plugin.client.BaseClient;
+
+import java.io.IOException;
+import java.util.*;
+
+public class OzoneClient extends BaseClient {
+
+    private static final Log LOG = LogFactory.getLog(OzoneClient.class);
+
+    private static final String ERR_MSG = "You can still save the repository 
and start creating "
+            + "policies, but you would not be able to use autocomplete for "
+            + "resource names. Check ranger_admin.log for more info.";
+
+    private Configuration conf;
+    private org.apache.hadoop.ozone.client.OzoneClient ozoneClient = null;
+
+    public OzoneClient(String serviceName, Map<String,String> 
connectionProperties) throws Exception{
+        super(serviceName,connectionProperties, "ozone-client");
+        conf = new Configuration();
+        Set<String> rangerInternalPropertyKeys = 
getConfigHolder().getRangerInternalPropertyKeys();
+        for (Map.Entry<String, String> entry: connectionProperties.entrySet()) 
 {
+            String key = entry.getKey();
+            String value = entry.getValue();
+            if (!rangerInternalPropertyKeys.contains(key) && value != null) {
+                conf.set(key, value);
+            }
+        }
+        ozoneClient = 
OzoneClientFactory.getRpcClient(conf.get("ozone.om.http-address"));
+    }
+
+    public void close() {
+        try {
+            ozoneClient.close();
+        } catch (IOException e) {
+            LOG.error("Unable to close Ozone Client connection", e);
+        }
+
+    }
+
+    public List<String> getVolumeList(String volumePrefix) {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("==> OzoneClient getVolume volumePrefix : " + 
volumePrefix);
+        }
+
+        List<String> ret = new ArrayList<String>();
+        try {
+            if (ozoneClient != null) {
+                Iterator<? extends OzoneVolume> ozoneVolList = 
ozoneClient.getObjectStore().listVolumesByUser(conf.get("username"), 
volumePrefix, null);
+                if (ozoneVolList != null) {
+                    while (ozoneVolList.hasNext()) {
+                        ret.add(ozoneVolList.next().getName());
+                    }
+                }
+            }
+        } catch (IOException e) {
+            LOG.error("Unable to get Volume List");
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("<== OzoneClient.getVolumeList() Error : " , e);
+            }
+        }
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("<== OzoneClient.getVolumeList(): " + ret);
+        }
+        return ret;
+    }
+
+    public List<String> getBucketList(String bucketPrefix, List<String> 
finalvolumeList) {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("==> OzoneClient getBucketList bucketPrefix : " + 
bucketPrefix);
+        }
+        List<String> ret = new ArrayList<String>();
+        try {
+            if (ozoneClient != null) {
+                if (finalvolumeList != null && !finalvolumeList.isEmpty()) {
+                    for (String ozoneVol : finalvolumeList) {
+                        Iterator<? extends OzoneBucket> ozoneBucketList = 
ozoneClient.getObjectStore().getVolume(ozoneVol).listBuckets(bucketPrefix);
+                        if (ozoneBucketList != null) {
+                            while (ozoneBucketList.hasNext()) {
+                                ret.add(ozoneBucketList.next().getName());
+                            }
+                        }
+                    }
+                }
+            }
+        } catch (IOException e) {
+            LOG.error("Unable to get Volume List");
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("<== OzoneClient.getVolumeList() Error : " , e);
+            }
+        }
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("<== OzoneClient.getVolumeList(): " + ret);
+        }
+        return ret;
+    }
+
+    public List<String> getKeyList(String keyPrefix, List<String> 
finalvolumeList, List<String> finalbucketList) {
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("==> OzoneClient getKeyList keyPrefix : " + keyPrefix);
+        }
+        List<String> ret = new ArrayList<String>();
+        try {
+            if (ozoneClient != null) {
+                if (finalvolumeList != null && !finalvolumeList.isEmpty()) {
+                    for (String ozoneVol : finalvolumeList) {
+                        Iterator<? extends OzoneBucket> ozoneBucketList = 
ozoneClient.getObjectStore().getVolume(ozoneVol).listBuckets(null);
+                        if (ozoneBucketList != null) {
+                            while (ozoneBucketList.hasNext()) {
+                                String bucketName = 
ozoneBucketList.next().getName();
+                                if (finalbucketList.contains(bucketName)) {
+                                    Iterator<? extends OzoneKey> ozoneKeyList 
= ozoneBucketList.next().listKeys(keyPrefix);
+                                    if (ozoneKeyList != null) {
+                                        while (ozoneKeyList.hasNext()) {
+                                            
ret.add(ozoneKeyList.next().getName());
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        } catch (IOException e) {
+            LOG.error("Unable to get Volume List");
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("<== OzoneClient.getVolumeList() Error : " , e);
+            }
+        }
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("<== OzoneClient.getVolumeList(): " + ret);
+        }
+        return ret;
+    }
+
+    public static Map<String, Object> connectionTest(String serviceName,
+                                                     Map<String, String> 
connectionProperties) throws Exception {
+        Map<String, Object> responseData = new HashMap<String, Object>();
+        OzoneClient connectionObj = null;
+        boolean connectivityStatus = false;
+        List<String> testResult = null;
+
+        try {
+            connectionObj = new OzoneClient(serviceName,       
connectionProperties);
+            if (connectionObj != null) {
+                testResult = connectionObj.getVolumeList(null);
+                if (testResult != null && testResult.size() != 0) {
+                    connectivityStatus = true;
+                }
+                if (connectivityStatus) {
+                    String successMsg = "ConnectionTest Successful";
+                    generateResponseDataMap(connectivityStatus, successMsg, 
successMsg,
+                            null, null, responseData);
+                } else {
+                    String failureMsg = "Unable to retrieve any volumes using 
given parameters.";
+                    generateResponseDataMap(connectivityStatus, failureMsg, 
failureMsg + ERR_MSG,
+                            null, null, responseData);
+                }
+            }
+        } catch (Exception e) {
+            throw e;
+        } finally {
+            if (connectionObj != null) {
+                connectionObj.close();
+            }
+        }
+
+        return responseData;
+    }
+}
diff --git 
a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneConnectionMgr.java
 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneConnectionMgr.java
new file mode 100644
index 0000000..5b18ee3
--- /dev/null
+++ 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneConnectionMgr.java
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.services.ozone.client;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.plugin.util.TimedEventUtil;
+
+import java.util.Map;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.TimeUnit;
+
+public class OzoneConnectionMgr {
+    private static final Logger LOG = 
Logger.getLogger(OzoneConnectionMgr.class);
+
+    protected ConcurrentMap<String, OzoneClient>    ozoneConnectionCache;
+    protected ConcurrentMap<String, Boolean>        repoConnectStatusMap;
+
+
+    public     OzoneConnectionMgr() {
+        ozoneConnectionCache = new ConcurrentHashMap<String, OzoneClient>();
+        repoConnectStatusMap = new ConcurrentHashMap<String, Boolean>();
+    }
+
+
+    public OzoneClient getOzoneConnection(final String serviceName, final 
String serviceType, final Map<String,String> configs) {
+        OzoneClient ozoneClient  = null;
+
+        if (serviceType != null) {
+            // get it from the cache
+            ozoneClient = ozoneConnectionCache.get(serviceName);
+            if (ozoneClient == null) {
+                if (configs != null) {
+
+                    final Callable<OzoneClient> connectHive = new 
Callable<OzoneClient>() {
+                        @Override
+                        public OzoneClient call() throws Exception {
+                            return new OzoneClient(serviceName, configs);
+                        }
+                    };
+                    try {
+                        ozoneClient = TimedEventUtil.timedTask(connectHive, 5, 
TimeUnit.SECONDS);
+                    } catch(Exception e){
+                        LOG.error("Error connecting ozone repository : "+
+                                serviceName +" using config : "+ configs, e);
+                    }
+
+                    OzoneClient oldClient = null;
+                    if (ozoneClient != null) {
+                        oldClient = 
ozoneConnectionCache.putIfAbsent(serviceName, ozoneClient);
+                    } else {
+                        oldClient = ozoneConnectionCache.get(serviceName);
+                    }
+
+                    if (oldClient != null) {
+                        // in the meantime someone else has put a valid client 
into the cache, let's use that instead.
+                        if (ozoneClient != null) {
+                            ozoneClient.close();
+                        }
+                        ozoneClient = oldClient;
+                    }
+                    repoConnectStatusMap.put(serviceName, true);
+                } else {
+                    LOG.error("Connection Config not defined for asset :"
+                            + serviceName, new Throwable());
+                }
+            } else {
+                try {
+                    ozoneClient.getVolumeList(null);
+                } catch(Exception e) {
+                    ozoneConnectionCache.remove(serviceName);
+                    /*
+                     * There is a possibility that some other thread is also 
using this connection that we are going to close but
+                     * presumably the connection is bad which is why we are 
closing it, so damage should not be much.
+                     */
+                    ozoneClient.close();
+                    ozoneClient = 
getOzoneConnection(serviceName,serviceType,configs);
+                }
+            }
+        } else {
+            LOG.error("Asset not found with name "+serviceName, new 
Throwable());
+        }
+        return ozoneClient;
+    }
+}
diff --git 
a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneResourceMgr.java
 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneResourceMgr.java
new file mode 100644
index 0000000..0b999ab
--- /dev/null
+++ 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneResourceMgr.java
@@ -0,0 +1,180 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.services.ozone.client;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.plugin.client.HadoopException;
+import org.apache.ranger.plugin.service.ResourceLookupContext;
+import org.apache.ranger.plugin.util.TimedEventUtil;
+
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Callable;
+import java.util.concurrent.TimeUnit;
+
+public class OzoneResourceMgr {
+
+    private static final Logger LOG = Logger.getLogger(OzoneResourceMgr.class);
+
+    private static final String VOLUME     = "volume";
+    private static final String BUCKET     = "bucket";
+    private static final String KEY        = "key";
+
+
+    public static Map<String, Object> connectionTest(String serviceName, 
Map<String, String> configs) throws Exception {
+        Map<String, Object> ret = null;
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("==> OzoneResourceMgr.connectionTest ServiceName: "+ 
serviceName + "Configs" + configs );
+        }
+
+        try {
+            ret = OzoneClient.connectionTest(serviceName, configs);
+        } catch (HadoopException e) {
+            LOG.error("<== OzoneResourceMgr.connectionTest Error: " + e);
+            throw e;
+        }
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== OzoneResourceMgr.connectionTest Result : "+ ret  );
+        }
+
+        return ret;
+    }
+
+    public static List<String> getOzoneResources(String serviceName, String 
serviceType, Map<String, String> configs, ResourceLookupContext context) throws 
Exception  {
+
+        String userInput                       = context.getUserInput();
+        String resource                               = 
context.getResourceName();
+        Map<String, List<String>> resourceMap  = context.getResources();
+        List<String> resultList                   = null;
+        List<String> volumeList                = null;
+        List<String> bucketList                       = null;
+        List<String> keyList                  = null;
+        String volumePrefix                    = null;
+        String bucketPrefix                       = null;
+        String keyPrefix                          = null;
+
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== OzoneResourceMgr.getOzoneResources()  UserInput: 
\""+ userInput  + "\" resource : " + resource + " resourceMap: "  + 
resourceMap);
+        }
+
+        if ( userInput != null && resource != null) {
+            if ( resourceMap != null  && !resourceMap.isEmpty() ) {
+                volumeList = resourceMap.get(VOLUME);
+                bucketList = resourceMap.get(BUCKET);
+                keyList = resourceMap.get(KEY);
+            }
+            switch (resource.trim().toLowerCase()) {
+                case VOLUME:
+                    volumePrefix = userInput;
+                    break;
+                case BUCKET:
+                    bucketPrefix = userInput;
+                    break;
+                case KEY:
+                    keyPrefix    = userInput;
+                    break;
+                default:
+                    break;
+            }
+        }
+
+        if (serviceName != null && userInput != null) {
+            try {
+
+                if(LOG.isDebugEnabled()) {
+                    LOG.debug("==> OzoneResourceMgr.getOzoneResources() 
UserInput: "+ userInput  + " configs: " + configs + " volumeList: "  + 
volumeList + " bucketList: "
+                            + bucketList + " keyList: " + keyList );
+                }
+
+                final OzoneClient ozoneClient = new 
OzoneConnectionMgr().getOzoneConnection(serviceName, serviceType, configs);
+
+                Callable<List<String>> callableObj = null;
+                final String finalVolPrefix;
+                final String finalBucketPrefix;
+                final String finalKeyPrefix;
+
+                final List<String> finalvolumeList = volumeList;
+                final List<String> finalbucketList = bucketList;
+
+                if ( ozoneClient != null) {
+                    if ( volumePrefix != null
+                            && !volumePrefix.isEmpty()){
+                        // get the DBList for given Input
+                        finalVolPrefix = volumePrefix;
+                        callableObj = new Callable<List<String>>() {
+                            @Override
+                            public List<String> call() {
+                                return 
ozoneClient.getVolumeList(finalVolPrefix);
+                            }
+                        };
+                    } else if ( bucketPrefix != null
+                            && !bucketPrefix.isEmpty()) {
+                        // get  ColumnList for given Input
+                        finalBucketPrefix = bucketPrefix;
+                        callableObj = new Callable<List<String>>() {
+
+                            @Override
+                            public List<String> call() {
+                                return 
ozoneClient.getBucketList(finalBucketPrefix,
+                                        finalvolumeList);
+                            }
+                        };
+                    } else if ( keyPrefix != null
+                            && !keyPrefix.isEmpty()) {
+                        // get  ColumnList for given Input
+                       finalKeyPrefix = keyPrefix;
+
+                        callableObj = new Callable<List<String>>() {
+                            @Override
+                            public List<String> call() {
+                                return ozoneClient.getKeyList(finalKeyPrefix,
+                                        finalvolumeList,
+                                        finalbucketList);
+                            }
+                        };
+                    }
+                    if (callableObj != null) {
+                        synchronized (ozoneClient) {
+                            resultList = TimedEventUtil.timedTask(callableObj, 
5,
+                                    TimeUnit.SECONDS);
+                        }
+                    } else {
+                        LOG.error("Could not initiate at timedTask");
+                    }
+                }
+            } catch (Exception e) {
+                LOG.error("Unable to get ozone resources.", e);
+                throw e;
+            }
+        }
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== OzoneResourceMgr.getOzoneResources() UserInput: "+ 
userInput  + " configs: " + configs + " volumeList: "  + volumeList + " 
bucketList: "
+                    + bucketList + " keyList: " + keyList + "Result :" + 
resultList );
+
+        }
+        return resultList;
+
+    }
+
+}
diff --git a/pom.xml b/pom.xml
index 7cf134c..ab806b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -116,6 +116,7 @@
         <gson.version>2.2.4</gson.version>
         <guice.version>4.0</guice.version>
         <hadoop.version>3.1.1</hadoop.version>
+       <ozone.version>0.4.0-alpha</ozone.version>
         <hamcrest.all.version>1.3</hamcrest.all.version>
         <hbase.version>2.0.2</hbase.version>
         <hive.version>3.1.0</hive.version>
@@ -215,6 +216,7 @@
                 <module>knox-agent</module>
                 <module>storm-agent</module>
                 <module>plugin-yarn</module>
+               <module>plugin-ozone</module>
                 <module>security-admin</module>
                 <module>plugin-kafka</module>
                 <module>plugin-solr</module>
@@ -234,6 +236,7 @@
                 <module>ranger-hbase-plugin-shim</module>
                 <module>ranger-knox-plugin-shim</module>
                 <module>ranger-yarn-plugin-shim</module>
+               <module>ranger-ozone-plugin-shim</module>
                 <module>ranger-storm-plugin-shim</module>
                 <module>ranger-kafka-plugin-shim</module>
                 <module>ranger-solr-plugin-shim</module>
@@ -264,6 +267,7 @@
                                 
<descriptor>src/main/assembly/storm-agent.xml</descriptor>
                                 
<descriptor>src/main/assembly/plugin-kafka.xml</descriptor>
                                 
<descriptor>src/main/assembly/plugin-yarn.xml</descriptor>
+                               
<descriptor>src/main/assembly/plugin-ozone.xml</descriptor>
                                 
<descriptor>src/main/assembly/plugin-solr.xml</descriptor>
                                 
<descriptor>src/main/assembly/admin-web.xml</descriptor>
                                 
<descriptor>src/main/assembly/solr_audit_conf.xml</descriptor>
@@ -446,6 +450,33 @@
                 </plugins>
             </build>
         </profile>
+       <profile>
+            <id>ranger-ozone-plugin</id>
+            <modules>
+                <module>agents-audit</module>
+                <module>agents-common</module>
+                <module>agents-cred</module>
+                <module>agents-installer</module>
+                <module>credentialbuilder</module>
+                <module>ranger-plugin-classloader</module>
+                <module>ranger-util</module>
+                <module>plugin-ozone</module>
+                <module>ranger-ozone-plugin-shim</module>
+            </modules>
+            <build>
+                <plugins>
+                    <plugin>
+                        <artifactId>maven-assembly-plugin</artifactId>
+                        <version>2.2-beta-5</version>
+                        <configuration>
+                            <descriptors>
+                                
<descriptor>src/main/assembly/plugin-ozone.xml</descriptor>
+                            </descriptors>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
         <profile>
             <id>ranger-kafka-plugin</id>
             <modules>
@@ -684,6 +715,7 @@
                 <module>knox-agent</module>
                 <module>storm-agent</module>
                 <module>plugin-yarn</module>
+                <module>plugin-ozone</module>
                 <module>security-admin</module>
                 <module>plugin-kafka</module>
                 <module>plugin-solr</module>
@@ -702,6 +734,7 @@
                 <module>ranger-hbase-plugin-shim</module>
                 <module>ranger-knox-plugin-shim</module>
                 <module>ranger-yarn-plugin-shim</module>
+                <module>ranger-ozone-plugin-shim</module>
                 <module>ranger-storm-plugin-shim</module>
                 <module>ranger-kafka-plugin-shim</module>
                 <module>ranger-solr-plugin-shim</module>
@@ -734,6 +767,7 @@
                                 
<descriptor>src/main/assembly/storm-agent.xml</descriptor>
                                 
<descriptor>src/main/assembly/plugin-kafka.xml</descriptor>
                                 
<descriptor>src/main/assembly/plugin-yarn.xml</descriptor>
+                                
<descriptor>src/main/assembly/plugin-ozone.xml</descriptor>
                                 
<descriptor>src/main/assembly/plugin-solr.xml</descriptor>
                                 
<descriptor>src/main/assembly/admin-web.xml</descriptor>
                                 
<descriptor>src/main/assembly/solr_audit_conf.xml</descriptor>
diff --git a/ranger-ozone-plugin-shim/pom.xml b/ranger-ozone-plugin-shim/pom.xml
new file mode 100644
index 0000000..bfd9c69
--- /dev/null
+++ b/ranger-ozone-plugin-shim/pom.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0";
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>ranger-ozone-plugin-shim</artifactId>
+    <name>OZONE Security Plugin Shim</name>
+    <description>OZONE Security Plugin Shim</description>
+    <packaging>jar</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <parent>
+        <artifactId>ranger</artifactId>
+        <groupId>org.apache.ranger</groupId>
+        <version>2.0.0-SNAPSHOT</version>
+        <relativePath>..</relativePath>
+    </parent>
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>ranger-plugins-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>ranger-plugins-audit</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>credentialbuilder</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-hdfs</artifactId>
+            <version>${hadoop.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore</artifactId>
+            <version>${httpcomponents.httpcore.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-ozone-common</artifactId>
+       <!--
+           <version>0.4.0.3.0.100.0-SNAPSHOT</version>
+           <version>0.4.0-alpha</version>
+            <scope>system</scope>
+            
<systemPath>${project.basedir}/src/main/resources/hadoop-ozone-common-0.4.0-alpha.jar</systemPath>
+       -->
+           <version>0.4.0-alpha</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-hdds-common</artifactId>
+       <!--
+           <version>0.4.0.3.0.100.0-SNAPSHOT</version>
+           <version>0.4.0-alpha</version>
+            <scope>system</scope>
+            
<systemPath>${project.basedir}/src/main/resources/hadoop-hdds-common-0.4.0-alpha.jar</systemPath>
 
+       -->
+           <version>0.4.0-alpha</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ranger</groupId>
+            <artifactId>ranger-plugin-classloader</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+
+</project>
diff --git 
a/ranger-ozone-plugin-shim/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
 
b/ranger-ozone-plugin-shim/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
new file mode 100644
index 0000000..5d7c291
--- /dev/null
+++ 
b/ranger-ozone-plugin-shim/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.authorization.ozone.authorizer;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
+import org.apache.hadoop.ozone.security.acl.IOzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneAclException;
+import org.apache.hadoop.ozone.security.acl.RequestContext;
+import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
+
+public class RangerOzoneAuthorizer implements IAccessAuthorizer {
+
+    private static final Log LOG  = 
LogFactory.getLog(RangerOzoneAuthorizer.class);
+
+    private static final String   RANGER_PLUGIN_TYPE                       = 
"ozone";
+    private static final String   RANGER_OZONE_AUTHORIZER_IMPL_CLASSNAME   = 
"org.apache.ranger.authorization.ozone.authorizer.RangerOzoneAuthorizer";
+    private static RangerPluginClassLoader rangerPluginClassLoader         = 
null;
+    private IAccessAuthorizer ozoneAuthorizationProviderImpl               = 
null;
+
+    public RangerOzoneAuthorizer() {
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("==> RangerOzoneAuthorizer.RangerOzoneAuthorizer()");
+        }
+
+        this.init();
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerOzoneAuthorizer.RangerOzoneAuthorizer()");
+        }
+    }
+
+    private void init(){
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("==> RangerOzoneAuthorizer.init()");
+        }
+
+        try {
+
+            rangerPluginClassLoader = 
RangerPluginClassLoader.getInstance(RANGER_PLUGIN_TYPE, this.getClass());
+
+            @SuppressWarnings("unchecked")
+            Class<IAccessAuthorizer> cls = (Class<IAccessAuthorizer>) 
Class.forName(RANGER_OZONE_AUTHORIZER_IMPL_CLASSNAME, true, 
rangerPluginClassLoader);
+
+            activatePluginClassLoader();
+
+            ozoneAuthorizationProviderImpl = cls.newInstance();
+        } catch (Exception e) {
+            // check what need to be done
+            LOG.error("Error Enabling RangerOzonePlugin", e);
+        } finally {
+            deactivatePluginClassLoader();
+        }
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerOzoneAuthorizer.init()");
+        }
+    }
+
+    @Override
+    public boolean checkAccess(IOzoneObj ozoneObject, RequestContext context) 
throws OzoneAclException {
+
+        boolean ret = false;
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("==> RangerOzoneAuthorizer.checkAccess()");
+        }
+
+        try {
+            activatePluginClassLoader();
+
+            ret = ozoneAuthorizationProviderImpl.checkAccess(ozoneObject, 
context);
+        } finally {
+            deactivatePluginClassLoader();
+        }
+
+        if(LOG.isDebugEnabled()) {
+            LOG.debug("<== RangerOzoneAuthorizer.checkAccess()");
+        }
+
+        return ret;
+    }
+
+    private void activatePluginClassLoader() {
+        if(rangerPluginClassLoader != null) {
+            rangerPluginClassLoader.activate();
+        }
+    }
+
+    private void deactivatePluginClassLoader() {
+        if(rangerPluginClassLoader != null) {
+            rangerPluginClassLoader.deactivate();
+        }
+    }
+}
diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml
index 39fb054..449a112 100644
--- a/src/main/assembly/admin-web.xml
+++ b/src/main/assembly/admin-web.xml
@@ -179,6 +179,39 @@
        <include>org.apache.ranger:ranger-yarn-plugin</include>
      </includes>
     </moduleSet>
+    <moduleSet>
+          <binaries>
+              <includeDependencies>true</includeDependencies>
+              
<outputDirectory>/ews/webapp/WEB-INF/classes/ranger-plugins/ozone</outputDirectory>
+              <unpack>false</unpack>
+              <directoryMode>755</directoryMode>
+              <fileMode>644</fileMode>
+              <dependencySets>
+                  <dependencySet>
+                      <includes>
+                         
<include>org.apache.hadoop:hadoop-ozone-common:jar:${ozone.version}</include>
+                          
<include>org.apache.hadoop:hadoop-ozone-client:jar:${ozone.version}</include>
+                          
<include>org.apache.hadoop:hadoop-hdds-common:jar:${ozone.version}</include>
+                          
<include>org.apache.hadoop:hadoop-hdds-client:jar:${ozone.version}</include>
+                          
<include>org.apache.commons:commons-compress:jar:1.4.1</include>
+                          
<include>commons-net:commons-net:jar:${commons.net.version}</include>
+                          <include>com.google.guava:guava</include>
+                          
<include>io.jaegertracing:jaeger-core:jar:0.33.1</include>
+                          
<include>io.opentracing:opentracing-api:jar:0.31.0</include>
+                          
<include>io.opentracing:opentracing-noop:jar:0.31.0</include>
+                          
<include>io.opentracing:opentracing-util:jar:0.31.0</include>
+                          
<include>io.opentracing.contrib:opentracing-tracerresolver:jar:0.1.5</include>
+                          <include>com.google.protobuf:protobuf-java</include>
+                          
<include>org.apache.ratis:ratis-common:jar:0.2.0</include>
+                          
<include>org.apache.ratis:ratis-thirdparty-misc:jar:0.2.0</include>
+                      </includes>
+                  </dependencySet>
+              </dependencySets>
+          </binaries>
+          <includes>
+              <include>org.apache.ranger:ranger-ozone-plugin</include>
+          </includes>
+      </moduleSet>
 
     <moduleSet>
      <binaries>
@@ -259,6 +292,7 @@
                     
<include>commons-configuration:commons-configuration</include>
                     
<include>commons-io:commons-io:jar:${commons.io.version}</include>
                     <include>commons-lang:commons-lang</include>
+                    <include>commons-lang3:commons-lang3</include>
                     <include>commons-logging:commons-logging</include>
                     <include>com.google.guava:guava</include>
                     <include>org.slf4j:slf4j-api</include>
diff --git a/src/main/assembly/plugin-ozone.xml 
b/src/main/assembly/plugin-ozone.xml
new file mode 100644
index 0000000..504d205
--- /dev/null
+++ b/src/main/assembly/plugin-ozone.xml
@@ -0,0 +1,178 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<assembly>
+    <id>ozone-plugin</id>
+    <formats>
+        <format>tar.gz</format>
+        <format>zip</format>
+    </formats>
+    
<baseDirectory>${project.name}-${project.version}-ozone-plugin</baseDirectory>
+    <includeBaseDirectory>true</includeBaseDirectory>
+    <moduleSets>
+
+        <moduleSet>
+            <binaries>
+                <includeDependencies>false</includeDependencies>
+                <unpack>false</unpack>
+                <directoryMode>755</directoryMode>
+                <fileMode>644</fileMode>
+                <outputDirectory>/lib</outputDirectory>
+            </binaries>
+            <includes>
+                <include>org.apache.ranger:ranger-ozone-plugin-shim</include>
+                <include>org.apache.ranger:ranger-plugin-classloader</include>
+            </includes>
+        </moduleSet>
+
+        <moduleSet>
+            <binaries>
+                <includeDependencies>true</includeDependencies>
+                <dependencySets>
+                    <dependencySet>
+                        <outputDirectory>/install/lib</outputDirectory>
+                        <unpack>false</unpack>
+                        <includes>
+                            <include>commons-cli:commons-cli</include>
+                            
<include>commons-collections:commons-collections</include>
+                            
<include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include>
+                            
<include>commons-io:commons-io:jar:${commons.io.version}</include>
+                            <include>commons-lang:commons-lang</include>
+                            
<include>commons-logging:commons-logging:jar:${commons.logging.version}</include>
+                            
<include>com.google.guava:guava:jar:${google.guava.version}</include>
+                            
<include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
+                            
<include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include>
+                            
<include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
+                            
<include>org.apache.hadoop:hadoop-ozone:jar:0.4.0.3.0.100.0-SNAPSHOT</include>
+                            
<include>org.apache.hadoop:hadoop-hdds:jar:0.4.0.3.0.100.0-SNAPSHOT</include>
+                           
<include>com.fasterxml.woodstox:woodstox-core:jar:${fasterxml.woodstox.version}</include>
+                            
<include>org.codehaus.woodstox:stax2-api:jar:${codehaus.woodstox.stax2api.version}</include>
+                           
<include>org.apache.commons:commons-configuration2:jar:${commons.configuration2.version}</include>
+                           <include>com.sun.jersey:jersey-core</include>
+                            <include>com.sun.jersey:jersey-client</include>
+                            
<include>org.apache.htrace:htrace-core4:jar:${htrace-core.version}</include>
+                           <include>com.kstruct:gethostname4j</include>
+                           <include>net.java.dev.jna:jna</include>
+                            <include>net.java.dev.jna:jna-platform</include>
+                        </includes>
+                    </dependencySet>
+                </dependencySets>
+                <outputDirectory>/install/lib</outputDirectory>
+                <unpack>false</unpack>
+            </binaries>
+            <includes>
+                <include>org.apache.ranger:ranger-plugins-installer</include>
+                <include>org.apache.ranger:credentialbuilder</include>
+            </includes>
+        </moduleSet>
+
+        <moduleSet>
+            <binaries>
+                <includeDependencies>true</includeDependencies>
+                <unpack>false</unpack>
+                <directoryMode>755</directoryMode>
+                <fileMode>644</fileMode>
+                <dependencySets>
+                    <dependencySet>
+                        
<outputDirectory>/lib/ranger-ozone-plugin-impl</outputDirectory>
+                        <includes>
+                            
<include>org.eclipse.persistence:javax.persistence</include>
+                            
<include>org.eclipse.persistence:eclipselink</include>
+                            
<include>org.apache.httpcomponents:httpmime:jar:${httpcomponents.httpmime.version}</include>
+                            
<include>org.apache.httpcomponents:httpclient:jar:${httpcomponents.httpclient.version}</include>
+                            
<include>org.apache.httpcomponents:httpcore:jar:${httpcomponents.httpcore.version}</include>
+                            
<include>org.noggit:noggit:jar:${noggit.version}</include>
+                            <include>org.apache.solr:solr-solrj</include>
+                           
<include>com.fasterxml.woodstox:woodstox-core:jar:${fasterxml.woodstox.version}</include>
+                            
<include>org.codehaus.woodstox:stax2-api:jar:${codehaus.woodstox.stax2api.version}</include>
+                           
<include>org.apache.commons:commons-configuration2:jar:${commons.configuration2.version}</include>
+                           <include>com.sun.jersey:jersey-core</include>
+                            <include>com.sun.jersey:jersey-client</include>
+                            
<include>org.apache.htrace:htrace-core4:jar:${htrace-core.version}</include>
+                           <include>commons-lang:commons-lang</include>
+                           <include>com.kstruct:gethostname4j</include>
+                           <include>net.java.dev.jna:jna</include>
+                            <include>net.java.dev.jna:jna-platform</include>
+                        </includes>
+                        <unpack>false</unpack>
+                    </dependencySet>
+                </dependencySets>
+                
<outputDirectory>/lib/ranger-ozone-plugin-impl</outputDirectory>
+            </binaries>
+            <includes>
+                <include>org.apache.ranger:ranger-plugins-audit</include>
+                <include>org.apache.ranger:ranger-plugins-cred</include>
+                <include>org.apache.ranger:ranger-plugins-common</include>
+                <include>org.apache.ranger:ranger-ozone-plugin</include>
+            </includes>
+        </moduleSet>
+
+    </moduleSets>
+    <fileSets>
+        <fileSet>
+            <outputDirectory>/install/conf.templates/enable</outputDirectory>
+            <directory>plugin-ozone/conf</directory>
+            <excludes>
+                <exclude>*.sh</exclude>
+            </excludes>
+            <fileMode>700</fileMode>
+        </fileSet>
+        <fileSet>
+            <outputDirectory>/install/conf.templates/disable</outputDirectory>
+            <directory>plugin-ozone/disable-conf</directory>
+            <fileMode>700</fileMode>
+        </fileSet>
+        <fileSet>
+            <outputDirectory>/install/conf.templates/default</outputDirectory>
+            <directory>plugin-ozone/template</directory>
+            <fileMode>700</fileMode>
+        </fileSet>
+        <fileSet>
+            <outputDirectory>/</outputDirectory>
+            <directory>${project.build.outputDirectory}</directory>
+            <includes>
+                <include>version</include>
+            </includes>
+            <fileMode>444</fileMode>
+        </fileSet>
+    </fileSets>
+    <files>
+        <file>
+            <source>agents-common/scripts/enable-agent.sh</source>
+            <outputDirectory>/</outputDirectory>
+            <destName>enable-ozone-plugin.sh</destName>
+            <fileMode>755</fileMode>
+        </file>
+        <file>
+            <source>agents-common/scripts/enable-agent.sh</source>
+            <outputDirectory>/</outputDirectory>
+            <destName>disable-ozone-plugin.sh</destName>
+            <fileMode>755</fileMode>
+        </file>
+        <file>
+            <source>plugin-ozone/scripts/install.properties</source>
+            <outputDirectory>/</outputDirectory>
+            <destName>install.properties</destName>
+            <fileMode>755</fileMode>
+        </file>
+        <file>
+            <source>security-admin/scripts/ranger_credential_helper.py</source>
+            <outputDirectory>/</outputDirectory>
+            <fileMode>755</fileMode>
+        </file>
+    </files>
+</assembly>

Reply via email to