Hi Madhan, It is indeed nice to note a pluggable component is coming up. Thanks very much for the pointers. Sridhar
On Fri, Jan 30, 2015 at 2:42 PM, Madhan Neethiraj < [email protected]> wrote: > Sridhar, > > To make it easier to integrate new components into Ranger, the team is > working on a pluggable-service-model implementation. This development is > being done in Œstack¹ branch of Ranger and should be ready/available for > use in a week or two. This would significantly reduce the effort needed to > add support for a new component. > > Here are the high level steps to integrate a new component into Ranger: > 1. Define various aspects of the service (component) - like resources, > access-types, configuration etc. in a JSON file. > 2. Import the service definition to Ranger. > After this step, it will be possible to create services (currently > called repositories) and policies in Ranger Admin. > 3. Implement the plugin for the service, to: > - intercept the resource accesses in the service > - create an access request with details of the resource, access-type, > user, etc > - call Ranger policy-engine to authorize the access and generate audit > - allow or deny access to the resource based on the result returned > 4. Install and configure the plugin to run in the service > > > Until more detailed documentation is available, I would suggest looking at > stack branch for the implementation of HDFS plugin > (RangerFSPermissionChecker.java) and Hive plugin > (RangerHiveAuthorizer.java). For details of the service-definition, you > can refer to the attached JSON for HDFS service-type. > > Hope this helps. > > Thanks, > Madhan > > On 1/29/15, 8:37 PM, "Sridhar S" <[email protected]> wrote: > > >Hi, > > Any help on the below would be much appreciated. > >Sridhar > > > >On Sat, Jan 24, 2015 at 4:15 PM, Sridhar S <[email protected]> > >wrote: > > > >> Hi, > >> I am attempting to create a new component with the following policy - > >> User Permissions would have a list of users with allowed datatypes for > >>each > >> user. Other fields such as name, audit logging remain the same as in the > >> existing HDFS policy details. I would like to first code the server > >> changes to the new component and test it independently of the front end. > >> Which file/enum should i create the new repositoryType in? > >> Since there are no new fields (permList of VXPermObj can store the list > >> of allowed datatypes), i do not have to change the VXPolicy or > >>VXRepository > >> nor the entity objects. Is this assumption correct? > >> Any help appreciated. > >> Sridhar > >> > > > > > > > >-- > >Sridhar > > -- Sridhar
