Thanks for your response Abhay.

One small query. For integrating custom service with ranger, it is required 
that the service should send request with  ‘rangerRequest.setUserGroups()’ to 
set list of groups to which a user belongs. Only then group based policies will 
take effect. My question is Apache Ranger already has all the user to group 
mapping information (via user sync if LDAP is enabled etc). Why is 
setUserGroups() required for each request ?

Regards,
Rajat

From: Abhay Kulkarni 
<akulka...@hortonworks.com<mailto:akulka...@hortonworks.com>>
Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" 
<user@ranger.apache.org<mailto:user@ranger.apache.org>>
Date: Wednesday, 23 May 2018 at 10:05 PM
To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" 
<user@ranger.apache.org<mailto:user@ranger.apache.org>>
Subject: Re: Custom service integration and Tag based policies

Hi Rajat,

Here are the steps required to enable Tagsync to map custom Atlas Entities to 
Ranger Entities (aka Service Resources).

  *   Provide an implementation of AtlasResourceMapper Java class. You may look 
up other implementation classes such as AtlasHdfsResourceMapper or 
AtlasHiveResourceMapper which map hfds and hive Atlas entities to Ranger 
Service Resources respectively. Specifically, you need to implement 
buildResource() member function where your component’s RangerAtlasEntity object 
needs to be converted to generic RangerServiceResource object.
  *   Set up the following Tagsync configuration parameter in 
ranger-tagsync-site.xml file. If using Ambari, you may do this by going to 
'Ranger->Configs->Advanced->Custom ranger-tagsync-site->Add Property’.

ranger.tagsync.atlas.custom.resource.mappers=<fully-qualified-name-of-the-implementation-class>

  *   Ensure that the implementation class is in the class-path of tagsync. One 
way to do this is to place the JAR containing the implementation class in 
/usr/hdp/current/ranger-tagsync/lib directory.
  *   Restart tagsync.
  *   Check /var/log/ranger/tagsync/tagsync.out and 
/var/log/ranger/tagsync/tagsync.log files to ensure that there are no errors in 
initializing AtlasTagSource.

Hope this helps.

Thanks,
-Abhay




From: Rajat Goel <rajat.g...@guavus.com<mailto:rajat.g...@guavus.com>>
Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" 
<user@ranger.apache.org<mailto:user@ranger.apache.org>>
Date: Wednesday, May 23, 2018 at 7:02 AM
To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" 
<user@ranger.apache.org<mailto:user@ranger.apache.org>>
Subject: Custom service integration and Tag based policies

Hi,

I am new to Ranger. I am trying to integrate my custom web service with Ranger 
for authorisation and policy management. I have successfully tested Resource 
based policy management integration of my web service with Ranger. Now I want 
to integrate and enable Tag based policy. I have added my custom types and 
entities in Atlas. How can I provide tag based policy and authorisation?

While reading some documentation and code, I found that I will have to add 
implementation of ‘AtlasResourceMapper.java’ in Ranger Tag sync process on the 
lines of AtlasKafkaResourceMapper.java. Is my understanding correct? Can 
someone point me to any documentation on how to write a custom class which 
extends AtlasResourceMapper? Also, are there more steps/code that needs to be 
written or just the AtlasResourceMapper implementation will suffice?

Thanks & Regards,
Rajat

Reply via email to