Thanks for your quick response.Please find my queries inline.
On Fri, Dec 11, 2015 at 4:55 AM, Ramesh Mani <[email protected]> wrote: If you have created a CustomService, and if you want to authorize the > access of components/resources in your CustomService, then you need to have > default authorizer in your CustomService to do authorization, which you > will extend in your Ranger custom plugin and will be called when your > CustomService needs authorization check. > [*Aruna] : It would be great if you could provide a snippet/example where the authoriser code present in the plugin is invoked by the existing services (hive/hdfs/storm/kafka) for authorisation. This would give me a better picture as to how it exactly works.* > For logging, as you had seen it uses log4j you can have log4j appender in > the log4.properties and get the log, all hadoop components have their log4j > properties file where it specify the location it puts the log. > By default it is /var/log/hadoop/ for hadoop. > *[Aruna] : there are many log4j.properties in the ranger code base and there is no specific log4j.properties for each of the plugins. Hence, which log4j.properties do i need to modify. My aim is to see all the logs generated by my custom plugin. This would enable me to debug the code better.* [Aruna ] : The other thing i wanted to know was how does one start the plugin or rather initiate the plugin which polls for the policies. I see that the enable-<service>-plugin.sh scripts sets the environment and copies property files to the right locations, but i dont see where the authoriser is instantiated in order to invoke the init() method of the RangerbasePlugin. > Thanks for all your help > Aruna > > From: Aruna Sivaram <[email protected]> > Reply-To: "[email protected]" < > [email protected]> > Date: Wednesday, December 9, 2015 at 9:45 PM > To: "[email protected]" <[email protected]> > Subject: Queries on the developement for a new custom plugin > > I am using ranger 0.5 for the access control. We are planning to develop a > custom plugin which we plan to integrate with the ranger framework. This > custom plugin will be used for access control of our components. In order > to explore this possibility, i have written a custom plugin as per the > example given in the link > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741207 > > Since this is a custom plugin, my authoriser class > (CustomServiceAuthoriser), will not be extending any of the hadoop security > classes (Eg in case of storm or hive, the RangerStormAuthoriser implements > IAuthorizer and RangerYarnAuthorizer extends YarnAuthorizationProvider. I > have created the repository and policies for the same through the rest web > service. > > > I have written the custom service authoriser as per the example and > deployed the same on the sandbox. I have a service named CustomService. > What i wanted to know is how the customservice will communicate with my > customserviceauthoriser which is contained in my plugin. Currently i dont > find any documentation which talks about the mode of communication or > rather how the plugin class will be invoked by the service. > > I am relatively new to ranger so may be I am missing something ? > > Also, i would like to know the location of the log where each of the > plugin classes would be logging. This will help us in debugging the flow. I > see a lot of log statements in the ranger plugin code base but am unable to > find the location of the logs. > > Secondly, can ranger be used to develop custom plugins for access control > of non hadoop components? > > Any help from your end would be appreciated > > -- > Regards > Aruna Sivaram > -- Regards Aruna Sivaram
