Hi Ebrahim - I tried replying to the Ranger thread but my subscription seems messed up.
I believe that Bosco was referring to the interface within the Ranger Knox Plugin code that would need to change ALONG with the Ranger side changes you already made. Based on what I see in [1], there is no change needed in the Knox code base as this is all in Ranger. You would want to push the HTTP verb from the request that is acquired in the filter into the authorization interface which is in the same package in Ranger. Of course, you could also either extend or create a new Authorization Provider in Knox as well but that will not give you the central access policy authoring and management that Ranger provides. thanks, --larry 1. https://github.com/apache/ranger/blob/master/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java#L146 On Tue, Dec 8, 2020 at 2:59 PM Ebrahim Khalil Abbasi < [email protected]> wrote: > Hi there, > I am using knox to access livy to manage spark sessions. To implement > authorization I want to provide the method level (get/post/delete/...) > authorization. I implemented a new HTTP Service plugin in Ranger but I need > to integrate it to the knox or the Ranger's knox plugin so that each HTTP > request to the knox is authorized based on the method. > > It seems there are two possibilities, one is to update the Knox's > authorization interface and another is to update the Ranger's Knox plugin. > > Would you please suggest a better solution? > Thanks > Ebrahim >
