Hello Larry, Thanks for your reply and help. I believe too that Ranger's Knox plugin code is where we need to change and I already did it. I was looking for a way of somehow extending the Ranger's Knox plugin or integrating my plug-in with it, not directly changing the Ranger's Knox plugin.
Thanks Ebrhim On Tue, Dec 8, 2020 at 11:36 PM larry mccay <[email protected]> wrote: > Hi Ebrahim - > > I tried replying to the Ranger thread but my subscription seems messed up. > > I believe that Bosco was referring to the interface within the Ranger Knox > Plugin code that would need to change ALONG with the Ranger side changes > you already made. > Based on what I see in [1], there is no change needed in the Knox code > base as this is all in Ranger. > You would want to push the HTTP verb from the request that is acquired in > the filter into the authorization interface which is in the same package in > Ranger. > > Of course, you could also either extend or create a new Authorization > Provider in Knox as well but that will not give you the central access > policy authoring and management that Ranger provides. > > thanks, > > --larry > > > 1. > https://github.com/apache/ranger/blob/master/knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java#L146 > > On Tue, Dec 8, 2020 at 2:59 PM Ebrahim Khalil Abbasi < > [email protected]> wrote: > >> Hi there, >> I am using knox to access livy to manage spark sessions. To implement >> authorization I want to provide the method level (get/post/delete/...) >> authorization. I implemented a new HTTP Service plugin in Ranger but I need >> to integrate it to the knox or the Ranger's knox plugin so that each HTTP >> request to the knox is authorized based on the method. >> >> It seems there are two possibilities, one is to update the Knox's >> authorization interface and another is to update the Ranger's Knox plugin. >> >> Would you please suggest a better solution? >> Thanks >> Ebrahim >> >
