Apache Ranger2 源码导入IDEA并运行调试Hive Policy等

最新推荐文章于 2023-07-24 14:07:29 发布
最新推荐文章于 2023-07-24 14:07:29 发布
阅读量973 收藏
点赞数 2
分类专栏: ranger 文章标签: idea java apache
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/shlpeng/article/details/120569021
版权

前言

Apache Ranger是什么,它是一个为Hadoop平台提供了全面的数据安全访问控制及监控的集中式管理框架,Apache顶级项目。不废话了,其实本篇没那么高大上,就是一步步教你如何将Ranger源码导入到IDEA,并运行调试其web模块。

环境说明

环境

版本

备注

system

Mac Intel Chip

java

1.8.0_292

mysql

5.7.35

mysql-connector-java

5.1.31

maven

3.8.1

tomcat

8.5.69

1,适用于ranger 2.2

2,需要保证tomcat的安装目录有足够的权限,笔者简单的执行了

chmod -R 777 apache-tomcat-8.5.69

tomcat

7.0.109

1,适用于ranger release-ranger-2.1.0

2,需要保证tomcat的安装目录有足够的权限,笔者简单的执行了

chmod -R 777 apache-tomcat-7.0.109

3,旧版本的tomcat可以移步寻找:http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.109/bin/ -> apache-tomcat-7.0.109.zip

导入源码

1.第一步当然是下载源码,这里选用了最新版2.2

git clone https://github.com/apache/ranger.git
git checkout ranger-2.2

2.编译,这里选择编译全部,当然也可以选择具体模块进行编译,耗时会比较长

mvn -DskipTests=true clean compile package install assembly:assembly

  如笔者注释了storm、solr、tagsync、atlas、sqoop、kylin等模块:

3.添加idea相关配置及依赖

mvn idea:idea

4.直接导入就行了,what?你不会连导入都不会吧

导入

运行调试security-admin web模块

先初始化数据库,这里推荐选用MySQL,PostgreSQL我初始化的时候报了N多错,直接放弃了。

配置Ranger Admin

以下更改的文件路径:security-admin/src/main/resources/conf.dist/ranger-admin-site.xml

配置审计日志,没有装solr可以不用管

<property>
    <name>ranger.audit.solr.urls</name>
    <value>http://localhost:6083/solr/ranger_audits</value>
    <description></description>
</property>

<property>
    <name>ranger.audit.source.type</name>
    <value>solr</value>
    <description></description>
</property>

配置Ranger数据库及用户名密码

<property>
    <name>ranger.jpa.jdbc.url</name>
    <value>jdbc:log4jdbc:mysql://localhost:3306/ranger</value>
    <description></description>
</property>
<property>
    <name>ranger.jpa.jdbc.user</name>
    <value>admin</value>
    <description></description>
</property>
<property>
    <name>ranger.jpa.jdbc.password</name>
    <value>admin</value>
    <description></description>
</property>

配置web

这里有二种方式:

第一种 将security-admin/src/main/resources/conf.dist 设置为resources目录

resources

修改security-admin/src/main/webapp/WEB-INF/web.xml

<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>META-INF/applicationContext.xml
 WEB-INF/classes/security-applicationContext.xml
 META-INF/scheduler-applicationContext.xml</param-value>
 </context-param>

修改security-admin/src/main/webapp/META-INF/applicationContext.xml

    <property name="locations">
        <list>
            <!-- <value>classpath:xa_default.properties</value> -->
            <!-- <value>classpath:xa_system.properties</value> -->
            <!-- <value>classpath:xa_custom.properties</value> -->
            <!-- <value>classpath:xa_ldap.properties</value> -->
            <!-- <value>classpath:core-site.xml</value> -->
            <value>classpath:ranger-admin-default-site.xml</value>
            <value>classpath:ranger-admin-site.xml</value>
        </list>
    </property>

第二种 只修改配置文件

修改security-admin/src/main/webapp/WEB-INF/web.xml

<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>META-INF/applicationContext.xml
 WEB-INF/classes/conf.dist/security-applicationContext.xml
 META-INF/scheduler-applicationContext.xml</param-value>
 </context-param>

修改security-admin/src/main/webapp/META-INF/applicationContext.xml

    <property name="locations">
        <list>
            <!-- <value>classpath:xa_default.properties</value> -->
            <!-- <value>classpath:xa_system.properties</value> -->
            <!-- <value>classpath:xa_custom.properties</value> -->
            <!-- <value>classpath:xa_ldap.properties</value> -->
            <!-- <value>classpath:conf.dist/core-site.xml</value> -->
            <value>classpath:conf.dist/ranger-admin-default-site.xml</value>
            <value>classpath:conf.dist/ranger-admin-site.xml</value>
        </list>
    </property>

数据库配置

1.新建ranger数据库

create database ranger character set utf8;

2.执行两个初始化sql文件

mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql
mysql_audit_file=db/mysql/xa_audit_db.sql

3.正常执行完第2步,可跳过该步骤;如果报错:“Specified key was too long; max key length is 767 bytes”,则先执行(具体原因google)

set global innodb_file_format = BARRACUDA;
set global innodb_large_prefix = ON;

​4.执行sql的时候要留意是否报错

ERROR 1418 (HY000) at line 1599 in file: 'ranger_core_db_mysql.sql': 
This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled 
(you *might* want to use the less safe log_bin_trust_function_creators variable) 
Query OK, 0 rows affected, 1 warning (0.00 sec) 
ERROR 1418 (HY000) at line 1609 in file: 'ranger_core_db_mysql.sql': 
This function has none of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary logging is enabled 
(you *might* want to use the less safe log_bin_trust_function_creators variable) 
Query OK, 1 row affected (0.01 sec)

如果出现这个报错,那么代表 getXportalUIdByLoginId 方法创建失败,后续通过getXportalUIdByLoginId 拿数据的dml都将报错,导致数据插入失败。​

详细可见:you *might* want to use the less safe log_bin_trust_function_creators variable_胡嚞衎的博客-CSDN博客一、报错过程在MySQL8.0.13上创建自定义函数时出现此错误。二、报错原因因为MySQL8.0二进制日志默认开启,二进制日志的一个重要功能是用于主从复制,而存储函数有可能导致主从的数据不一致。所以当开启二进制日志后,参数log_bin_trust_function_creators就会生效,限制存储函数的创建、修改、调用。点我,查看官方文档三、解决问题方法一如果未使用主从复制,则...https://blog.csdn.net/hu_zhe_kan/article/details/104465614

笔者整理了执行失败的dml语句(直接用getXportalUIdByLoginId结果代入):

INSERT INTO x_portal_user_role (id, create_time, update_time, added_by_id, upd_by_id, user_id, user_role, status) VALUES (1, '2021-09-29 11:39:15', '2021-09-29 11:39:15', null, null, 1, 'ROLE_SYS_ADMIN', 1);
INSERT INTO x_portal_user_role (id, create_time, update_time, added_by_id, upd_by_id, user_id, user_role, status) VALUES (2, '2021-09-29 11:39:15', '2021-09-29 11:39:15', null, null, 2, 'ROLE_SYS_ADMIN', 1);
INSERT INTO x_portal_user_role (id, create_time, update_time, added_by_id, upd_by_id, user_id, user_role, status) VALUES (3, '2021-09-29 11:39:15', '2021-09-29 11:39:15', null, null, 3, 'ROLE_KEY_ADMIN', 1);
INSERT INTO x_portal_user_role (id, create_time, update_time, added_by_id, upd_by_id, user_id, user_role, status) VALUES (4, '2021-09-29 11:39:15', '2021-09-29 11:39:15', null, null, 4, 'ROLE_SYS_ADMIN', 1);

INSERT INTO x_group (id, create_time, update_time, added_by_id, upd_by_id, group_name, descr, status, group_type, cred_store_id, group_src, is_visible, other_attributes) VALUES (1, '2021-09-29 11:39:15', '2021-09-29 11:39:15', 1, 1, 'public', 'public group', 0, 0, null, 0, 1, null);

INSERT INTO x_modules_master (id, create_time, update_time, added_by_id, upd_by_id, module, url) VALUES (1, '2021-09-29 11:39:16', '2021-09-29 11:39:16', 1, 1, 'Resource Based Policies', '');
INSERT INTO x_modules_master (id, create_time, update_time, added_by_id, upd_by_id, module, url) VALUES (2, '2021-09-29 11:39:16', '2021-09-29 11:39:16', 1, 1, 'Users/Groups', '');
INSERT INTO x_modules_master (id, create_time, update_time, added_by_id, upd_by_id, module, url) VALUES (3, '2021-09-29 11:39:16', '2021-09-29 11:39:16', 1, 1, 'Reports', '');
INSERT INTO x_modules_master (id, create_time, update_time, added_by_id, upd_by_id, module, url) VALUES (4, '2021-09-29 11:39:16', '2021-09-29 11:39:16', 1, 1, 'Audit', '');
INSERT INTO x_modules_master (id, create_time, update_time, added_by_id, upd_by_id, module, url) VALUES (5, '2021-09-29 11:39:16', '2021-09-29 11:39:16', 1, 1, 'Key Manager', '');
INSERT INTO x_modules_master (id, create_time, update_time, added_by_id, upd_by_id, module, url) VALUES (6, '2021-09-29 11:39:16', '2021-09-29 11:39:16', 1, 1, 'Tag Based Policies', '');
INSERT INTO x_modules_master (id, create_time, update_time, added_by_id, upd_by_id, module, url) VALUES (7, '2021-09-29 11:39:16', '2021-09-29 11:39:16', 1, 1, 'Security Zone', '');

INSERT INTO x_security_zone (id, create_time, update_time, added_by_id, upd_by_id, version, name, jsonData, description) VALUES (1, '2021-09-29 11:39:16', '2021-09-29 11:39:16', 1, 1, 1, ' ', '', 'Unzoned zone');

INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (1, 1, 3, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (2, 1, 1, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (3, 1, 4, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (4, 1, 2, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (5, 1, 6, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (6, 2, 3, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (7, 2, 1, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (8, 2, 4, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (9, 2, 2, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (10, 2, 6, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (11, 3, 5, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (12, 3, 3, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (13, 3, 1, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (14, 4, 3, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (15, 4, 1, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (16, 4, 4, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (17, 4, 2, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (18, 4, 6, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (19, 3, 2, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (20, 3, 4, '2021-09-29 11:39:18', '2021-09-29 11:39:18', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (21, 1, 7, '2021-09-29 11:39:19', '2021-09-29 11:39:19', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (22, 2, 7, '2021-09-29 11:39:19', '2021-09-29 11:39:19', 1, 1, 1);
INSERT INTO x_user_module_perm (id, user_id, module_id, create_time, update_time, added_by_id, upd_by_id, is_allowed) VALUES (23, 4, 7, '2021-09-29 11:39:19', '2021-09-29 11:39:19', 1, 1, 1);

INSERT INTO x_ranger_global_state (id, create_time, update_time, added_by_id, upd_by_id, version, state_name, app_data) VALUES (1, '2021-09-29 11:39:19', '2021-09-29 11:39:19', 1, 1, 1, 'RangerRole', '{"Version":"1"}');
INSERT INTO x_ranger_global_state (id, create_time, update_time, added_by_id, upd_by_id, version, state_name, app_data) VALUES (2, '2021-09-29 11:39:19', '2021-09-29 11:39:19', 1, 1, 1, 'RangerUserStore', '{"Version":"1"}');
INSERT INTO x_ranger_global_state (id, create_time, update_time, added_by_id, upd_by_id, version, state_name, app_data) VALUES (3, '2021-09-29 11:39:19', '2021-09-29 11:39:19', 1, 1, 1, 'RangerSecurityZone', '{"Version":"1"}');

添加tomcat

tomcat

然后就可以运行调试了,尽情的debug调试吧。

访问问题

1.admin/admin访问,Sign in一直转圈圈

2.通过调试发现“No suitable driver”

3.在ranger/security-admin/target/security-admin-web-2.2.0/WEB-INF/lib

或ranger/security-admin/target/ranger-2.1.0/WEB-INF/lib(不同版本这里对应的路径不同)

中添加上“mysql-connector-java-5.1.31.jar”(关于mysql-connector-java的版本号未有定论,一劳永逸的fix也未有定论)

4.一顿瞎操作后重启tomcat,正常访问

 调试Hive Policy

如图所示,在目录 ranger/security-admin/target/security-admin-web-2.1.0/WEB-INF/classes/ranger-plugins/hive 下放上了hive plugin,其他插件雷同

调试xuser和policy所用postman:

{
	"info": {
		"_postman_id": "91f4e58b-e727-48ae-a960-1f405c8c8beb",
		"name": "ranger",
		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
	},
	"item": [
		{
			"name": "/service/xusers/secure/users",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "POST",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"body": {
					"mode": "raw",
					"raw": "{\n    \"name\": \"test111034\",\n    \"password\": \"Aa123456\",\n    \"firstName\": \"test1110\",\n    \"lastName\": \"\",\n    \"emailAddress\": \"\",\n    \"userRoleList\": [\n        \"ROLE_USER\"\n    ],\n    \"groupIdList\": null,\n    \"status\": 1\n}",
					"options": {
						"raw": {
							"language": "json"
						}
					}
				},
				"url": {
					"raw": "http://localhost:8080/service/xusers/secure/users",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"xusers",
						"secure",
						"users"
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/xusers/users/userName/{userName}",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "GET",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"url": {
					"raw": "http://localhost:8080/service/xusers/users/userName/test11102",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"xusers",
						"users",
						"userName",
						"test11102"
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/xusers/users/userName/{userName}",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "DELETE",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"url": {
					"raw": "http://localhost:8080/service/xusers/users/userName/test11102?forceDelete=true",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"xusers",
						"users",
						"userName",
						"test11102"
					],
					"query": [
						{
							"key": "forceDelete",
							"value": "true"
						}
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/xusers/secure/users/{userName}",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "DELETE",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"url": {
					"raw": "http://localhost:8080/service/xusers/secure/users/test11102?forceDelete=true",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"xusers",
						"secure",
						"users",
						"test11102"
					],
					"query": [
						{
							"key": "forceDelete",
							"value": "true"
						}
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/plugins/policies",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "POST",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"body": {
					"mode": "raw",
					"raw": "{\n    \"policyType\": \"0\",\n    \"name\": \"test1110_pol2\",\n    \"isEnabled\": true,\n    \"policyPriority\": 0,\n    \"policyLabels\": [],\n    \"description\": \"description\",\n    \"isAuditEnabled\": true,\n    \"resources\": {\n        \"database\": {\n            \"values\": [\n                \"db1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"table\": {\n            \"values\": [\n                \"tb1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"column\": {\n            \"values\": [\n                \"*\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        }\n    },\n    \"isDenyAllElse\": false,\n    \"policyItems\": [\n        {\n            \"users\": [\n                \"test11102\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                },\n                {\n                    \"type\": \"read\",\n                    \"isAllowed\": true\n                }\n            ]\n        }\n    ],\n    \"allowExceptions\": [],\n    \"denyPolicyItems\": [],\n    \"denyExceptions\": [],\n    \"service\": \"hive_ser\"\n}",
					"options": {
						"raw": {
							"language": "json"
						}
					}
				},
				"url": {
					"raw": "http://localhost:8080/service/plugins/policies",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"plugins",
						"policies"
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/plugins/policies/9",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "PUT",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"body": {
					"mode": "raw",
					"raw": "{\n    \"id\": 9,\n    \"guid\": \"7c44b325-c4a8-4cda-9e0d-8230efd02baf\",\n    \"isEnabled\": true,\n    \"createdBy\": \"Admin\",\n    \"updatedBy\": \"Admin\",\n    \"createTime\": 1636490859000,\n    \"updateTime\": 1636490859000,\n    \"version\": 1,\n    \"service\": \"hive_ser\",\n    \"name\": \"test1110_pol\",\n    \"policyType\": 0,\n    \"policyPriority\": 0,\n    \"description\": \"description\",\n    \"resourceSignature\": \"9679f30b678a5e1e2013be629c0fbc8c3e29ba9949375e9c16e5b9431f67c0af\",\n    \"isAuditEnabled\": true,\n    \"resources\": {\n        \"database\": {\n            \"values\": [\n                \"db1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"table\": {\n            \"values\": [\n                \"tb1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"column\": {\n            \"values\": [\n                \"*\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        }\n    },\n    \"policyItems\": [\n        {\n            \"users\": [\n                \"test11102\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                },\n                {\n                    \"type\": \"read\",\n                    \"isAllowed\": true\n                }\n            ]\n        },\n        {\n            \"users\": [\n                \"test11103\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                }\n            ]\n        }\n    ],\n    \"denyPolicyItems\": [],\n    \"allowExceptions\": [],\n    \"denyExceptions\": [],\n    \"dataMaskPolicyItems\": [],\n    \"rowFilterPolicyItems\": [],\n    \"serviceType\": \"hive\",\n    \"options\": {},\n    \"validitySchedules\": [],\n    \"policyLabels\": [],\n    \"zoneName\": \"\",\n    \"isDenyAllElse\": false\n}",
					"options": {
						"raw": {
							"language": "json"
						}
					}
				},
				"url": {
					"raw": "http://localhost:8080/service/plugins/policies/9",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"plugins",
						"policies",
						"9"
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/plugins/policies/9 精简版",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "PUT",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"body": {
					"mode": "raw",
					"raw": "{\n    \"id\": 9,\n    \"isEnabled\": true,\n    \"service\": \"hive_ser\",\n    \"name\": \"test1110_pol\",\n    \"policyType\": 0,\n    \"policyPriority\": 0,\n    \"description\": \"description\",\n    \"isAuditEnabled\": true,\n    \"resources\": {\n        \"database\": {\n            \"values\": [\n                \"db1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"table\": {\n            \"values\": [\n                \"tb1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"column\": {\n            \"values\": [\n                \"*\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        }\n    },\n    \"policyItems\": [\n        {\n            \"users\": [\n                \"test11102\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                },\n                {\n                    \"type\": \"read\",\n                    \"isAllowed\": true\n                }\n            ]\n        },\n        {\n            \"users\": [\n                \"test11103\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                }\n            ]\n        }\n    ],\n    \"denyPolicyItems\": [],\n    \"allowExceptions\": [],\n    \"denyExceptions\": [],\n    \"policyLabels\": [],\n    \"isDenyAllElse\": false\n}",
					"options": {
						"raw": {
							"language": "json"
						}
					}
				},
				"url": {
					"raw": "http://localhost:8080/service/plugins/policies/9",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"plugins",
						"policies",
						"9"
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/public/v2/api/service/hive_ser/policy/{policyname}",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "GET",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"url": {
					"raw": "http://localhost:8080/service/public/v2/api/service/hive_ser/policy/test1110_pol",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"public",
						"v2",
						"api",
						"service",
						"hive_ser",
						"policy",
						"test1110_pol"
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/public/v2/api/service/hive_ser/policy/test1110_pol",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "PUT",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"body": {
					"mode": "raw",
					"raw": "{\n    \"id\": 9,\n    \"isEnabled\": true,\n    \"service\": \"hive_ser\",\n    \"name\": \"test1110_pol\",\n    \"policyType\": 0,\n    \"policyPriority\": 0,\n    \"description\": \"description\",\n    \"isAuditEnabled\": true,\n    \"resources\": {\n        \"database\": {\n            \"values\": [\n                \"db1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"table\": {\n            \"values\": [\n                \"tb1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"column\": {\n            \"values\": [\n                \"*\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        }\n    },\n    \"policyItems\": [\n        {\n            \"users\": [\n                \"test11102\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                },\n                {\n                    \"type\": \"read\",\n                    \"isAllowed\": true\n                }\n            ]\n        },\n        {\n            \"users\": [\n                \"test11103\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                }\n            ]\n        },\n        {\n            \"users\": [\n                \"123456\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                }\n            ]\n        }\n    ],\n    \"denyPolicyItems\": [],\n    \"allowExceptions\": [],\n    \"denyExceptions\": [],\n    \"policyLabels\": [],\n    \"isDenyAllElse\": false\n}",
					"options": {
						"raw": {
							"language": "json"
						}
					}
				},
				"url": {
					"raw": "http://localhost:8080/service/public/v2/api/service/{servicename}/policy/{policyname}",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"public",
						"v2",
						"api",
						"service",
						"{servicename}",
						"policy",
						"{policyname}"
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/public/v2/api/policy?servicename=hive_ser&policyname=d",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "DELETE",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"body": {
					"mode": "raw",
					"raw": "{\n    \"id\": 9,\n    \"isEnabled\": true,\n    \"service\": \"hive_ser\",\n    \"name\": \"test1110_pol\",\n    \"policyType\": 0,\n    \"policyPriority\": 0,\n    \"description\": \"description\",\n    \"isAuditEnabled\": true,\n    \"resources\": {\n        \"database\": {\n            \"values\": [\n                \"db1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"table\": {\n            \"values\": [\n                \"tb1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"column\": {\n            \"values\": [\n                \"*\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        }\n    },\n    \"policyItems\": [\n        {\n            \"users\": [\n                \"test11102\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                },\n                {\n                    \"type\": \"read\",\n                    \"isAllowed\": true\n                }\n            ]\n        },\n        {\n            \"users\": [\n                \"test11103\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                }\n            ]\n        },\n        {\n            \"users\": [\n                \"123456\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                }\n            ]\n        }\n    ],\n    \"denyPolicyItems\": [],\n    \"allowExceptions\": [],\n    \"denyExceptions\": [],\n    \"policyLabels\": [],\n    \"isDenyAllElse\": false\n}",
					"options": {
						"raw": {
							"language": "json"
						}
					}
				},
				"url": {
					"raw": "http://localhost:8080/service/public/v2/api/policy?servicename=hive_ser&policyname=d",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"public",
						"v2",
						"api",
						"policy"
					],
					"query": [
						{
							"key": "servicename",
							"value": "hive_ser"
						},
						{
							"key": "policyname",
							"value": "d"
						}
					]
				}
			},
			"response": []
		},
		{
			"name": "/service/public/v2/api/policy",
			"request": {
				"auth": {
					"type": "basic",
					"basic": [
						{
							"key": "password",
							"value": "admin",
							"type": "string"
						},
						{
							"key": "username",
							"value": "admin",
							"type": "string"
						}
					]
				},
				"method": "POST",
				"header": [
					{
						"key": "Accept",
						"value": "application/json",
						"type": "text"
					}
				],
				"body": {
					"mode": "raw",
					"raw": "{\n    \"policyType\": \"0\",\n    \"name\": \"test1110_pol23\",\n    \"isEnabled\": true,\n    \"policyPriority\": 0,\n    \"policyLabels\": [],\n    \"description\": \"description\",\n    \"isAuditEnabled\": true,\n    \"resources\": {\n        \"database\": {\n            \"values\": [\n                \"db1110\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"table\": {\n            \"values\": [\n                \"tb111022\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        },\n        \"column\": {\n            \"values\": [\n                \"*\"\n            ],\n            \"isRecursive\": false,\n            \"isExcludes\": false\n        }\n    },\n    \"isDenyAllElse\": false,\n    \"policyItems\": [\n        {\n            \"users\": [\n                \"test11102\"\n            ],\n            \"accesses\": [\n                {\n                    \"type\": \"select\",\n                    \"isAllowed\": true\n                },\n                {\n                    \"type\": \"read\",\n                    \"isAllowed\": true\n                }\n            ]\n        }\n    ],\n    \"allowExceptions\": [],\n    \"denyPolicyItems\": [],\n    \"denyExceptions\": [],\n    \"service\": \"hive_ser\"\n}",
					"options": {
						"raw": {
							"language": "json"
						}
					}
				},
				"url": {
					"raw": "http://localhost:8080/service/public/v2/api/policy",
					"protocol": "http",
					"host": [
						"localhost"
					],
					"port": "8080",
					"path": [
						"service",
						"public",
						"v2",
						"api",
						"policy"
					]
				}
			},
			"response": []
		}
	]
}

 声明

本文参考了:Apache Ranger 1.1.0源码导入IDEA并运行调试security-admin web模块

李斯不怨
关注
  • 2
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 4
    评论
专栏目录
APACHE RANGER 调研----ranger 原理解析
01-26
(1) 管理员设置策略以及用户(例如一个用户对一个hive数据库相关的权限)
apache-ranger-2.1.0
09-02
编译后可直接部署的包
ApacheRanger原理与应用实践
02-24
大数据集群最基本的就是数据以及用于计算的资源,是一个公司的宝贵财富,我们需要将它们很好管理起来,将相应的数据和资源开放给对应的用户使用,防止被窃取、被破坏等,这就涉及到大数据安全。目前我们大数据集群的现状是处于裸奔状态,只要可以登录linux机器即可对集群继续相关操作所以集群安全对于我们来说迫在眉睫,主要需求有以下几个方面:支持多组件,最好能支持当前公司技术栈的主要组件,HDFS、HBASE、HIVE、YARN、STORM、KAFKA等支持细粒度的权限控制,可以达到HIVE列,HDFS目录,HBASE列,YARN队列,STORM拓扑,KAKFA的TOPIC开源,社区活跃,按照现有的集群改情况造
Apache Ranger原理与应用实践
01-26
大数据集群最基本的就是数据以及用于计算的资源,是一个公司的宝贵财富,我们需要将它们很好管理起来,将相应的数据和资源开放给对应的用户使用,防止被窃取、被破坏等,这就涉及到大数据安全。
ranger-2.1.0-hive-plugin.tar.gz
08-09
ranger-2.1.0-hive-plugin.tar.gz
Windows环境IDEARanger1.2.0源码编译
coding and writing
06-15 6618
Windows环境IDEARanger1.2.0源码编译 一、本地环境准备 git(2.16.2) maven(3.6.1) idea(2020.1) python(2.7.18) Tomcat(7.0.105) 以上安装步骤均可以百度 二、源码编译 用git clone 代码,Ranger官方版本1.2.0 仓库地址https://github.com/apache/ranger.git, 在cmd或者git bash 进入项目工程对应目录 使用如下命令编译源代码,注意编译超级费时间 mvn -D
Ranger】hortonworks ambari安装ranger错误解决
人生所向,皆是美好
02-27 3728
文章目录安装时依次解决的问题1 /usr/hdp/current/ranger-usersync/conf doesn't exist2. Access denied for user 'root'@'10.211.55.60' to database 'mysql' ErrorCode: 10443. cannot change directory to /home/ranger: Permi...
Ranger从入门到精通以及案例实操系列
prefect_start的博客
06-05 1869
RangerUsersync作为Ranger提供的一个管理模块,可以将Linux机器上的用户和组信息同步到RangerAdmin的数据库进行管理。Ranger Hive-plugin是Ranger对hive进行权限管理的插件。需要注意的是,Ranger Hive-plugin只能对使用jdbc方式访问hive的请求进行权限管理,hive-cli并不受限制。
权限管理-Ranger的介绍和使用(集成Hive)
迷雾总会解
06-15 5023
Apache Ranger是一个Hadoop平台上的全方位数据安全管理框架,它可以为整个Hadoop生态系统提供全面的安全管理。随着企业业务的拓展,企业可能在多用户环境运行多个工作任务,这就需要一个可以对安全策略进行集管理,配置和监控用户访问的框架。Ranger由此产生!Ranger的官网:https://ranger.apache.org/RangerUsersync作为Ranger提供的一个管理模块,可以将Linux机器上的用户和组信息同步到RangerAdmin的数据库进行管理。
ranger2.1.0源码编译以及安装
最新发布
qq_39381847的博客
07-24 493
【代码】ranger2.1.0源码编译以及安装。
ranger 远程调试
StephenLu0422的博客
09-18 644
ranger 开启远程调试 1.在ranger-admin/ews/ranger-admin-services.sh修改 JAVA_OPTS=&quot; ${JAVA_OPTS} -XX:MetaspaceSize=256m -Xmx4096m -Xms1024m -agentpath:/opt/jprofiler9/bin/linux-x64/libjprofilerti.so=port=8849 ...
apache ranger源码编译
weixin_30319097的博客
02-27 261
官方文档 http://ranger.apache.org/quick_start_guide.html Quick Start Guide Build Process 1. Check out the code from GIT repository git clone https://gitbox.apache.org/repos/asf/ranger.gi...
Apache Ranger 1.1.0源码导入IDEA运行调试security-admin web模块
还是搬砖踏实
08-06 1622
前言 Apache Ranger是什么,它是一个为Hadoop平台提供了全面的数据安全访问控制及监控的集式管理框架,Apache顶级项目。不废话了,其实本篇没那么高大上,就是一步步教你如何将Ranger源码导入IDEA,并运行调试其web模块。 导入源码 第一步当然是下载源码,这里选用了最新版1.1.0 git clone https://github.com/apache...
ranger安装hbase插件_Ranger
weixin_28985877的博客
01-24 571
Apache Ranger是一个用来在Hadoop平台上进行监控,启用服务,以及全方位数据安全访问管理的安全框架。Ranger的官网:https://ranger.apache.org/Ranger的架构Ranger的工作原理 Ranager的核心是web应用程序,也成为RangerAdmin模块,此模块由管理策略,审计日志和报告等三部分组成。 管理员角色...
CDH6.3.2 + Ranger2.1集成 以及hadoop插件安装
qq_35741557的博客
04-25 6271
此文档是关于CDH6.3.1 + Ranger2.1的集成 源码编译 详见:https://www.freesion.com/article/72991387429/ 安装ranger-admin 解压ranger-2.0.0-admin.tar.gz并编辑install.properties SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar #使用mysql作为数据缓存 db_root_user=root #mysq.
Apache Ranger源码编译及使用
热门推荐
数据科学汇集
12-28 1万+
Ranger源码编译、使用手册 1 Ranger简介 Apache Ranger提供一个集式安全管理框架,它可以对Hadoop生态的组件如Hive,Hbase进行细粒度的数据访问控制.通过操作Ranger控制台,管理员可以轻松的通过配置策略来控制用户访问HDFS文件夹、HDFS文件、数据库、表、字段权限.这些策略可以为不同的用户和组来设置,同时权限可与hadoop无缝对接. 2 准备 2
ranger部署
liyanling的博客
10-18 461
Ranger部署 1.修改初始化配置文件 : sudo su - app cd /data/users/app/ranger-admin vim install.properties 2.mysql授权 #my 3306 >create databaseranger_audit_db; >create databaseranger_db; >grant...
Apache Ranger安装部署
鱼归不知处
09-03 2351
1、下载 $ git clone https://github.com/apache/incubator-ranger.git $ cd incubator-ranger $ git checkout ranger-1.2 2、编译 $ mvn -DskipTests -Drat.skip=true -DskipJSTests clean compile package install ...
Ranger】mac下Apache Ranger编译安装
九师兄
07-13 1844
官网:http://ranger.apache.org/quick_start_guide.html 下载 lcc@lcc ranger$ mkdir -p /Users/lcc/soft/ranger/ git clone https://git-wip-us.apache.org/repos/asf/ranger.git cd ranger 编译 $ mvn -DskipT...
Apache Ranger
05-12
Apache Ranger是一个开源的安全管理框架,旨在提供细粒度的访问控制和数据保护。它支持多种数据存储和处理平台,如Hadoop、Kafka、Hive、HBase和Solr。通过Apache Ranger,管理员可以定义和管理策略,以控制用户和应用程序对数据的访问权限。同时,它还提供了审计日志和报告功能,以帮助组织满足合规要求。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值