ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bolke de Bruin <bdbr...@gmail.com>
Subject Allow clients to supply tag information
Date Tue, 04 Dec 2018 14:02:12 GMT
Hi All,

Ranger assumes that clients are tag unaware. So the Tag Enricher is dependent on a resource
to tag mapping supplied externally by for example Apache Atlas. We found out that having tags
available in Ranger can have a prohibitive delay. For example, data arrives at the platform
and is being tagged programatically in Apache Atlas. Atlas then puts the data on Kafka and
Ranger picks it up. The client (or another) needs to refresh its policies before the tagging
info becomes available for evaluation. Typically, this can be too slow. Kafka introduces a
lag and the policy refresh also introduces a lag (tested).

If the client is tag aware and it could supply this information to the plugin policy evaluation
could continue. I have created https://issues.apache.org/jira/browse/RANGER-2302 <https://issues.apache.org/jira/browse/RANGER-2302>
to track this. I also have created an initial patch. The patch allows a client to set the
special “RangerTagEnricher.KEY_CLIENT_TAGS” as a value in the access request. This will
then be picked up by the Tag Enricher. Currently, client supplied tags overwrite the system
supplied tags. The reason for this is that the client might have more recent information.
Most likely this will need to be checked against the “updated” field in the tag itself,
bit that wasn't readily available.

I am looking for feedback to see if we can have this in. Or are there other ways to solve


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message