I want to make the PrivilegesEvaluator flexible so that any user can use his/her own implementation of PrivilegesEvaluator
This is the idea
Introduce a new property as to which evaluator is to be initialized
Create an abstract class Evaluator. // Parent class of any evaluator
PrivilegesEvaluator implements the abstract class (only override the evaluate() api)
Similarly,
create abstract class EvaluatorResponse // Parent class of any evaluatorResponse
Create a EvaluatorFactory which returns the specified evaluator to be used when invoked.
Here are the links for PrivilegesEvaluator and PrivilegesEvaluatorResponse classes :
Hi Divyansh, can you provide a concrete use case for extending PrivilegesEvaluator class? What functionality is missing in the existing PrivilegesEvaluator?
Hi Vlad, I want to integrate security with apache ranger, so I can provide the permissions using ranger ui. For this I need to write a custom evaluator which uses the ranger api to check authorization through ranger (like we can for hive, hbase, kafka, hdfs etc). Also I don’t want to overwrite the existing implementation so I came up with this solution. If evaluator is configurable I can just use my implementation through a config change.
Hi Divyansh, the use case looks valid to me and it will be great to support it. Please open a new issue on github for the security plugin and feel free to open a PR to discuss code changes.