Starrocsk与Easydata中台对接说明文档
更新时间: 2025-05-20 15:42:52
阅读 5
扫码
复制
导出本文档需要在starrocks和easydata中台都安装部署无任何问题之后进行。
前置材料:客户环境中ranger admin地址(服务间调用),插件包见本文最后面的附件内容。
1.在ranger中注册sr的servicedef
curl --location --request POST 'http://{前置材料中ranger admin地址}/service/plugins/definitions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic {认证}' \
--header 'Connection: keep-alive' \
--data-raw '{
"name": "starrocks",
"displayName": "starrocks",
"implClass": "org.apache.ranger.services.starrocks.RangerServiceStarRocks",
"label": "StarRocks",
"description": "StarRocks",
"resources": [
{
"itemId": 1,
"name": "catalog",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Catalog",
"description": "StarRocks Catalog",
"accessTypeRestrictions": [
"usage",
"create database",
"drop",
"alter"
]
},
{
"itemId": 2,
"name": "database",
"type": "string",
"level": 20,
"parent": "catalog",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Database",
"description": "StarRocks Database",
"accessTypeRestrictions": [
"create table",
"drop",
"alter",
"create view",
"create function",
"create materialized view"
]
},
{
"itemId": 3,
"name": "table",
"type": "string",
"level": 30,
"parent": "database",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Table",
"description": "StarRocks Table",
"accessTypeRestrictions": [
"delete",
"drop",
"insert",
"select",
"alter",
"export",
"update"
]
},
{
"itemId": 4,
"name": "column",
"type": "string",
"level": 40,
"parent": "table",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Column",
"description": "StarRocks Column",
"accessTypeRestrictions": [
"select"
]
},
{
"itemId": 5,
"name": "view",
"type": "string",
"level": 30,
"parent": "database",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks View",
"description": "StarRocks View",
"accessTypeRestrictions": [
"select",
"drop",
"alter"
]
},
{
"itemId": 6,
"name": "materialized_view",
"type": "string",
"level": 30,
"parent": "database",
"mandatory": true,
"isValidLeaf": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Materialized View",
"description": "StarRocks Materialized View",
"accessTypeRestrictions": [
"select",
"refresh",
"drop",
"alter"
]
},
{
"itemId": 7,
"name": "function",
"type": "string",
"level": 30,
"parent": "database",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Function",
"description": "StarRocks Function",
"accessTypeRestrictions": [
"usage",
"drop"
]
},
{
"itemId": 8,
"name": "global_function",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Global Function",
"description": "StarRocks Global Function",
"accessTypeRestrictions": [
"usage",
"drop"
]
},
{
"itemId": 9,
"name": "resource",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Resource",
"description": "StarRocks Resource",
"accessTypeRestrictions": [
"usage",
"alter",
"drop"
]
},
{
"itemId": 10,
"name": "resource_group",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Resource Group",
"description": "StarRocks Resource Group",
"accessTypeRestrictions": [
"alter",
"drop"
]
},
{
"itemId": 11,
"name": "storage_volume",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Storage Volume",
"description": "StarRocks Storage Volume",
"accessTypeRestrictions": [
"drop",
"alter",
"usage"
]
},
{
"itemId": 12,
"name": "user",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": {
"wildCard": true,
"ignoreCase": true
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "StarRocks Storage",
"description": "StarRocks Storage",
"accessTypeRestrictions": [
"impersonate"
]
},
{
"itemId": 13,
"name": "system",
"type": "string",
"level": 10,
"parent": "",
"mandatory": true,
"lookupSupported": true,
"recursiveSupported": false,
"excludesSupported": true,
"validationRegEx": "\\*",
"validationMessage": "System only supports wildcard '\''*'\''",
"uiHint": "",
"label": "StarRocks System",
"description": "StarRocks System",
"accessTypeRestrictions": [
"grant",
"node",
"create resource",
"plugin",
"file",
"blacklist",
"operate",
"create external catalog",
"repository",
"create resource group",
"create global function",
"create storage volume"
]
}
],
"accessTypes": [
{
"itemId": 1,
"name": "grant",
"label": "GRANT"
},
{
"itemId": 2,
"name": "node",
"label": "NODE"
},
{
"itemId": 3,
"name": "operate",
"label": "OPERATE"
},
{
"itemId": 4,
"name": "delete",
"label": "DELETE"
},
{
"itemId": 5,
"name": "drop",
"label": "DROP"
},
{
"itemId": 6,
"name": "insert",
"label": "INSERT"
},
{
"itemId": 7,
"name": "select",
"label": "SELECT"
},
{
"itemId": 8,
"name": "alter",
"label": "ALTER"
},
{
"itemId": 9,
"name": "export",
"label": "EXPORT"
},
{
"itemId": 10,
"name": "update",
"label": "UPDATE"
},
{
"itemId": 11,
"name": "usage",
"label": "USAGE"
},
{
"itemId": 12,
"name": "plugin",
"label": "PLUGIN"
},
{
"itemId": 13,
"name": "file",
"label": "FILE"
},
{
"itemId": 14,
"name": "blacklist",
"label": "BLACKLIST"
},
{
"itemId": 15,
"name": "repository",
"label": "REPOSITORY"
},
{
"itemId": 16,
"name": "refresh",
"label": "REFRESH"
},
{
"itemId": 17,
"name": "impersonate",
"label": "IMPERSONATE"
},
{
"itemId": 18,
"name": "create database",
"label": "CREATE DATABASE"
},
{
"itemId": 19,
"name": "create table",
"label": "CREATE TABLE"
},
{
"itemId": 20,
"name": "create view",
"label": "CREATE VIEW"
},
{
"itemId": 21,
"name": "create function",
"label": "CREATE FUNCTION"
},
{
"itemId": 22,
"name": "create global function",
"label": "CREATE GLOBAL FUNCTION"
},
{
"itemId": 23,
"name": "create materialized view",
"label": "CREATE MATERIALIZED VIEW"
},
{
"itemId": 24,
"name": "create resource",
"label": "CREATE RESOURCE"
},
{
"itemId": 25,
"name": "create resource group",
"label": "CREATE RESOURCE GROUP"
},
{
"itemId": 26,
"name": "create external catalog",
"label": "CREATE EXTERNAL CATALOG"
},
{
"itemId": 27,
"name": "create storage volume",
"label": "CREATE STORAGE VOLUME"
}
],
"configs": [
{
"itemId": 1,
"name": "username",
"type": "string",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Username",
"defaultValue": "root"
},
{
"itemId": 2,
"name": "password",
"type": "password",
"mandatory": false,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "Password"
},
{
"itemId": 3,
"name": "jdbc.driverClassName",
"type": "string",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"defaultValue": "com.mysql.cj.jdbc.Driver"
},
{
"itemId": 4,
"name": "jdbc.url",
"type": "string",
"mandatory": true,
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"defaultValue": "jdbc:mysql://127.0.0.1:9030"
}
],
"enums": [
],
"contextEnrichers": [
],
"policyConditions": [
{
"itemId": 100,
"name": "ip-range",
"evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher",
"evaluatorOptions": {
},
"validationRegEx": "",
"validationMessage": "",
"uiHint": "",
"label": "IP Address Range",
"description": "IP Address Range"
}
],
"dataMaskDef": {
"accessTypes": [
{
"name": "select"
}
],
"resources": [
{
"name": "catalog",
"matcherOptions": {
"wildCard": "true"
},
"lookupSupported": true,
"uiHint": "{ \"singleValue\":true }"
},
{
"name": "database",
"matcherOptions": {
"wildCard": "true"
},
"lookupSupported": true,
"uiHint": "{ \"singleValue\":true }"
},
{
"name": "table",
"matcherOptions": {
"wildCard": "true"
},
"lookupSupported": true,
"uiHint": "{ \"singleValue\":true }"
},
{
"name": "column",
"matcherOptions": {
"wildCard": "true"
},
"lookupSupported": true,
"uiHint": "{ \"singleValue\":true }"
}
],
"maskTypes": [
{
"itemId": 1,
"name": "MASK",
"label": "Redact",
"description": "Replace lowercase with '\''x'\'', uppercase with '\''X'\'', digits with '\''0'\''",
"transformer": "cast(regexp_replace(regexp_replace(regexp_replace({col},'\''([A-Z])'\'', '\''X'\''),'\''([a-z])'\'','\''x'\''),'\''([0-9])'\'','\''0'\'') as {type})",
"dataMaskOptions": {
}
},
{
"itemId": 2,
"name": "MASK_HASH",
"label": "Hash",
"description": "Hash the value of a varchar with sha256",
"transformer": "cast((hex(sha2(from_binary(to_binary({COL}, '\''utf8'\''), '\''utf8'\''), 256))) AS {type})"
},
{
"itemId": 3,
"name": "MASK_NULL",
"label": "Nullify",
"description": "Replace with NULL"
},
{
"itemId": 4,
"name": "MASK_NONE",
"label": "Unmasked (retain original value)",
"description": "No masking"
},
{
"itemId": 5,
"name": "MASK_DATE_SHOW_YEAR",
"label": "Date: show only year",
"description": "Date: show only year",
"transformer": "date_trunc('\''year'\'', {col})"
},
{
"itemId": 6,
"name": "CUSTOM",
"label": "Custom",
"description": "Custom"
}
]
},
"rowFilterDef": {
"accessTypes": [
{
"name": "select"
}
],
"resources": [
{
"name": "catalog",
"matcherOptions": {
"wildCard": "true"
},
"lookupSupported": true,
"mandatory": true,
"uiHint": "{ \"singleValue\":true }"
},
{
"name": "database",
"matcherOptions": {
"wildCard": "true"
},
"lookupSupported": true,
"mandatory": true,
"uiHint": "{ \"singleValue\":true }"
},
{
"name": "table",
"matcherOptions": {
"wildCard": "true"
},
"lookupSupported": true,
"mandatory": true,
"uiHint": "{ \"singleValue\":true }"
}
]
}
}'重启ranger admin服务。
2.创建starocks service。
检查ranger-admin页面多出一个STARROCKS的serivce。如下图所示:
选择新建按钮:
只用关注红框内的字段,填入starrocks-service1,其余字段非空即可,点击保存。
3.starrocks fe配置
所有fe节点上操作一下配置:
{fe当前目录}/conf 文件夹内创建ranger-starrocks-security.xml 内容如下:
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<configuration>
<property>
<name>ranger.plugin.starrocks.service.name</name>
<value>starrocks-service1</value>
<description>
Name of the Ranger service containing policies for this StarRocks instance
</description>
</property>
<property>
<name>ranger.plugin.starrocks.policy.source.impl</name>
<value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
<description>
Class to retrieve policies from the source
</description>
</property>
<property>
<name>ranger.plugin.starrocks.policy.rest.url</name>
<value>http://{ranger admin 地址}</value>
<description>
URL to Ranger Admin
</description>
</property>
<property>
<name>ranger.plugin.starrocks.policy.rest.ssl.config.file</name>
<value>/etc/hadoop/conf/ranger-policymgr-ssl.xml</value>
<description>
Path to the file containing SSL details to contact Ranger Admin
</description>
</property>
<property>
<name>ranger.plugin.starrocks.policy.pollIntervalMs</name>
<value>30000</value>
<description>
How often to poll for changes in policies?
</description>
</property>
<property>
<name>ranger.plugin.starrocks.policy.rest.client.connection.timeoutMs</name>
<value>30000</value>
<description>
S3 Plugin RangerRestClient Connection Timeout in Milli Seconds
</description>
</property>
<property>
<name>ranger.plugin.starrocks.policy.rest.client.read.timeoutMs</name>
<value>30000</value>
<description>
S3 Plugin RangerRestClient read Timeout in Milli Seconds
</description>
</property>
<property>
<name>ranger.plugin.starrocks.policy.cache.dir</name>
<value>{fe节点上一个fe进程有权限目录}</value>
<description> policy 存储的地方 </description>
</property>
</configuration>在所有FE节点 {fe当前目录}/conf/fe.conf 中增加 access_control=ranger
将前置材料中的插件包解压之后复制到 {fe当前目录}/lib,并删除同名但是版本不同的包。
重启starrocks fe节点。查看ranger.plugin.starrocks.policy.cache.dir配置项对应的地方有没有拉取到policy。
文档反馈
以上内容对您是否有帮助?