ranger_config
The resource's API may change in subsequent versions to simplify user experience.
Defines a Ranger configuration for the integration between CelerData clusters and Apache Ranger.
A Ranger configuration specifies the remote storage paths to the configuration files required to integrate a CelerData cluster to Apache Ranger, which provides a centralized security management framework that allows users to customize access policies through a visual web page. You can apply the configuration when creating or modifying the cluster using celerdatabyoc_classic_cluster, celerdatabyoc_elastic_cluster, and celerdatabyoc_elastic_cluster_v2.
Before proceeding, make sure you have prepared the configuration files required by following the instructions provided in Manage permissions with Apache Ranger - Prepare files.
Example Usage
resource "celerdatabyoc_ranger_config" "ranger_config" {
name = "<ranger_config_name>"
ranger_starrocks_security_xml_path = "<path_to_ranger-starrocks-security.xml>"
ranger_starrocks_audit_xml_path = "<path_to_ranger-starrocks-audit.xml>"
ranger_starrocks_policymgr_ssl_xml_path = "<path_to_ranger-policymgr-ssl.xml>"
// To enable secure connection for Ranger using Trust Store
ranger_starrocks_trust_store_path = "<path_to_ranger-truststore.jks>"
ranger_starrocks_trust_store_cred_path = "<path_to_ranger-truststore.jceks>"
// To enable secure connection for Ranger using Key Store
ranger_starrocks_key_store_path = "<path_to_ranger-keystore.jks>"
ranger_starrocks_key_store_cred_path = "<path_to_ranger-keystore.jceks>"
ranger_hive_security_xml_path = "<path_to_ranger-hive-security.xml>"
ranger_hive_audit_xml_path = "<path_to_ranger-hive-audit.xml>"
}
Argument Reference
This resource contains the following required arguments and optional arguments:
Required:
-
name: (Forces new resource) The name of the Ranger configuration. Enter a unique name. -
ranger_starrocks_security_xml_path: (Forces new resource) The remote storage path to theranger-starrocks-security.xmlfile, which is the configuration file used in conjunction between StarRocks and Apache Ranger.
Optional:
-
ranger_starrocks_audit_xml_path: (Forces new resource) The remote storage path to theranger-starrocks-audit.xmlfile, which is used to enable the Audit Log service of Ranger. -
ranger_starrocks_policymgr_ssl_xml_path: (Forces new resource) The remote storage path to theranger-policymgr-ssl.xmlfile, which is used to specify the actual local paths (on the server) of the corresponding files for the Trust Store or Key Store. -
ranger_starrocks_trust_store_path: (Forces new resource) The remote storage path to thetruststore.jksfile. Specify this argument if you want to enable secure connection via Trust Store. -
ranger_starrocks_trust_store_cred_path: (Forces new resource) The remote storage path to thetruststore.jceksfile. Specify this argument if you want to enable secure connection via Trust Store. -
ranger_starrocks_key_store_path: (Forces new resource) The remote storage path to thekeystore.jksfile. Specify this argument if you want to enable secure connection via Key Store. -
ranger_starrocks_key_store_cred_path: (Forces new resource) The remote storage path to thekeystore.jceksfile. Specify this argument if you want to enable secure connection via Key Store. -
ranger_hive_security_xml_path: (Forces new resource) The remote storage path to theranger-hive-security.xmlfile, which is used to enable Ranger's access control for Hive Catalog. -
ranger_hive_audit_xml_path: (Forces new resource) The remote storage path to theranger-hive-audit.xmlfile, which is used to enable Ranger's Audit Log service for Hive Catalog.
Attribute Reference
This resource exports the following attributes:
id: The ID of the Ranger configuration.