xunliu commented on code in PR #6063:
URL: https://github.com/apache/gravitino/pull/6063#discussion_r1901411297
##########
api/src/main/java/org/apache/gravitino/authorization/MetadataObjectChange.java:
##########
@@ -44,10 +45,11 @@ static MetadataObjectChange rename(
* Remove a metadata entity MetadataObjectChange.
*
* @param metadataObject The metadata object.
+ * @param locationPaths The location paths of the metadata object.
Review Comment:
I resubmit PR
##########
authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHDFSPlugin.java:
##########
@@ -118,27 +127,461 @@ public List<String> policyResourceDefinesRule() {
return ImmutableList.of(RangerDefines.PolicyResource.PATH.getName());
}
+ /**
+ * Find the managed policy for the ranger securable object.
+ *
+ * @param authzMetadataObject The ranger securable object to find the
managed policy.
+ * @return The managed policy for the metadata object.
+ */
+ public RangerPolicy findManagedPolicy(AuthorizationMetadataObject
authzMetadataObject)
+ throws AuthorizationPluginException {
+ List<RangerPolicy> policies = wildcardSearchPolies(authzMetadataObject);
+ if (!policies.isEmpty()) {
+ /**
+ * Because Ranger doesn't support the precise search, Ranger will return
the policy meets the
+ * wildcard(*,?) conditions, If you use `/a/b` condition to search
policy, the Ranger will
+ * match `/a/b1`, `/a/b2`, `/a/b*`, So we need to manually precisely
filter this research
+ * results.
+ */
+ List<String> nsMetadataObj = authzMetadataObject.names();
+ PathBasedMetadataObject pathAuthzMetadataObject =
+ (PathBasedMetadataObject) authzMetadataObject;
+ Map<String, String> preciseFilters = new HashMap<>();
+ for (int i = 0; i < nsMetadataObj.size() && i <
policyResourceDefinesRule().size(); i++) {
+ preciseFilters.put(policyResourceDefinesRule().get(i),
pathAuthzMetadataObject.path());
+ }
+ policies =
+ policies.stream()
+ .filter(
+ policy ->
+ policy.getResources().entrySet().stream()
+ .allMatch(
+ entry ->
+ preciseFilters.containsKey(entry.getKey())
+ && entry.getValue().getValues().size()
== 1
+ && entry
+ .getValue()
+ .getValues()
+
.contains(preciseFilters.get(entry.getKey()))))
Review Comment:
I resubmit PR
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
