[ranger] branch ranger-2.4 updated: RANGER-3983: Support getColumnMasks and getRowFilters in Trino SPI 376+

madhan Thu, 01 Dec 2022 23:30:58 -0800

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git



The following commit(s) were added to refs/heads/ranger-2.4 by this push:
     new 69895d30a RANGER-3983: Support getColumnMasks and getRowFilters in 
Trino SPI 376+
69895d30a is described below

commit 69895d30a5047c940ca5117427e2ca36475b2ba2
Author: Ziyue Yang <[email protected]>
AuthorDate: Thu Dec 1 22:49:32 2022 -0800

    RANGER-3983: Support getColumnMasks and getRowFilters in Trino SPI 376+
    
    Signed-off-by: Madhan Neethiraj <[email protected]>
    (cherry picked from commit 97137609e14342a3db2112be27c0e809b261e782)
---
 .../authorizer/RangerSystemAccessControl.java      | 12 +++++++++++
 .../authorizer/RangerSystemAccessControlTest.java  |  8 +++++++
 .../authorizer/RangerSystemAccessControl.java      | 25 ++++++++++++++++++++++
 3 files changed, 45 insertions(+)

diff --git 
a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
 
b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
index cc06187f4..c440bf394 100644
--- 
a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
+++ 
b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
@@ -42,6 +42,8 @@ import org.apache.ranger.plugin.service.RangerBasePlugin;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.common.collect.ImmutableList;
+
 import java.io.IOException;
 import java.net.URL;
 import java.security.Principal;
@@ -174,6 +176,11 @@ public class RangerSystemAccessControl
     return Optional.ofNullable(viewExpression);
   }
 
+  @Override
+  public List<ViewExpression> getRowFilters(SystemSecurityContext context, 
CatalogSchemaTableName tableName) {
+    return getRowFilter(context, 
tableName).map(ImmutableList::of).orElseGet(ImmutableList::of);
+  }
+
   @Override
   public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, 
CatalogSchemaTableName tableName, String columnName, Type type) {
     RangerTrinoAccessRequest request = createAccessRequest(
@@ -223,6 +230,11 @@ public class RangerSystemAccessControl
     return Optional.ofNullable(viewExpression);
   }
 
+  @Override
+  public List<ViewExpression> getColumnMasks(SystemSecurityContext context, 
CatalogSchemaTableName tableName, String columnName, Type type) {
+    return getColumnMask(context, tableName, columnName, 
type).map(ImmutableList::of).orElseGet(ImmutableList::of);
+  }
+
   @Override
   public Set<String> filterCatalogs(SystemSecurityContext context, Set<String> 
catalogs) {
     LOG.debug("==> RangerSystemAccessControl.filterCatalogs("+ catalogs + ")");
diff --git 
a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
 
b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
index d6c637e5a..eda87db4e 100644
--- 
a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
+++ 
b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
@@ -38,6 +38,7 @@ import org.junit.Test;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
@@ -175,14 +176,21 @@ public class RangerSystemAccessControlTest {
     final VarcharType varcharType = VarcharType.createVarcharType(20);
 
     Optional<ViewExpression> ret = 
accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me", 
varcharType);
+    List<ViewExpression> retArray = 
accessControlManager.getColumnMasks(context(alice), aliceTable, "cast_me", 
varcharType);
     assertNotNull(ret.get());
     assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
+    assertEquals(1, retArray.size());
+    assertEquals("cast cast_me as varchar(20)", 
retArray.get(0).getExpression());
 
     ret = accessControlManager.getColumnMask(context(alice), 
aliceTable,"do-not-cast-me", varcharType);
+    retArray = accessControlManager.getColumnMasks(context(alice), 
aliceTable,"do-not-cast-me", varcharType);
     assertFalse(ret.isPresent());
+    assertTrue(retArray.isEmpty());
 
     ret = accessControlManager.getRowFilter(context(alice), aliceTable);
+    retArray = accessControlManager.getRowFilters(context(alice), aliceTable);
     assertFalse(ret.isPresent());
+    assertTrue(retArray.isEmpty());
 
     accessControlManager.checkCanExecuteFunction(context(alice), functionName);
     accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), 
functionName, new TrinoPrincipal(USER, "grantee"), true);
diff --git 
a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
 
b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
index c6b234dc2..10418dabb 100644
--- 
a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
+++ 
b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
@@ -28,6 +28,7 @@ import 
org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
 import javax.inject.Inject;
 import java.security.Principal;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
@@ -528,6 +529,18 @@ public class RangerSystemAccessControl
     return viewExpression;
   }
 
+  @Override
+  public List<ViewExpression> getRowFilters(SystemSecurityContext context, 
CatalogSchemaTableName tableName) {
+    List<ViewExpression> viewExpressionList;
+    try {
+      activatePluginClassLoader();
+      viewExpressionList = systemAccessControlImpl.getRowFilters(context, 
tableName);
+    } finally {
+      deactivatePluginClassLoader();
+    }
+    return viewExpressionList;
+  }
+
   @Override
   public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, 
CatalogSchemaTableName tableName, String columnName, Type type) {
     Optional<ViewExpression> viewExpression;
@@ -540,6 +553,18 @@ public class RangerSystemAccessControl
     return viewExpression;
   }
 
+  @Override
+  public List<ViewExpression> getColumnMasks(SystemSecurityContext context, 
CatalogSchemaTableName tableName, String columnName, Type type) {
+    List<ViewExpression> viewExpressionList;
+    try {
+      activatePluginClassLoader();
+      viewExpressionList = systemAccessControlImpl.getColumnMasks(context, 
tableName, columnName, type);
+    } finally {
+      deactivatePluginClassLoader();
+    }
+    return viewExpressionList;
+  }
+
   @Override
   public void checkCanSetUser(Optional<Principal> principal, String userName) {
     try {

[ranger] branch ranger-2.4 updated: RANGER-3983: Support getColumnMasks and getRowFilters in Trino SPI 376+

Reply via email to