This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-3923 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push: new 5103c4df0 RANGER-4470: renamed defaultMasks to defaultTagMasks in RangerDataShare, subResourceNames to subResource in RangerSharedResource 5103c4df0 is described below commit 5103c4df08a13e83d11e46228f48a6a8249d88c2 Author: Madhan Neethiraj <mad...@apache.org> AuthorDate: Tue Oct 10 08:34:33 2023 -0700 RANGER-4470: renamed defaultMasks to defaultTagMasks in RangerDataShare, subResourceNames to subResource in RangerSharedResource --- .../ranger/authorization/utils/JsonUtils.java | 19 ++++- .../org/apache/ranger/plugin/model/RangerGds.java | 95 ++++++++++++++++++---- .../main/python/apache_ranger/model/ranger_gds.py | 27 +++++- .../src/main/python/sample_gds_client.py | 10 ++- .../optimized/current/ranger_core_db_mysql.sql | 5 +- .../optimized/current/ranger_core_db_postgres.sql | 5 +- .../java/org/apache/ranger/biz/GdsDBStore.java | 4 +- .../org/apache/ranger/entity/XXGdsDataShare.java | 14 ++-- .../apache/ranger/entity/XXGdsSharedResource.java | 23 ++++-- .../ranger/service/RangerGdsDataShareService.java | 4 +- .../service/RangerGdsSharedResourceService.java | 6 +- .../ranger/validation/RangerGdsValidator.java | 10 ++- 12 files changed, 165 insertions(+), 57 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java b/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java index e3c45c1ff..716a1a9ea 100644 --- a/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java +++ b/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java @@ -24,6 +24,7 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.ranger.plugin.model.AuditFilter; +import org.apache.ranger.plugin.model.RangerGds.RangerTagDataMaskInfo; import org.apache.ranger.plugin.model.RangerPrincipal; import org.apache.ranger.plugin.model.RangerValidityRecurrence; import org.apache.ranger.plugin.model.RangerValiditySchedule; @@ -47,6 +48,7 @@ public class JsonUtils { private static final Type TYPE_LIST_AUDIT_FILTER = new TypeToken<List<AuditFilter>>() {}.getType(); private static final Type TYPE_LIST_RANGER_VALIDITY_RECURRENCE = new TypeToken<List<RangerValidityRecurrence>>() {}.getType(); private static final Type TYPE_LIST_RANGER_PRINCIPAL = new TypeToken<List<RangerPrincipal>>() {}.getType(); + private static final Type TYPE_LIST_RANGER_TAG_MASK_INFO = new TypeToken<List<RangerTagDataMaskInfo>>() {}.getType(); private static final Type TYPE_MAP_RANGER_MASK_INFO = new TypeToken<Map<String, RangerPolicyItemDataMaskInfo>>() {}.getType(); private static final Type TYPE_MAP_RANGER_POLICY_RESOURCE = new TypeToken<Map<String, RangerPolicyResource>>() {}.getType(); @@ -164,7 +166,7 @@ public class JsonUtils { try { return gson.get().fromJson(jsonStr, TYPE_LIST_AUDIT_FILTER); } catch (Exception e) { - LOG.error("failed to create audit filters from: " + jsonStr, e); + LOG.error("Cannot get List<AuditFilter> from " + jsonStr, e); return null; } } @@ -182,7 +184,7 @@ public class JsonUtils { try { return gson.get().fromJson(jsonStr, TYPE_LIST_RANGER_PRINCIPAL); } catch (Exception e) { - LOG.error("Cannot get List<RangerValidityRecurrence> from " + jsonStr, e); + LOG.error("Cannot get List<RangerPrincipal> from " + jsonStr, e); return null; } } @@ -191,7 +193,16 @@ public class JsonUtils { try { return gson.get().fromJson(jsonStr, TYPE_MAP_RANGER_MASK_INFO); } catch (Exception e) { - LOG.error("Cannot get List<RangerValidityRecurrence> from " + jsonStr, e); + LOG.error("Cannot get Map<String, RangerPolicyItemDataMaskInfo> from " + jsonStr, e); + return null; + } + } + + public static List<RangerTagDataMaskInfo> jsonToListTagMaskInfo(String jsonStr) { + try { + return gson.get().fromJson(jsonStr, TYPE_LIST_RANGER_TAG_MASK_INFO); + } catch (Exception e) { + LOG.error("Cannot get List<RangerTagDataMaskInfo> from " + jsonStr, e); return null; } } @@ -200,7 +211,7 @@ public class JsonUtils { try { return gson.get().fromJson(jsonStr, TYPE_MAP_RANGER_POLICY_RESOURCE); } catch (Exception e) { - LOG.error("Cannot get List<RangerValidityRecurrence> from " + jsonStr, e); + LOG.error("Cannot get Map<String, RangerPolicyResource> from " + jsonStr, e); return null; } } diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java index 105044f08..d10a70f23 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java @@ -171,14 +171,14 @@ public class RangerGds { public static class RangerDataShare extends RangerGdsBaseModelObject implements java.io.Serializable { private static final long serialVersionUID = 1L; - private String name; - private RangerGdsObjectACL acl; - private String service; - private String zone; - private String conditionExpr; - private Set<String> defaultAccessTypes; - private Map<String, RangerPolicyItemDataMaskInfo> defaultMasks; - private String termsOfUse; + private String name; + private RangerGdsObjectACL acl; + private String service; + private String zone; + private String conditionExpr; + private Set<String> defaultAccessTypes; + private List<RangerTagDataMaskInfo> defaultTagMasks; + private String termsOfUse; public RangerDataShare() { } @@ -210,12 +210,12 @@ public class RangerGds { this.defaultAccessTypes = defaultAccessTypes; } - public Map<String, RangerPolicyItemDataMaskInfo> getDefaultMasks() { - return defaultMasks; + public List<RangerTagDataMaskInfo> getDefaultTagMasks() { + return defaultTagMasks; } - public void setDefaultMasks(Map<String, RangerPolicyItemDataMaskInfo> defaultMasks) { - this.defaultMasks = defaultMasks; + public void setDefaultTagMasks(List<RangerTagDataMaskInfo> defaultTagMasks) { + this.defaultTagMasks = defaultTagMasks; } public String getTermsOfUse() { return termsOfUse; } @@ -234,7 +234,7 @@ public class RangerGds { .append("zone={").append(zone).append("} ") .append("conditionExpr={").append(conditionExpr).append("} ") .append("defaultAccessTypes={").append(defaultAccessTypes).append("} ") - .append("defaultMasks={").append(defaultMasks).append("} ") + .append("defaultTagMasks={").append(defaultTagMasks).append("} ") .append("termsOfUse={").append(termsOfUse).append("} ") .append("}"); @@ -248,7 +248,8 @@ public class RangerGds { private String name; private Long dataShareId; private Map<String, RangerPolicyResource> resource; - private List<String> subResourceNames; + private RangerPolicyResource subResource; + private String subResourceType; private String conditionExpr; private Set<String> accessTypes; private RangerPolicyItemRowFilterInfo rowFilter; @@ -269,9 +270,13 @@ public class RangerGds { public void setResource(Map<String, RangerPolicyResource> resource) { this.resource = resource; } - public List<String> getSubResourceNames() { return subResourceNames; } + public RangerPolicyResource getSubResource() { return subResource; } + + public void setSubResource(RangerPolicyResource subResource) { this.subResource = subResource; } - public void setSubResourceNames(List<String> subResourceNames) { this.subResourceNames = subResourceNames; } + public String getSubResourceType() { return subResourceType; } + + public void setSubResourceType(String subResourceType) { this.subResourceType = subResourceType; } public String getConditionExpr() { return conditionExpr; } @@ -305,7 +310,8 @@ public class RangerGds { sb.append("name").append(name).append("} ") .append("dataShareId={").append(dataShareId).append("} ") .append("resource={").append(resource).append("} ") - .append("subResourceNames={").append(subResourceNames).append("} ") + .append("subResource={").append(subResource).append("} ") + .append("subResourceType={").append(subResourceType).append("} ") .append("conditionExpr={").append(conditionExpr).append("} ") .append("accessTypes={").append(accessTypes).append("} ") .append("rowFilterInfo={").append(rowFilter).append("} ") @@ -481,6 +487,61 @@ public class RangerGds { } } + @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY) + @JsonSerialize(include = JsonSerialize.Inclusion.NON_EMPTY) + @JsonIgnoreProperties(ignoreUnknown = true) + @XmlRootElement + @XmlAccessorType(XmlAccessType.FIELD) + public static class RangerTagDataMaskInfo implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String tagName; + private String conditionExpr; + private RangerPolicyItemDataMaskInfo maskInfo; + + public RangerTagDataMaskInfo() { } + + public String getTagName() { + return tagName; + } + + public void setTagName(String tagName) { + this.tagName = tagName; + } + + public String getConditionExpr() { + return conditionExpr; + } + + public void setConditionExpr(String conditionExpr) { + this.conditionExpr = conditionExpr; + } + + public RangerPolicyItemDataMaskInfo getMaskInfo() { + return maskInfo; + } + + public void setMaskInfo(RangerPolicyItemDataMaskInfo maskInfo) { + this.maskInfo = maskInfo; + } + + @Override + public String toString() { + return toString(new StringBuilder()).toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerTagDataMaskInfo={"); + + sb.append("tagName={").append(tagName).append("} ") + .append("conditionExpr={").append(conditionExpr).append("} ") + .append("maskInfo={").append(maskInfo).append("} ") + .append("}"); + + return sb; + } + } + @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY) @JsonSerialize(include = JsonSerialize.Inclusion.NON_EMPTY) @JsonIgnoreProperties(ignoreUnknown = true) diff --git a/intg/src/main/python/apache_ranger/model/ranger_gds.py b/intg/src/main/python/apache_ranger/model/ranger_gds.py index f93d5eef0..d2dafd7d5 100644 --- a/intg/src/main/python/apache_ranger/model/ranger_gds.py +++ b/intg/src/main/python/apache_ranger/model/ranger_gds.py @@ -119,14 +119,14 @@ class RangerDataShare(RangerGdsBaseModelObject): self.zone = attrs.get('zone') self.conditionExpr = attrs.get('conditionExpr') self.defaultAccessTypes = attrs.get('defaultAccessTypes') - self.defaultMasks = attrs.get('defaultMasks') + self.defaultTagMasks = attrs.get('defaultTagMasks') self.termsOfUse = attrs.get('termsOfUse') def type_coerce_attrs(self): super(RangerDataShare, self).type_coerce_attrs() - self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL) - self.defaultMasks = type_coerce_dict(self.defaultMasks, RangerPolicyItemDataMaskInfo) + self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL) + self.defaultTagMasks = type_coerce_list(self.defaultTagMasks, RangerTagDataMaskInfo) class RangerSharedResource(RangerBaseModelObject): @@ -139,7 +139,8 @@ class RangerSharedResource(RangerBaseModelObject): self.name = attrs.get('name') self.dataShareId = attrs.get('dataShareId') self.resource = attrs.get('resource') - self.subResourceNames = attrs.get('subResourceNames') + self.subResource = attrs.get('subResource') + self.subResourceType = attrs.get('subResourceType') self.conditionExpr = attrs.get('conditionExpr') self.accessTypes = attrs.get('accessTypes') self.rowFilter = attrs.get('rowFilter') @@ -150,6 +151,7 @@ class RangerSharedResource(RangerBaseModelObject): super(RangerSharedResource, self).type_coerce_attrs() self.resource = type_coerce_dict(self.resource, RangerPolicyResource) + self.subResource = type_coerce(self.subResource, RangerPolicyResource) self.rowFilter = type_coerce(self.rowFilter, RangerPolicyItemRowFilterInfo) self.subResourceMasks = type_coerce_dict(self.subResourceMasks, RangerPolicyItemDataMaskInfo) @@ -213,6 +215,23 @@ class RangerGdsObjectACL(RangerBase): self.roles = type_coerce_dict(self.roles, GdsPermission) +class RangerTagDataMaskInfo(RangerBase): + def __init__(self, attrs=None): + if attrs is None: + attrs = {} + + RangerBase.__init__(self, attrs) + + self.tagName = attrs.get('tagName') + self.conditionExpr = attrs.get('conditionExpr') + self.maskInfo = attrs.get('maskInfo') + + def type_coerce_attrs(self): + super(RangerTagDataMaskInfo, self).type_coerce_attrs() + + self.maskInfo = type_coerce(self.maskInfo, RangerPolicyItemDataMaskInfo) + + class DataShareInDatasetSummary(RangerBaseModelObject): def __init__(self, attrs=None): if attrs is None: diff --git a/ranger-examples/sample-client/src/main/python/sample_gds_client.py b/ranger-examples/sample-client/src/main/python/sample_gds_client.py index ceca4ac02..ee6d43adc 100644 --- a/ranger-examples/sample-client/src/main/python/sample_gds_client.py +++ b/ranger-examples/sample-client/src/main/python/sample_gds_client.py @@ -43,14 +43,14 @@ hive_share_1.service = 'dev_hive' hive_share_1.zone = None hive_share_1.conditionExpr = "HAS_TAG('SCAN_COMPLETE')" hive_share_1.defaultAccessTypes = [ '_READ' ] -hive_share_1.defaultMasks = { 'HAS_TAG("PII")': { 'dataMaskType': 'MASK' } } +hive_share_1.defaultTagMasks = [ { 'tagName': 'PII', 'maskInfo': { 'dataMaskType': 'MASK' } } ] hdfs_share_1 = RangerDataShare({ 'name': 'datashare-2', 'description': 'the second datashare!', 'acl': { 'groups': { 'finance': GdsPermission.ADMIN } }, 'termsOfUse': None }) hdfs_share_1.service = 'dev_hdfs' hdfs_share_1.zone = None hdfs_share_1.conditionExpr = "HAS_TAG('SCAN_COMPLETE')" hdfs_share_1.defaultAccessTypes = [ '_READ' ] -hdfs_share_1.defaultMasks = None +hdfs_share_1.defaultTagMasks = None print(f'Creating dataset: name={dataset_1.name}') dataset_1 = gds.create_dataset(dataset_1) @@ -79,7 +79,8 @@ print(f' created data_share: {hdfs_share_1}') hive_resource_1 = RangerSharedResource({ 'dataShareId': hive_share_1.id, 'name': 'db1.tbl1' }) hive_resource_1.resource = { 'database': { 'values': ['db1'] }, 'table': { 'values': ['tbl1'] } } -hive_resource_1.subResourceNames = [ 'col1', 'col2' ] +hive_resource_1.subResource = { 'values': [ 'col1', 'col2' ] } +hive_resource_1.subResourceType = 'columnn' hive_resource_1.conditionExpr = "HAS_TAG('SCAN_COMPLETE') && !HAS_TAG('PII') && TAGS['DATA_QUALITY'].score > 0.8" hive_resource_1.accessTypes = [ '_READ' ] hive_resource_1.rowFilter = { 'filterExpr': "country = 'US'" } @@ -88,7 +89,8 @@ hive_resource_1.profiles = [ 'GDPR', 'HIPPA' ] hive_resource_2 = RangerSharedResource({ 'dataShareId': hive_share_1.id, 'name': 'db2.tbl2' }) hive_resource_2.resource = { 'database': { 'values': ['db2'] }, 'table': { 'values': ['tbl2'] } } -hive_resource_2.subResourceNames = [ '*' ] +hive_resource_2.subResource = { 'values': [ '*' ] } +hive_resource_2.subResourceType = 'column' hive_resource_2.accessTypes = [ '_READ', '_WRITE' ] hive_resource_2.profiles = [ 'GDPR' ] diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index 331c97027..dbeeaf423 100755 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1762,7 +1762,7 @@ CREATE TABLE `x_gds_data_share`( , `zone_id` BIGINT(20) NOT NULL , `condition_expr` TEXT NULL , `default_access_types` TEXT NULL - , `default_masks` TEXT NULL + , `default_tag_masks` TEXT NULL , `terms_of_use` TEXT NULL DEFAULT NULL , `options` TEXT NULL DEFAULT NULL , `additional_info` TEXT NULL DEFAULT NULL @@ -1791,7 +1791,8 @@ CREATE TABLE `x_gds_shared_resource`( , `data_share_id` BIGINT(20) NOT NULL , `resource` TEXT NOT NULL , `resource_signature` VARCHAR(128) NOT NULL - , `sub_resource_names` TEXT NULL DEFAULT NULL + , `sub_resource` TEXT NULL DEFAULT NULL + , `sub_resource_type` TEXT NULL DEFAULT NULL , `condition_expr` TEXT NULL DEFAULT NULL , `access_types` TEXT NULL DEFAULT NULL , `row_filter` TEXT NULL DEFAULT NULL diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql index a0e6c55cc..065bae0df 100755 --- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql +++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql @@ -1752,7 +1752,7 @@ CREATE TABLE x_gds_data_share( , zone_id BIGINT NOT NULL , condition_expr TEXT NULL , default_access_types TEXT NULL - , default_masks TEXT NULL + , default_tag_masks TEXT NULL , terms_of_use TEXT NULL DEFAULT NULL , options TEXT NULL DEFAULT NULL , additional_info TEXT NULL DEFAULT NULL @@ -1783,7 +1783,8 @@ CREATE TABLE x_gds_shared_resource( , data_share_id BIGINT NOT NULL , resource TEXT NOT NULL , resource_signature VARCHAR(128) NOT NULL - , sub_resource_names TEXT NULL DEFAULT NULL + , sub_resource TEXT NULL DEFAULT NULL + , sub_resource_type TEXT NULL DEFAULT NULL , condition_expr TEXT NULL DEFAULT NULL , access_types TEXT NULL DEFAULT NULL , row_filter TEXT NULL DEFAULT NULL diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java index eaa335753..9feb978ef 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java @@ -988,8 +988,8 @@ public class GdsDBStore extends AbstractGdsStore { .map(RangerPolicyResource::getValues).filter(Objects::nonNull) .anyMatch(res -> hasResource(res, resourceContains)); - if (!includeResource && CollectionUtils.isNotEmpty(sharedResource.getSubResourceNames())) { - includeResource = sharedResource.getSubResourceNames().stream().filter(Objects::nonNull) + if (!includeResource && sharedResource.getSubResource() != null && CollectionUtils.isNotEmpty(sharedResource.getSubResource().getValues())) { + includeResource = sharedResource.getSubResource().getValues().stream().filter(Objects::nonNull) .anyMatch(value -> value.contains(resourceContains)); } } diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java index 1d2f6a189..3ab96e29c 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java @@ -70,8 +70,8 @@ public class XXGdsDataShare extends XXDBBase implements Serializable { @Column(name = "default_access_types") protected String defaultAccessTypes; - @Column(name = "default_masks") - protected String defaultMasks; + @Column(name = "default_tag_masks") + protected String defaultTagMasks; @Column(name = "terms_of_use") protected String termsOfUse; @@ -129,9 +129,9 @@ public class XXGdsDataShare extends XXDBBase implements Serializable { public void setDefaultAccessTypes(String defaultAccessTypes) { this.defaultAccessTypes = defaultAccessTypes; } - public String getDefaultMasks() { return defaultMasks; } + public String getDefaultTagMasks() { return defaultTagMasks; } - public void setDefaultMasks(String defaultMasks) { this.defaultMasks = defaultMasks; } + public void setDefaultTagMasks(String defaultMasks) {this.defaultTagMasks = defaultMasks; } public String getTermsOfUse() { return termsOfUse; } @@ -150,7 +150,7 @@ public class XXGdsDataShare extends XXDBBase implements Serializable { @Override public int hashCode() { - return Objects.hash(id, guid, version, isEnabled, serviceId, zoneId, name, description, acl, conditionExpr, defaultAccessTypes, defaultMasks, termsOfUse, options, additionalInfo); + return Objects.hash(id, guid, version, isEnabled, serviceId, zoneId, name, description, acl, conditionExpr, defaultAccessTypes, defaultTagMasks, termsOfUse, options, additionalInfo); } @Override @@ -176,7 +176,7 @@ public class XXGdsDataShare extends XXDBBase implements Serializable { Objects.equals(acl, other.acl) && Objects.equals(conditionExpr, other.conditionExpr) && Objects.equals(defaultAccessTypes, other.defaultAccessTypes) && - Objects.equals(defaultMasks, other.defaultMasks) && + Objects.equals(defaultTagMasks, other.defaultTagMasks) && Objects.equals(termsOfUse, other.termsOfUse) && Objects.equals(options, other.options) && Objects.equals(additionalInfo, other.additionalInfo); @@ -201,7 +201,7 @@ public class XXGdsDataShare extends XXDBBase implements Serializable { .append("acl={").append(acl).append("} ") .append("conditionExpr={").append(conditionExpr).append("} ") .append("defaultAccessTypes={").append(defaultAccessTypes).append("} ") - .append("defaultMasks={").append(defaultMasks).append("} ") + .append("defaultMasks={").append(defaultTagMasks).append("} ") .append("termsOfUse={").append(termsOfUse).append("} ") .append("options={").append(options).append("} ") .append("additionalInfo={").append(additionalInfo).append("} ") diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java index 882cd4392..b6096f217 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java @@ -61,8 +61,11 @@ public class XXGdsSharedResource extends XXDBBase implements Serializable { @Column(name = "resource") protected String resource; - @Column(name = "sub_resource_names") - protected String subResourceNames; + @Column(name = "sub_resource") + protected String subResource; + + @Column(name = "sub_resource_type") + protected String subResourceType; @Column(name = "resource_signature") protected String resourceSignature; @@ -123,9 +126,13 @@ public class XXGdsSharedResource extends XXDBBase implements Serializable { public void setResource(String resource) { this.resource = resource; } - public String getSubResourceNames() { return subResourceNames; } + public String getSubResource() { return subResource; } + + public void setSubResource(String subResource) {this.subResource = subResource; } + + public String getSubResourceType() { return subResourceType; } - public void setSubResourceNames(String subResourceNames) { this.subResourceNames = subResourceNames; } + public void setSubResourceType(String subResourceType) {this.subResourceType = subResourceType; } public String getResourceSignature() { return resourceSignature; } @@ -164,7 +171,7 @@ public class XXGdsSharedResource extends XXDBBase implements Serializable { @Override public int hashCode() { - return Objects.hash(id, guid, version, isEnabled, name, description, dataShareId, resource, subResourceNames, resourceSignature, conditionExpr, accessTypes, rowFilter, subResourceMasks, profiles, options, additionalInfo); + return Objects.hash(id, guid, version, isEnabled, name, description, dataShareId, resource, subResource, subResourceType, resourceSignature, conditionExpr, accessTypes, rowFilter, subResourceMasks, profiles, options, additionalInfo); } @Override @@ -187,7 +194,8 @@ public class XXGdsSharedResource extends XXDBBase implements Serializable { Objects.equals(description, other.description) && Objects.equals(dataShareId, other.dataShareId) && Objects.equals(resource, other.resource) && - Objects.equals(subResourceNames, other.subResourceNames) && + Objects.equals(subResource, other.subResource) && + Objects.equals(subResourceType, other.subResourceType) && Objects.equals(resourceSignature, other.resourceSignature) && Objects.equals(conditionExpr, other.conditionExpr) && Objects.equals(accessTypes, other.accessTypes) && @@ -215,7 +223,8 @@ public class XXGdsSharedResource extends XXDBBase implements Serializable { .append("description={").append(description).append("} ") .append("dataShareId={").append(dataShareId).append("} ") .append("resource={").append(resource).append("} ") - .append("subResourceNames={").append(subResourceNames).append("} ") + .append("subResource={").append(subResource).append("} ") + .append("subResourceType={").append(subResourceType).append("} ") .append("conditionExpr={").append(conditionExpr).append("} ") .append("accessTypes={").append(accessTypes).append("} ") .append("rowFilter={").append(rowFilter).append("} ") diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java index d4e6ec746..36897c111 100755 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java @@ -236,7 +236,7 @@ public class RangerGdsDataShareService extends RangerGdsBaseModelService<XXGdsDa xObj.setZoneId(zoneId); xObj.setConditionExpr(vObj.getConditionExpr()); xObj.setDefaultAccessTypes(JsonUtils.objectToJson(vObj.getDefaultAccessTypes())); - xObj.setDefaultMasks(JsonUtils.objectToJson(vObj.getDefaultMasks())); + xObj.setDefaultTagMasks(JsonUtils.objectToJson(vObj.getDefaultTagMasks())); xObj.setTermsOfUse(vObj.getTermsOfUse()); xObj.setOptions(JsonUtils.mapToJson(vObj.getOptions())); xObj.setAdditionalInfo(JsonUtils.mapToJson(vObj.getAdditionalInfo())); @@ -262,7 +262,7 @@ public class RangerGdsDataShareService extends RangerGdsBaseModelService<XXGdsDa vObj.setZone(zoneName); vObj.setConditionExpr(xObj.getConditionExpr()); vObj.setDefaultAccessTypes(JsonUtils.jsonToSetString(xObj.getDefaultAccessTypes())); - vObj.setDefaultMasks(JsonUtils.jsonToMapMaskInfo(xObj.getDefaultMasks())); + vObj.setDefaultTagMasks(JsonUtils.jsonToListTagMaskInfo(xObj.getDefaultTagMasks())); vObj.setTermsOfUse(xObj.getTermsOfUse()); vObj.setOptions(JsonUtils.jsonToMapStringString(xObj.getOptions())); vObj.setAdditionalInfo(JsonUtils.jsonToMapStringString(xObj.getAdditionalInfo())); diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java index d9eac708c..0a11d4f1d 100755 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java @@ -199,7 +199,8 @@ public class RangerGdsSharedResourceService extends RangerGdsBaseModelService<XX xObj.setDescription(vObj.getDescription()); xObj.setDataShareId(vObj.getDataShareId()); xObj.setResource(JsonUtils.mapToJson(vObj.getResource())); - xObj.setSubResourceNames(JsonUtils.listToJson(vObj.getSubResourceNames())); + xObj.setSubResource(JsonUtils.objectToJson(vObj.getSubResource())); + xObj.setSubResourceType(vObj.getSubResourceType()); xObj.setResourceSignature(new RangerPolicyResourceSignature(vObj.getResource()).getSignature()); xObj.setConditionExpr(vObj.getConditionExpr()); xObj.setAccessTypes(JsonUtils.objectToJson(vObj.getAccessTypes())); @@ -221,7 +222,8 @@ public class RangerGdsSharedResourceService extends RangerGdsBaseModelService<XX vObj.setDescription(xObj.getDescription()); vObj.setDataShareId(xObj.getDataShareId()); vObj.setResource(JsonUtils.jsonToMapPolicyResource(xObj.getResource())); - vObj.setSubResourceNames(JsonUtils.jsonToListString(xObj.getSubResourceNames())); + vObj.setSubResource(JsonUtils.jsonToObject(xObj.getSubResource(), RangerPolicy.RangerPolicyResource.class)); + vObj.setSubResourceType(xObj.getSubResourceType()); vObj.setConditionExpr(xObj.getConditionExpr()); vObj.setAccessTypes(JsonUtils.jsonToSetString(xObj.getAccessTypes())); vObj.setRowFilter(JsonUtils.jsonToObject(xObj.getRowFilter(), RangerPolicy.RangerPolicyItemRowFilterInfo.class)); diff --git a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java index ebffd654e..6c55fd029 100755 --- a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java +++ b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java @@ -34,6 +34,7 @@ import org.apache.ranger.plugin.model.RangerGds.RangerDataset; import org.apache.ranger.plugin.model.RangerGds.RangerGdsObjectACL; import org.apache.ranger.plugin.model.RangerGds.RangerProject; import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource; +import org.apache.ranger.plugin.model.RangerGds.RangerTagDataMaskInfo; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo; import org.apache.ranger.plugin.model.validation.ValidationFailureDetails; import org.slf4j.Logger; @@ -183,7 +184,7 @@ public class RangerGdsValidator { validateAcl(dataShare.getAcl(), "acl", result); validateAccessTypes(dataShare.getService(), "defaultAccessTypes", dataShare.getDefaultAccessTypes(), result); - validateMaskTypes(dataShare.getService(), "defaultMasks", dataShare.getDefaultMasks(), result); + validateMaskTypes(dataShare.getService(), "defaultTagMasks", dataShare.getDefaultTagMasks(), result); if (!result.isSuccess()) { result.throwRESTException(); @@ -203,7 +204,7 @@ public class RangerGdsValidator { validateDataShareAdmin(existing, result); validateAcl(dataShare.getAcl(), "acl", result); validateAccessTypes(dataShare.getService(), "defaultAccessTypes", dataShare.getDefaultAccessTypes(), result); - validateMaskTypes(dataShare.getService(), "defaultMasks", dataShare.getDefaultMasks(), result); + validateMaskTypes(dataShare.getService(), "defaultTagMasks", dataShare.getDefaultTagMasks(), result); } if (!result.isSuccess()) { @@ -799,11 +800,12 @@ public class RangerGdsValidator { } } - private void validateMaskTypes(String serviceName, String fieldName, Map<String, RangerPolicyItemDataMaskInfo> maskTypes, ValidationResult result) { + private void validateMaskTypes(String serviceName, String fieldName, List<RangerTagDataMaskInfo> maskTypes, ValidationResult result) { if (maskTypes != null && !maskTypes.isEmpty()) { Set<String> validMaskTypes = dataProvider.getMaskTypes(serviceName); - for (RangerPolicyItemDataMaskInfo maskInfo : maskTypes.values()) { + for (RangerTagDataMaskInfo tagMaskInfo : maskTypes) { + RangerPolicyItemDataMaskInfo maskInfo = tagMaskInfo.getMaskInfo(); if (!validMaskTypes.contains(maskInfo.getDataMaskType())) { result.addValidationFailure(new ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_INVALID_MASK_TYPE, fieldName, maskInfo.getDataMaskType())); }