Repository: incubator-ranger Updated Branches: refs/heads/master 2867cc55e -> efdde916c
RANGER-917: Ranger Hive authorizer updates for changes in Hive Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/efdde916 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/efdde916 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/efdde916 Branch: refs/heads/master Commit: efdde916c60a93bb0bce634ebee3c7000f52646f Parents: 2867cc5 Author: Madhan Neethiraj <[email protected]> Authored: Mon Apr 11 02:02:54 2016 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Apr 11 02:02:54 2016 -0700 ---------------------------------------------------------------------- .../service-defs/ranger-servicedef-hive.json | 12 ++--- .../hive/authorizer/RangerHiveAuthorizer.java | 51 ++++++++++++++++++-- 2 files changed, 53 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/efdde916/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json index 27e1443..1d97843 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -289,8 +289,8 @@ { "itemId": 5, "name": "MASK_DATE_DAY", - "label": "Date: show only month and year", - "description": "Date: show only month and year", + "label": "Date: mask day", + "description": "Date: mask day", "transformer": "org.apache.ranger.authorization.hive.udf.MaskTransformer", "dataMaskOptions": { "initParam": "day=1; month=-1; year=-1" @@ -299,8 +299,8 @@ { "itemId": 6, "name": "MASK_DATE_MONTH", - "label": "Date: show only day and year", - "description": "Date: show only day and year", + "label": "Date: mask month", + "description": "Date: mask month", "transformer": "org.apache.ranger.authorization.hive.udf.MaskTransformer", "dataMaskOptions": { "initParam": "day=-1; month=0; year=-1" @@ -309,8 +309,8 @@ { "itemId": 7, "name": "MASK_DATE_YEAR", - "label": "Date: show only day and month", - "description": "Date: show only day and month", + "label": "Date: mask year", + "description": "Date: mask year", "transformer": "org.apache.ranger.authorization.hive.udf.MaskTransformer", "dataMaskOptions": { "initParam": "day=-1; month=-1; year=0" http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/efdde916/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index abd1081..ea0a6c1 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -471,15 +471,58 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { } @Override - public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(QueryContext queryContext, List<HivePrivilegeObject> list) throws SemanticException { - List<HivePrivilegeObject> ret = list; + public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(QueryContext queryContext, List<HivePrivilegeObject> hiveObjs) throws SemanticException { + List<HivePrivilegeObject> ret = new ArrayList<HivePrivilegeObject>(); if(LOG.isDebugEnabled()) { - LOG.debug("==> applyRowFilterAndColumnMasking(" + queryContext + ", " + list + ")"); + LOG.debug("==> applyRowFilterAndColumnMasking(" + queryContext + ", objCount=" + hiveObjs.size() + ")"); + } + + if(CollectionUtils.isNotEmpty(hiveObjs)) { + for (HivePrivilegeObject hiveObj : hiveObjs) { + HivePrivilegeObjectType hiveObjType = hiveObj.getType(); + + if(hiveObjType == null) { + hiveObjType = HivePrivilegeObjectType.TABLE_OR_VIEW; + } + + LOG.debug("applyRowFilterAndColumnMasking(hiveObjType=" + hiveObjType + ")"); + + if (hiveObjType == HivePrivilegeObjectType.DATABASE || hiveObjType == HivePrivilegeObjectType.TABLE_OR_VIEW) { + String database = hiveObj.getDbname(); + String table = hiveObj.getObjectName(); + + String rowFilterExpr = getRowFilterExpression(database, table); + + if (StringUtils.isNotBlank(rowFilterExpr)) { + LOG.debug("rowFilter(database=" + database + ", table=" + table + "): " + rowFilterExpr); + + hiveObj.setRowFilterExpression(rowFilterExpr); + } + + if (CollectionUtils.isNotEmpty(hiveObj.getColumns())) { + List<String> columnTransformers = new ArrayList<String>(); + + for (String column : hiveObj.getColumns()) { + String columnTransformer = getCellValueTransformer(database, table, column); + + if(StringUtils.isNotEmpty(columnTransformer)) { + LOG.debug("columnTransformer(database=" + database + ", table=" + table + ", column=" + column + "): " + columnTransformer); + } + + columnTransformers.add(columnTransformer); + } + + hiveObj.setCellValueTransformers(columnTransformers); + } + } + + ret.add(hiveObj); + } } if(LOG.isDebugEnabled()) { - LOG.debug("<== applyRowFilterAndColumnMasking(" + queryContext + ", " + list + "): " + ret); + LOG.debug("<== applyRowFilterAndColumnMasking(" + queryContext + ", objCount=" + hiveObjs.size() + "): retCount=" + ret.size()); } return ret;
