RANGER-1054: Enhance column masking feature to support custom value/expression
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c3ca247a Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c3ca247a Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c3ca247a Branch: refs/heads/master Commit: c3ca247a9730d5491757850bb1d43fe68cfa8d3f Parents: 559c6f4 Author: Madhan Neethiraj <[email protected]> Authored: Thu Jun 23 00:51:59 2016 -0700 Committer: Velmurugan Periasamy <[email protected]> Committed: Thu Jun 23 11:13:21 2016 -0400 ---------------------------------------------------------------------- .../resources/service-defs/ranger-servicedef-hive.json | 6 ++++++ .../hive/authorizer/RangerHiveAuthorizer.java | 11 ++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c3ca247a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json index 777165a..3b7620a 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -331,6 +331,12 @@ "label": "Date: show only year", "description": "Date: show only year", "transformer": "mask({col}, 'x', 'x', 'x', -1, '1', 1, 0, -1)" + }, + { + "itemId": 13, + "name": "CUSTOM", + "label": "Custom", + "description": "Custom" } ] }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c3ca247a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index 3ad4d60..6b19b61 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -73,7 +73,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { private static final char COLUMN_SEP = ','; public static final String MASK_TYPE_NULL = "MASK_NULL"; public static final String MASK_TYPE_NONE = "MASK_NONE"; - public static final String MASK_TYPE_CONSTANT = "CONSTANT"; + public static final String MASK_TYPE_CUSTOM = "CUSTOM"; private static volatile RangerHivePlugin hivePlugin = null ; @@ -610,10 +610,15 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { ret = columnName; } else if(StringUtils.equalsIgnoreCase(maskType, MASK_TYPE_NULL)) { ret = "NULL"; - } else if(StringUtils.equalsIgnoreCase(maskType, MASK_TYPE_CONSTANT)) { + } else if(StringUtils.equalsIgnoreCase(maskType, MASK_TYPE_CUSTOM)) { String maskedValue = result.getMaskedValue(); - ret = maskedValue == null ? "NULL" : maskedValue; + if(maskedValue == null) { + ret = "NULL"; + } else { + ret = maskedValue.replace("{col}", columnName); + } + } else if(StringUtils.isNotEmpty(transformer)) { ret = transformer.replace("{col}", columnName); }
