[jira] [Updated] (RANGER-3605) Support macros in row-filter/condition expressions

Madhan Neethiraj (Jira) Thu, 05 May 2022 14:55:07 -0700


     [ 
https://issues.apache.org/jira/browse/RANGER-3605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Madhan Neethiraj updated RANGER-3605:
-------------------------------------
    Description: 
Enhancements in RANGER-3550, RANGER-3567, RANGER-3586 enable use of 
user/group/tag attributes in row-filter/condition expressions. To make it 
easier to refer to these attributes, it will help to be able to use macros 
instead of method calls, as shown below:

{{{}site in ( $\{{GET_UG_ATTR_CSV('site'){}}}}} )

instead of

{{{}site in ( $\{{ctx.ugAttrCsv('site'){}}}}} )

 

Following macros will be supported with this enhancement:
||Macro||Example Usage||Example Evaluated Value||
|{{GET_TAG_ATTR_CSV}}|{{{}siteCode in 
($\{{GET_TAG_ATTR_CSV('{}}}{{{}siteCode{}}}{{{}'){}}}}})|{{siteCode}}{{ in 
(10,20)}}|
|{{GET_TAG_ATTR_Q_CSV}}|{{{}siteId in 
($\{{GET_TAG_ATTR_Q_CSV('siteId'){}}}}})|{{siteId in ('site1','site2')}}|
|{{GET_UG_ATTR_CSV}}|{{{}groupId in 
($\{{GET_UG_ATTR_CSV('{}}}{{{}groupId{}}}{{{}'){}}})}}|{{{}groupId in 
({}}}{{{}10,20,30){}}}|
|{{GET_UG_ATTR_Q_CSV}}|{{{}manager in 
($\{{GET_UG_ATTR_Q_CSV('manager'){}}}}})|{{manager in ('jane','john','scott')}}|
|{{TAG_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
($\{{TAG_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
({}}}{{{}'siteId','siteCode'){}}}|
|{{TAG_NAMES_Q_CSV}}|{{{}tag_name in ($\{{TAG_NAMES_Q_CSV{}}}}})|{{tag_name in 
('PII','PCI')}}|
|{{UG_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
($\{{UG_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
({}}}{{{}'groupId','manager'){}}}|
|{{UG_NAMES_Q_CSV}}|{{{}group_name in ($\{{UG_NAMES_Q_CSV{}}}}})|{{{}group_name 
in ({}}}{{{}'group1','group2'){}}}|
|{{UR_NAMES_Q_CSV}}|{{{}role_name in 
($\{{{}}}{{{}UR_NAMES_Q_CSV{}}}}})|{{{}role_name in 
({}}}{{{}'role1','role2'){}}}|
|{{USER_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
($\{{{}}}{{{}USER_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
({}}}{{{}'dept','state'){}}}|

 

In addition to above macros, user/group/tag attributes can be referenced in 
row-filter and policy resource-names with the expressions inside _${\{ }}_ as 
shown below :
||Expressions||Example Evaluated Value||
|{{{}state == '$\{{USER.state{}}}}}' AND dept == 
'$\{{{{{}UG['group1'].dept{}}}'}}|{{state == 'WA' AND dept == 'Sales'}}|
|{{{}attr1 == '$\{{TAG.attr1{}}}'}}|{{attr1 == 'PII_value'}}|
|{{{}pii_type == '$\{{TAGS['PII']['type']{}}}'}}|{{pii_type == 'email'}}|
|{{{}s3://mybucket/users/$\{{USER._name{}}}}}/$\{{{{{}USER.state{}}}}}/test.txt|{{s3://mybucket/users/test-user/WA/test.txt}}|

 

 

  was:
Enhancements in RANGER-3550, RANGER-3567, RANGER-3586 enable use of 
user/group/tag attributes in row-filter/condition expressions. To make it 
easier to refer to these attributes, it will help to be able to use macros 
instead of method calls, as shown below:

{{{}site in ( $\{{GET_UG_ATTR_CSV('site'){}}}}} )

instead of

{{{}site in ( $\{{ctx.ugAttrCsv('site'){}}}}} )

 

Following macros will be supported with this enhancement:
||Macro||Example Usage||Example Evaluated Value||
|{{GET_TAG_ATTR_CSV}}|{{{}siteCode in 
($\{{GET_TAG_ATTR_CSV('{}}}{{{}siteCode{}}}{{{}'){}}}}})|{{siteCode}}{{ in 
(10,20)}}|
|{{GET_TAG_ATTR_Q_CSV}}|{{{}siteId in 
($\{{GET_TAG_ATTR_Q_CSV('siteId'){}}}}})|{{siteId in ('site1','site2')}}|
|{{GET_UG_ATTR_CSV}}|{{{}groupId in 
($\{{GET_UG_ATTR_CSV('{}}}{{{}groupId{}}}{{{}'){}}})}}|{{{}groupId in 
({}}}{{{}10,20,30){}}}|
|{{GET_UG_ATTR_Q_CSV}}|{{{}manager in 
($\{{GET_UG_ATTR_Q_CSV('manager'){}}}}})|{{manager in ('jane','john','scott')}}|
|{{TAG_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
($\{{TAG_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
({}}}{{{}'siteId','siteCode'){}}}|
|{{TAG_NAMES_Q_CSV}}|{{{}tag_name in ($\{{TAG_NAMES_Q_CSV{}}}}})|{{tag_name in 
('PII','PCI')}}|
|{{UG_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
($\{{UG_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
({}}}{{{}'groupId','manager'){}}}|
|{{UG_NAMES_Q_CSV}}|{{{}group_name in ($\{{UG_NAMES_Q_CSV{}}}}})|{{{}group_name 
in ({}}}{{{}'group1','group2'){}}}|
|{{UR_NAMES_Q_CSV}}|{{{}role_name in 
($\{{{}}}{{{}UR_NAMES_Q_CSV{}}}}})|{{{}role_name in 
({}}}{{{}'role1','role2'){}}}|
|{{USER_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
($\{{{}}}{{{}USER_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
({}}}{{{}'dept','state'){}}}|

 

In addition to above macros, user/group/tag attributes can be referenced in 
row-filter and policy resource-names with the expressions inside _${\{ }}_ as 
shown below :
||Expressions||Example Evaluated Value||
|{{{}state == '$\{{USER.state{}}}}}' AND dept == 
'$\{{{{{}UG['group1'].dept{}}}'}}|{{state == 'WA' AND dept == 'Sales'}}|
|{{{}attr1 == '$\{{TAG.attr1{}}}'}}|{{attr1 == 'PII_value'}}|
|{{{}pii_type == '$\{{TAGS['PII'].['type']{}}}'}}|{{pii_type == 'email'}}|
|{{{}s3://mybucket/users/$\{{USER._name{}}}}}/$\{{{{{}USER.state{}}}}}/test.txt|{{s3://mybucket/users/test-user/WA/test.txt}}|

 

 


> Support macros in row-filter/condition expressions
> --------------------------------------------------
>
>                 Key: RANGER-3605
>                 URL: https://issues.apache.org/jira/browse/RANGER-3605
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>            Priority: Major
>             Fix For: 3.0.0, 2.3.0
>
>         Attachments: RANGER-3605.patch
>
>
> Enhancements in RANGER-3550, RANGER-3567, RANGER-3586 enable use of 
> user/group/tag attributes in row-filter/condition expressions. To make it 
> easier to refer to these attributes, it will help to be able to use macros 
> instead of method calls, as shown below:
> {{{}site in ( $\{{GET_UG_ATTR_CSV('site'){}}}}} )
> instead of
> {{{}site in ( $\{{ctx.ugAttrCsv('site'){}}}}} )
>  
> Following macros will be supported with this enhancement:
> ||Macro||Example Usage||Example Evaluated Value||
> |{{GET_TAG_ATTR_CSV}}|{{{}siteCode in 
> ($\{{GET_TAG_ATTR_CSV('{}}}{{{}siteCode{}}}{{{}'){}}}}})|{{siteCode}}{{ in 
> (10,20)}}|
> |{{GET_TAG_ATTR_Q_CSV}}|{{{}siteId in 
> ($\{{GET_TAG_ATTR_Q_CSV('siteId'){}}}}})|{{siteId in ('site1','site2')}}|
> |{{GET_UG_ATTR_CSV}}|{{{}groupId in 
> ($\{{GET_UG_ATTR_CSV('{}}}{{{}groupId{}}}{{{}'){}}})}}|{{{}groupId in 
> ({}}}{{{}10,20,30){}}}|
> |{{GET_UG_ATTR_Q_CSV}}|{{{}manager in 
> ($\{{GET_UG_ATTR_Q_CSV('manager'){}}}}})|{{manager in 
> ('jane','john','scott')}}|
> |{{TAG_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
> ($\{{TAG_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
> ({}}}{{{}'siteId','siteCode'){}}}|
> |{{TAG_NAMES_Q_CSV}}|{{{}tag_name in ($\{{TAG_NAMES_Q_CSV{}}}}})|{{tag_name 
> in ('PII','PCI')}}|
> |{{UG_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
> ($\{{UG_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
> ({}}}{{{}'groupId','manager'){}}}|
> |{{UG_NAMES_Q_CSV}}|{{{}group_name in 
> ($\{{UG_NAMES_Q_CSV{}}}}})|{{{}group_name in ({}}}{{{}'group1','group2'){}}}|
> |{{UR_NAMES_Q_CSV}}|{{{}role_name in 
> ($\{{{}}}{{{}UR_NAMES_Q_CSV{}}}}})|{{{}role_name in 
> ({}}}{{{}'role1','role2'){}}}|
> |{{USER_ATTR_NAMES_Q_CSV}}|{{{}attr_name in 
> ($\{{{}}}{{{}USER_ATTR_NAMES_Q_CSV{}}}}})|{{{}attr_name in 
> ({}}}{{{}'dept','state'){}}}|
>  
> In addition to above macros, user/group/tag attributes can be referenced in 
> row-filter and policy resource-names with the expressions inside _${\{ }}_ as 
> shown below :
> ||Expressions||Example Evaluated Value||
> |{{{}state == '$\{{USER.state{}}}}}' AND dept == 
> '$\{{{{{}UG['group1'].dept{}}}'}}|{{state == 'WA' AND dept == 'Sales'}}|
> |{{{}attr1 == '$\{{TAG.attr1{}}}'}}|{{attr1 == 'PII_value'}}|
> |{{{}pii_type == '$\{{TAGS['PII']['type']{}}}'}}|{{pii_type == 'email'}}|
> |{{{}s3://mybucket/users/$\{{USER._name{}}}}}/$\{{{{{}USER.state{}}}}}/test.txt|{{s3://mybucket/users/test-user/WA/test.txt}}|
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Updated] (RANGER-3605) Support macros in row-filter/condition expressions

Reply via email to