Barbara Eckman created RANGER-4234:
--------------------------------------
Summary: eliminate need for splitting delim strings into arrays in
policy conditions
Key: RANGER-4234
URL: https://issues.apache.org/jira/browse/RANGER-4234
Project: Ranger
Issue Type: Improvement
Components: plugins, Ranger
Reporter: Barbara Eckman
Assignee: Barbara Eckman
RANGER-3940 created javascript polyfills to support set operations in policy
conditions and row filters via includes() and intersects(). Since Ranger
doesn't support arrays in tag or userStore attribute values, in order to do
these set operations we need to convert a delimited string into an array via
split(). This results in undesirably complex conditions, relatively hard to
maintain and error-prone.
I propose using the "[[...]]" syntax to indicate that an element is
semantically an array. I've written a java method to replace the double
brackets with the split() syntax before the script or row filter is executed.
If no delimiter is explicitly given, "," is assumed.
Examples:
|*As written in policy/row filter condition*|*As sent for evaluation*|
|[[USER[TAG._type],"f"]].intersects([[TAG.value]])|USER[TAG._type].split("f").intersects(TAG.value.split(","))|
|[["${\{USER.partners}}"]].includes(partner)|"${\{USER.partners}}".split(",").includes(partner)|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
