> On Dec. 11, 2023, 6 p.m., Barbara Eckman wrote:
> > This is a great idea! It's very useful to have all dynamic expressions in
> > one place!
> >
> > One example is incorrect, though: "data_source in
> > (${{USER.allowedSources}})". The problem is that IN requires an array on
> > the RHS, but (${{USER.allowedSources}}) evaluates to "(source1, source2)."
> > Using GET_USER_ATTR_Q just adds quotes around yields "source1, source2",
> > but it doesn't create an array. A split is needed, or the notation
> > [[USER.allowedSources]], a la RANGER-2434.
>
> Barbara Eckman wrote:
> My preferred method of addressing this would be changing the type of the
> UserStore from Map<String, Map<String, String>> to Map<String, Map<String,
> ArrayList<String>> or some such. Apache Atlas handles array-valued
> attributes of tags. It would be great if Ranger handled arrays too!
>
> Madhan Neethiraj wrote:
> @Barbara - good point! I will add a note in the blog that the expression
> should evaluate to a valid value for the context. In this example,
> data_source is a numeric column with USER.allowedSources having list of
> numbers separated by a comma - like 10,11,18.
>
> Let's look for an easier way to handle the use case you raised. How about
> this?: data_source in (QUOTED_CSV(USER.allowedSources))
>
> Barbara Eckman wrote:
> I tried QUOTED_CSV() but got this error:
> ERROR [main] (RangerRequestScriptEvaluator.java:264) -
> RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate script
> javax.script.ScriptException: ReferenceError: "QUOTED_CSV" is not defined
> in <eval> at line number 1
Maybe i didn't understand your comment, but I tried the following:
USER.EventType = "10,20,30"
condition: 10 in (USER.EventType)
Error message:
ERROR [main] (RangerRequestScriptEvaluator.java:264) -
RangerRequestScriptEvaluator.evaluateScript(): failed to evaluate script
javax.script.ScriptException: TypeError: Right hand side of "in" cannot be
non-Object, found string in <eval> at line number 1
Am I missing something?
- Barbara
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74778/#review226035
-----------------------------------------------------------
On Dec. 11, 2023, 2:16 a.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74778/
> -----------------------------------------------------------
>
> (Updated Dec. 11, 2023, 2:16 a.m.)
>
>
> Review request for ranger, Anand Nadar, Ankita Sinha, Abhay Kulkarni, Monika
> Kachhadiya, Ramesh Mani, Sailaja Polavarapu, Subhrat Chaudhary, and
> Velmurugan Periasamy.
>
>
> Bugs: RANGER-4587
> https://issues.apache.org/jira/browse/RANGER-4587
>
>
> Repository: ranger
>
>
> Description
> -------
>
> added blog with details of using dynamic expressions in Apache Ranger policies
>
>
> Diffs
> -----
>
> docs/src/site/resources/blogs/dynamic_expressions.html PRE-CREATION
> docs/src/site/xdoc/blogs.xml 2f81ef7c4
>
>
> Diff: https://reviews.apache.org/r/74778/diff/1/
>
>
> Testing
> -------
>
> - built and ran updated docs with mvn site:run
> - verified that the new blog is seen in the blog list
> - verified that the new blog renders correctly in browser
>
>
> File Attachments
> ----------------
>
> Apache Ranger - dynamic expressions.pdf
>
> https://reviews.apache.org/media/uploaded/files/2023/12/11/a8d4e7f9-5ec7-4527-9d3c-245c15f49573__Apache_Ranger_-_dynamic_expressions.pdf
>
>
> Thanks,
>
> Madhan Neethiraj
>
>
