Madhan Neethiraj created RANGER-5367:
----------------------------------------
Summary: simplify resourceName parsing
Key: RANGER-5367
URL: https://issues.apache.org/jira/browse/RANGER-5367
Project: Ranger
Issue Type: Sub-task
Components: pdp
Reporter: Madhan Neethiraj
Authz APIs introduced in RANGER-5309 support name of the accessed resource to
be provided as a string, instead of a map used in plugin APIs. For example:
* a column:
** Authz APIs: {{column:db1.tbl1.col1}}
** plugin APIs: {{{ "database": "db1", "table": "tbl1", "column": "col1" }}}
* an ozone key:
** Authz APIs: {{key:vol1.bucket1/p1/p2/file.txt}}
** plugin APIs: {{{ "volume": "vol1", "bucket": "bucket1", "key":
"p1/p2/file.txt" }}}
The string format is easier to read than the map format, and will result in
smaller payloads as well. However, the parsing introduced in RANGER-5309
supported more complex constructs like: prefix, suffix, different separators
between resources. These are unnecessary, given the need is to capture
hierarchy of resources. Hence, I propose to simplify the resource name format
to:
* remove support for prefix and suffix in resource names
** {{key:ofs://vol1/bucket1/p1/p2/file.txt}} will not be supported; this
resource should be specified as {{key:vol1/bucket1/p1/p2/file.txt}}
* use only "/" as the separator, with option to escape using backslash (\)
** {{relativepath:container1@account1/p1/p2/file.txt}} will not be supported;
this resource should be specified as
{{relativepath:account1/container/p1/p2/file.txt}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
