This is an automated email from the ASF dual-hosted git repository.
liuxun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git
The following commit(s) were added to refs/heads/master by this push:
new fd9b577 SUBMARINE-433. Expose Spark Security API with Authz w/ w/o
DataMasking and Row Filtering
fd9b577 is described below
commit fd9b577ee1036b104e743babbafef232b293d0ba
Author: Kent Yao <[email protected]>
AuthorDate: Tue Mar 17 15:43:56 2020 +0800
SUBMARINE-433. Expose Spark Security API with Authz w/ w/o DataMasking and
Row Filtering
### What is this PR for?
Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
Then one is only enabled with security features with authorization and conf
restricting
the other is fully applied data masking and row filtering too.
### What type of PR is it?
Improvement
### Todos
* [ ] - Task
### What is the Jira issue?
* Open an issue on Jira https://issues.apache.org/jira/browse/SUBMARINE-433
* Put link here, and add [SUBMARINE-*Jira number*] in PR title, eg.
[SUBMARINE-23]
### How should this be tested?
* First time? Setup Travis CI as described on
https://submarine.apache.org/contribution/contributions.html#continuous-integration
* Strongly recommended: add automated unit tests for any new or changed
behavior
* Outline any manual steps to test the PR here.
pass current travis
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Kent Yao <[email protected]>
Closes #231 from yaooqinn/SUBMARINE-433 and squashes the following commits:
e511a59 [Kent Yao] SUBMARINE-433. Expose Spark Security API with Authz w/
w/o DataMasking and Row Filtering
---
.../RangerSparkAuthzExtension.scala} | 21 ++++++++++++++-------
.../{ => api}/RangerSparkSQLExtension.scala | 15 ++++++++++++++-
2 files changed, 28 insertions(+), 8 deletions(-)
diff --git
a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
similarity index 68%
copy from
submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
copy to
submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
index 1dc1ad0..42b4b7e 100644
---
a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
+++
b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
@@ -17,18 +17,25 @@
* under the License.
*/
-package org.apache.submarine.spark.security
+package org.apache.submarine.spark.security.api
import org.apache.spark.sql.SparkSessionExtensions
-import
org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension,
SubmarineDataMaskingExtension, SubmarineRowFilterExtension,
SubmarineSparkRangerAuthorizationExtension}
-import org.apache.spark.sql.execution.SubmarineSparkPlanOmitStrategy
+import
org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension,
SubmarineSparkRangerAuthorizationExtension}
+import org.apache.submarine.spark.security.Extensions
-class RangerSparkSQLExtension extends Extensions {
+/**
+ * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
+ * <ul>
+ * <li>Table/Column level authorization</li>
+ * <ul>
+ *
+ * To work with Spark SQL, we need to enable it via spark extensions
+ *
+ *
spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkAuthzExtension
+ */
+class RangerSparkAuthzExtension extends Extensions {
override def apply(ext: SparkSessionExtensions): Unit = {
ext.injectCheckRule(SubmarineConfigurationCheckExtension)
ext.injectOptimizerRule(SubmarineSparkRangerAuthorizationExtension)
- ext.injectOptimizerRule(SubmarineRowFilterExtension)
- ext.injectOptimizerRule(SubmarineDataMaskingExtension)
- ext.injectPlannerStrategy(SubmarineSparkPlanOmitStrategy)
}
}
diff --git
a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
similarity index 76%
rename from
submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
rename to
submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
index 1dc1ad0..25cd7d9 100644
---
a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
+++
b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
@@ -17,12 +17,25 @@
* under the License.
*/
-package org.apache.submarine.spark.security
+package org.apache.submarine.spark.security.api
import org.apache.spark.sql.SparkSessionExtensions
import
org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension,
SubmarineDataMaskingExtension, SubmarineRowFilterExtension,
SubmarineSparkRangerAuthorizationExtension}
import org.apache.spark.sql.execution.SubmarineSparkPlanOmitStrategy
+import org.apache.submarine.spark.security.Extensions
+/**
+ * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
+ * <ul>
+ * <li>Table/Column level authorization</li>
+ * <li>Row level filtering</li>
+ * <li>Data masking</li>
+ * <ul>
+ *
+ * To work with Spark SQL, we need to enable it via spark extensions
+ *
+ *
spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkSQLExtension
+ */
class RangerSparkSQLExtension extends Extensions {
override def apply(ext: SparkSessionExtensions): Unit = {
ext.injectCheckRule(SubmarineConfigurationCheckExtension)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
