(ranger) branch RANGER-3923 updated: RANGER-4269: gds enricher implementation to grant access using dataset/project policies - #2
This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-3923 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/RANGER-3923 by this push: new 4f362e1bf RANGER-4269: gds enricher implementation to grant access using dataset/project policies - #2 4f362e1bf is described below commit 4f362e1bf948db8a5e5726876c945be484842c05 Author: Madhan Neethiraj AuthorDate: Wed Nov 8 18:51:13 2023 -0800 RANGER-4269: gds enricher implementation to grant access using dataset/project policies - #2 --- .../plugin/policyengine/RangerAccessResult.java| 14 +-- .../policyengine/RangerPolicyEngineImpl.java | 4 +- .../plugin/policyengine/gds/GdsAccessResult.java | 64 +++- .../policyengine/gds/GdsDataShareEvaluator.java| 17 ++-- .../policyengine/gds/GdsDatasetEvaluator.java | 19 ++-- .../plugin/policyengine/gds/GdsPolicyEngine.java | 110 - .../policyengine/gds/GdsProjectEvaluator.java | 10 +- .../gds/test_gds_policy_engine_hive.json | 46 - 8 files changed, 130 insertions(+), 154 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java index 69e8ed9fc..402cbda68 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java @@ -25,8 +25,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.util.ServiceDefUtil; import java.util.HashMap; -import java.util.List; import java.util.Map; +import java.util.Set; public class RangerAccessResult { public final static String KEY_MASK_TYPE = "maskType"; @@ -328,11 +328,11 @@ public class RangerAccessResult { return StringUtils.isNotEmpty(getFilterExpr()); } - public List getDatasets() { - return additionalInfo == null ? null : (List) additionalInfo.get(KEY_DATASETS); + public Set getDatasets() { + return additionalInfo == null ? null : (Set) additionalInfo.get(KEY_DATASETS); } - public void setDatasets(List datasets) { + public void setDatasets(Set datasets) { if (datasets == null) { removeAdditionalInfo(KEY_DATASETS); } else { @@ -340,11 +340,11 @@ public class RangerAccessResult { } } - public List getProjects() { - return additionalInfo == null ? null : (List) additionalInfo.get(KEY_PROJECTS); + public Set getProjects() { + return additionalInfo == null ? null : (Set) additionalInfo.get(KEY_PROJECTS); } - public void setProjects(List projects) { + public void setProjects(Set projects) { if (projects == null) { removeAdditionalInfo(KEY_PROJECTS); } else { diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java index 868122869..e268fff38 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java @@ -1154,8 +1154,8 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine { result.setIsAudited(true); } - result.setDatasets(gdsResult.getDatasetNames()); - result.setProjects(gdsResult.getProjectNames()); + result.setDatasets(gdsResult.getDatasets()); + result.setProjects(gdsResult.getProjects()); } else { if (LOG.isDebugEnabled()) { LOG.debug("updateFromGdsResult(): no GdsAccessResult found in request context({})", request); diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java index 2d0ec0379..b2158579f 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java @@ -22,75 +22,41 @@ package org.apache.ranger.plugin.policyengine.gds; import java.util.*; public class GdsAccessResult { -private Setdatasets; -private Setprojects; -private List datasetNames; -private List projectNames; -private boolean isAllowed; -
(ranger) branch RANGER-3923 updated: RANGER-4269: gds enricher implementation to grant access using dataset/project policies
This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-3923 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/RANGER-3923 by this push: new 3842fd756 RANGER-4269: gds enricher implementation to grant access using dataset/project policies 3842fd756 is described below commit 3842fd75656c3dbf06328a501093ddae0ad3623b Author: Madhan Neethiraj AuthorDate: Wed Nov 8 14:36:20 2023 -0800 RANGER-4269: gds enricher implementation to grant access using dataset/project policies --- .../plugin/contextenricher/RangerGdsEnricher.java | 126 +-- .../model/RangerPolicyResourceSignature.java | 26 ++ .../model/validation/RangerServiceDefHelper.java | 56 +++ .../plugin/policyengine/RangerAccessResult.java| 36 +- .../policyengine/RangerPolicyEngineImpl.java | 39 +++ .../policyengine/RangerPolicyEngineOptions.java| 6 + .../plugin/policyengine/gds/GdsAccessResult.java | 174 ++ .../policyengine/gds/GdsDataShareEvaluator.java| 164 + .../policyengine/gds/GdsDatasetEvaluator.java | 175 ++ .../plugin/policyengine/gds/GdsDipEvaluator.java | 69 .../plugin/policyengine/gds/GdsDshidEvaluator.java | 69 .../plugin/policyengine/gds/GdsPolicyEngine.java | 298 .../policyengine/gds/GdsProjectEvaluator.java | 160 + .../gds/GdsSharedResourceEvaluator.java| 179 ++ .../RangerCustomConditionEvaluator.java| 28 ++ .../plugin/util/RangerAccessRequestUtil.java | 29 ++ .../apache/ranger/plugin/util/ServiceGdsInfo.java | 78 + .../plugin/policyengine/TestRangerAuthContext.java | 5 +- .../policyengine/gds/TestGdsPolicyEngine.java | 131 +++ .../gds/test_gds_policy_engine_hive.json | 381 + .../java/org/apache/ranger/biz/GdsDBStore.java | 9 + .../service/RangerGdsSharedResourceService.java| 2 +- 22 files changed, 2059 insertions(+), 181 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java index da51b9d85..8a7936766 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java @@ -22,17 +22,14 @@ package org.apache.ranger.plugin.contextenricher; import org.apache.commons.lang3.StringUtils; import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; +import org.apache.ranger.plugin.policyengine.gds.GdsAccessResult; +import org.apache.ranger.plugin.policyengine.gds.GdsPolicyEngine; import org.apache.ranger.plugin.service.RangerAuthContext; import org.apache.ranger.plugin.util.DownloadTrigger; import org.apache.ranger.plugin.util.DownloaderTask; import org.apache.ranger.plugin.util.JsonUtilsV2; +import org.apache.ranger.plugin.util.RangerAccessRequestUtil; import org.apache.ranger.plugin.util.ServiceGdsInfo; -import org.apache.ranger.plugin.util.ServiceGdsInfo.DatasetInfo; -import org.apache.ranger.plugin.util.ServiceGdsInfo.DatasetInProjectInfo; -import org.apache.ranger.plugin.util.ServiceGdsInfo.DataShareInfo; -import org.apache.ranger.plugin.util.ServiceGdsInfo.DataShareInDatasetInfo; -import org.apache.ranger.plugin.util.ServiceGdsInfo.ProjectInfo; -import org.apache.ranger.plugin.util.ServiceGdsInfo.SharedResourceInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -50,7 +47,7 @@ public class RangerGdsEnricher extends RangerAbstractContextEnricher { private RangerGdsInfoRetriever gdsInfoRetriever; private RangerGdsInfoRefresher gdsInfoRefresher; private RangerServiceDefHelper serviceDefHelper; -private EnhancedGdsInfogdsInfo = null; +private GdsPolicyEnginegdsPolicyEngine = null; @Override public void init() { @@ -145,24 +142,26 @@ public class RangerGdsEnricher extends RangerAbstractContextEnricher { public void enrich(RangerAccessRequest request, Object dataStore) { LOG.debug("==> RangerGdsEnricher.enrich({}, {})", request, dataStore); -EnhancedGdsInfo gdsInfo = (dataStore instanceof EnhancedGdsInfo) ? (EnhancedGdsInfo) dataStore : this.gdsInfo; +GdsPolicyEngine policyEngine = (dataStore instanceof GdsPolicyEngine) ? (GdsPolicyEngine) dataStore : this.gdsPolicyEngine; -LOG.debug("RangerGdsEnricher.enrich(): using gdsInfo={}", gdsInfo); +LOG.debug("RangerGdsEnricher.enrich(): using policyEngine={}", policyEngine); -// TODO: +GdsAccessResult result = policyEngine != null ? policyEngine.evaluate(request) : null; + +