subject:"\(ranger\) branch RANGER\-3923 updated\: RANGER\-4269\: gds enricher implementation to grant access using dataset\/project policies"

(ranger) branch RANGER-3923 updated: RANGER-4269: gds enricher implementation to grant access using dataset/project policies - #2

2023-11-08 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/RANGER-3923 by this push:
 new 4f362e1bf RANGER-4269: gds enricher implementation to grant access 
using dataset/project policies - #2
4f362e1bf is described below

commit 4f362e1bf948db8a5e5726876c945be484842c05
Author: Madhan Neethiraj 
AuthorDate: Wed Nov 8 18:51:13 2023 -0800

RANGER-4269: gds enricher implementation to grant access using 
dataset/project policies - #2
---
 .../plugin/policyengine/RangerAccessResult.java|  14 +--
 .../policyengine/RangerPolicyEngineImpl.java   |   4 +-
 .../plugin/policyengine/gds/GdsAccessResult.java   |  64 +++-
 .../policyengine/gds/GdsDataShareEvaluator.java|  17 ++--
 .../policyengine/gds/GdsDatasetEvaluator.java  |  19 ++--
 .../plugin/policyengine/gds/GdsPolicyEngine.java   | 110 -
 .../policyengine/gds/GdsProjectEvaluator.java  |  10 +-
 .../gds/test_gds_policy_engine_hive.json   |  46 -
 8 files changed, 130 insertions(+), 154 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
index 69e8ed9fc..402cbda68 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
@@ -25,8 +25,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.util.ServiceDefUtil;
 
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 public class RangerAccessResult {
public  final static String KEY_MASK_TYPE  = "maskType";
@@ -328,11 +328,11 @@ public class RangerAccessResult {
return StringUtils.isNotEmpty(getFilterExpr());
}
 
-   public List getDatasets() {
-   return additionalInfo == null ? null : (List) 
additionalInfo.get(KEY_DATASETS);
+   public Set getDatasets() {
+   return additionalInfo == null ? null : (Set) 
additionalInfo.get(KEY_DATASETS);
}
 
-   public void setDatasets(List datasets) {
+   public void setDatasets(Set datasets) {
if (datasets == null) {
removeAdditionalInfo(KEY_DATASETS);
} else {
@@ -340,11 +340,11 @@ public class RangerAccessResult {
}
}
 
-   public List getProjects() {
-   return additionalInfo == null ? null : (List) 
additionalInfo.get(KEY_PROJECTS);
+   public Set getProjects() {
+   return additionalInfo == null ? null : (Set) 
additionalInfo.get(KEY_PROJECTS);
}
 
-   public void setProjects(List projects) {
+   public void setProjects(Set projects) {
if (projects == null) {
removeAdditionalInfo(KEY_PROJECTS);
} else {
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index 868122869..e268fff38 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -1154,8 +1154,8 @@ public class RangerPolicyEngineImpl implements 
RangerPolicyEngine {
result.setIsAudited(true);
}
 
-   result.setDatasets(gdsResult.getDatasetNames());
-   result.setProjects(gdsResult.getProjectNames());
+   result.setDatasets(gdsResult.getDatasets());
+   result.setProjects(gdsResult.getProjects());
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("updateFromGdsResult(): no 
GdsAccessResult found in request context({})", request);
diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
index 2d0ec0379..b2158579f 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java
@@ -22,75 +22,41 @@ package org.apache.ranger.plugin.policyengine.gds;
 import java.util.*;
 
 public class GdsAccessResult {
-private Setdatasets;
-private Setprojects;
-private List datasetNames;
-private List projectNames;
-private boolean  isAllowed;
-

(ranger) branch RANGER-3923 updated: RANGER-4269: gds enricher implementation to grant access using dataset/project policies

2023-11-08 Thread madhan

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/RANGER-3923 by this push:
 new 3842fd756 RANGER-4269: gds enricher implementation to grant access 
using dataset/project policies
3842fd756 is described below

commit 3842fd75656c3dbf06328a501093ddae0ad3623b
Author: Madhan Neethiraj 
AuthorDate: Wed Nov 8 14:36:20 2023 -0800

RANGER-4269: gds enricher implementation to grant access using 
dataset/project policies
---
 .../plugin/contextenricher/RangerGdsEnricher.java  | 126 +--
 .../model/RangerPolicyResourceSignature.java   |  26 ++
 .../model/validation/RangerServiceDefHelper.java   |  56 +++
 .../plugin/policyengine/RangerAccessResult.java|  36 +-
 .../policyengine/RangerPolicyEngineImpl.java   |  39 +++
 .../policyengine/RangerPolicyEngineOptions.java|   6 +
 .../plugin/policyengine/gds/GdsAccessResult.java   | 174 ++
 .../policyengine/gds/GdsDataShareEvaluator.java| 164 +
 .../policyengine/gds/GdsDatasetEvaluator.java  | 175 ++
 .../plugin/policyengine/gds/GdsDipEvaluator.java   |  69 
 .../plugin/policyengine/gds/GdsDshidEvaluator.java |  69 
 .../plugin/policyengine/gds/GdsPolicyEngine.java   | 298 
 .../policyengine/gds/GdsProjectEvaluator.java  | 160 +
 .../gds/GdsSharedResourceEvaluator.java| 179 ++
 .../RangerCustomConditionEvaluator.java|  28 ++
 .../plugin/util/RangerAccessRequestUtil.java   |  29 ++
 .../apache/ranger/plugin/util/ServiceGdsInfo.java  |  78 +
 .../plugin/policyengine/TestRangerAuthContext.java |   5 +-
 .../policyengine/gds/TestGdsPolicyEngine.java  | 131 +++
 .../gds/test_gds_policy_engine_hive.json   | 381 +
 .../java/org/apache/ranger/biz/GdsDBStore.java |   9 +
 .../service/RangerGdsSharedResourceService.java|   2 +-
 22 files changed, 2059 insertions(+), 181 deletions(-)

diff --git 
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java
 
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java
index da51b9d85..8a7936766 100644
--- 
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java
+++ 
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java
@@ -22,17 +22,14 @@ package org.apache.ranger.plugin.contextenricher;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.gds.GdsAccessResult;
+import org.apache.ranger.plugin.policyengine.gds.GdsPolicyEngine;
 import org.apache.ranger.plugin.service.RangerAuthContext;
 import org.apache.ranger.plugin.util.DownloadTrigger;
 import org.apache.ranger.plugin.util.DownloaderTask;
 import org.apache.ranger.plugin.util.JsonUtilsV2;
+import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
 import org.apache.ranger.plugin.util.ServiceGdsInfo;
-import org.apache.ranger.plugin.util.ServiceGdsInfo.DatasetInfo;
-import org.apache.ranger.plugin.util.ServiceGdsInfo.DatasetInProjectInfo;
-import org.apache.ranger.plugin.util.ServiceGdsInfo.DataShareInfo;
-import org.apache.ranger.plugin.util.ServiceGdsInfo.DataShareInDatasetInfo;
-import org.apache.ranger.plugin.util.ServiceGdsInfo.ProjectInfo;
-import org.apache.ranger.plugin.util.ServiceGdsInfo.SharedResourceInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -50,7 +47,7 @@ public class RangerGdsEnricher extends 
RangerAbstractContextEnricher {
 private RangerGdsInfoRetriever gdsInfoRetriever;
 private RangerGdsInfoRefresher gdsInfoRefresher;
 private RangerServiceDefHelper serviceDefHelper;
-private EnhancedGdsInfogdsInfo = null;
+private GdsPolicyEnginegdsPolicyEngine = null;
 
 @Override
 public void init() {
@@ -145,24 +142,26 @@ public class RangerGdsEnricher extends 
RangerAbstractContextEnricher {
 public void enrich(RangerAccessRequest request, Object dataStore) {
 LOG.debug("==> RangerGdsEnricher.enrich({}, {})", request, dataStore);
 
-EnhancedGdsInfo gdsInfo = (dataStore instanceof EnhancedGdsInfo) ? 
(EnhancedGdsInfo) dataStore : this.gdsInfo;
+GdsPolicyEngine policyEngine = (dataStore instanceof GdsPolicyEngine) 
? (GdsPolicyEngine) dataStore : this.gdsPolicyEngine;
 
-LOG.debug("RangerGdsEnricher.enrich(): using gdsInfo={}", gdsInfo);
+LOG.debug("RangerGdsEnricher.enrich(): using policyEngine={}", 
policyEngine);
 
-// TODO:
+GdsAccessResult result = policyEngine != null ? 
policyEngine.evaluate(request) : null;
+
+

(ranger) branch RANGER-3923 updated: RANGER-4269: gds enricher implementation to grant access using dataset/project policies - #2

(ranger) branch RANGER-3923 updated: RANGER-4269: gds enricher implementation to grant access using dataset/project policies

2 matches

Site Navigation

Mail list logo

Footer information