ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ab...@apache.org
Subject ranger git commit: RANGER-1494: Policy engine updates to support tag-based masking policies - disable rowfilterdef
Date Thu, 22 Jun 2017 22:34:45 GMT
Repository: ranger
Updated Branches:
  refs/heads/master fd9abc800 -> 51a96a86e


RANGER-1494: Policy engine updates to support tag-based masking policies - disable rowfilterdef


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/51a96a86
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/51a96a86
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/51a96a86

Branch: refs/heads/master
Commit: 51a96a86e88fb545b392704c4ddffe1e4957ff42
Parents: fd9abc8
Author: Abhay Kulkarni <akulkarni@hortonworks.com>
Authored: Thu Jun 22 15:34:25 2017 -0700
Committer: Abhay Kulkarni <akulkarni@hortonworks.com>
Committed: Thu Jun 22 15:34:25 2017 -0700

----------------------------------------------------------------------
 .../plugin/store/AbstractServiceStore.java      | 50 ++++++++++++--------
 1 file changed, 31 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/51a96a86/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
index 0b3ac60..69ded6d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -23,6 +23,7 @@ import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
 import org.apache.ranger.plugin.model.RangerBaseModelObject;
 import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerService;
@@ -41,6 +42,10 @@ public abstract class AbstractServiceStore implements ServiceStore {
 
 	public static final String COMPONENT_ACCESSTYPE_SEPARATOR = ":";
 
+	private static final String AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP = "ranger.servicedef.autopropagate.rowfilterdef.to.tag";
+
+	private static final boolean AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT = false;
+
 	private static final int MAX_ACCESS_TYPES_IN_SERVICE_DEF = 1000;
 
 	// when a service-def is updated, the updated service-def should be made available to plugins
@@ -349,6 +354,7 @@ public abstract class AbstractServiceStore implements ServiceStore {
 		tagServiceDef.getAccessTypes().removeAll(accessTypes);
 
 		updateTagServiceDefForDeletingDataMaskDef(tagServiceDef, serviceDefName);
+
 		updateTagServiceDefForDeletingRowFilterDef(tagServiceDef, serviceDefName);
 
 		updateResourceInTagServiceDef(tagServiceDef);
@@ -509,19 +515,22 @@ public abstract class AbstractServiceStore implements ServiceStore {
 		}
 		boolean ret = false;
 
-		RangerServiceDef.RangerRowFilterDef svcRowFilterDef = serviceDef.getRowFilterDef();
-		RangerServiceDef.RangerRowFilterDef tagRowFilterDef = tagServiceDef.getRowFilterDef();
+		boolean autopropagateRowfilterdefToTag = RangerConfiguration.getInstance().getBoolean(AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP,
AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT);
 
-		List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = svcRowFilterDef.getAccessTypes();
-		List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes = tagRowFilterDef.getAccessTypes();
+		if (autopropagateRowfilterdefToTag) {
+			RangerServiceDef.RangerRowFilterDef svcRowFilterDef = serviceDef.getRowFilterDef();
+			RangerServiceDef.RangerRowFilterDef tagRowFilterDef = tagServiceDef.getRowFilterDef();
 
-		boolean tagRowFilterAccessTypesUpdated = updateTagAccessTypeDefs(svcDefAccessTypes, tagDefAccessTypes,
itemIdOffset, prefix);
+			List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = svcRowFilterDef.getAccessTypes();
+			List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes = tagRowFilterDef.getAccessTypes();
 
-		if (tagRowFilterAccessTypesUpdated) {
-			tagRowFilterDef.setAccessTypes(tagDefAccessTypes);
-			ret = true;
-		}
+			boolean tagRowFilterAccessTypesUpdated = updateTagAccessTypeDefs(svcDefAccessTypes, tagDefAccessTypes,
itemIdOffset, prefix);
 
+			if (tagRowFilterAccessTypesUpdated) {
+				tagRowFilterDef.setAccessTypes(tagDefAccessTypes);
+				ret = true;
+			}
+		}
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("<== AbstractServiceStore.updateTagServiceDefForUpdatingRowFilterDef(" +
serviceDef.getName() + ") : " + ret);
 		}
@@ -586,15 +595,18 @@ public abstract class AbstractServiceStore implements ServiceStore {
 		RangerServiceDef.RangerRowFilterDef rowFilterDef = tagServiceDef.getRowFilterDef();
 
 		if (rowFilterDef != null) {
-			if (CollectionUtils.isNotEmpty(rowFilterDef.getAccessTypes())) {
-				if (CollectionUtils.isEmpty(rowFilterDef.getResources())) {
-					rowFilterDef.setResources(resources);
-					ret = true;
-				}
-			} else {
-				if (CollectionUtils.isNotEmpty(rowFilterDef.getResources())) {
-					rowFilterDef.setResources(null);
-					ret = true;
+			boolean autopropagateRowfilterdefToTag = RangerConfiguration.getInstance().getBoolean(AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP,
AUTOPROPAGATE_ROWFILTERDEF_TO_TAG_PROP_DEFAULT);
+			if (autopropagateRowfilterdefToTag) {
+				if (CollectionUtils.isNotEmpty(rowFilterDef.getAccessTypes())) {
+					if (CollectionUtils.isEmpty(rowFilterDef.getResources())) {
+						rowFilterDef.setResources(resources);
+						ret = true;
+					}
+				} else {
+					if (CollectionUtils.isNotEmpty(rowFilterDef.getResources())) {
+						rowFilterDef.setResources(null);
+						ret = true;
+					}
 				}
 			}
 		}
@@ -604,4 +616,4 @@ public abstract class AbstractServiceStore implements ServiceStore {
 		}
 		return ret;
 	}
-}
\ No newline at end of file
+}


Mime
View raw message