This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push:
new 5103c4df0 RANGER-4470: renamed defaultMasks to defaultTagMasks in
RangerDataShare, subResourceNames to subResource in RangerSharedResource
5103c4df0 is described below
commit 5103c4df08a13e83d11e46228f48a6a8249d88c2
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Tue Oct 10 08:34:33 2023 -0700
RANGER-4470: renamed defaultMasks to defaultTagMasks in RangerDataShare,
subResourceNames to subResource in RangerSharedResource
---
.../ranger/authorization/utils/JsonUtils.java | 19 ++++-
.../org/apache/ranger/plugin/model/RangerGds.java | 95 ++++++++++++++++++----
.../main/python/apache_ranger/model/ranger_gds.py | 27 +++++-
.../src/main/python/sample_gds_client.py | 10 ++-
.../optimized/current/ranger_core_db_mysql.sql | 5 +-
.../optimized/current/ranger_core_db_postgres.sql | 5 +-
.../java/org/apache/ranger/biz/GdsDBStore.java | 4 +-
.../org/apache/ranger/entity/XXGdsDataShare.java | 14 ++--
.../apache/ranger/entity/XXGdsSharedResource.java | 23 ++++--
.../ranger/service/RangerGdsDataShareService.java | 4 +-
.../service/RangerGdsSharedResourceService.java | 6 +-
.../ranger/validation/RangerGdsValidator.java | 10 ++-
12 files changed, 165 insertions(+), 57 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
b/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
index e3c45c1ff..716a1a9ea 100644
---
a/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
+++
b/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
@@ -24,6 +24,7 @@ import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.model.AuditFilter;
+import org.apache.ranger.plugin.model.RangerGds.RangerTagDataMaskInfo;
import org.apache.ranger.plugin.model.RangerPrincipal;
import org.apache.ranger.plugin.model.RangerValidityRecurrence;
import org.apache.ranger.plugin.model.RangerValiditySchedule;
@@ -47,6 +48,7 @@ public class JsonUtils {
private static final Type TYPE_LIST_AUDIT_FILTER = new
TypeToken<List<AuditFilter>>() {}.getType();
private static final Type TYPE_LIST_RANGER_VALIDITY_RECURRENCE = new
TypeToken<List<RangerValidityRecurrence>>() {}.getType();
private static final Type TYPE_LIST_RANGER_PRINCIPAL = new
TypeToken<List<RangerPrincipal>>() {}.getType();
+ private static final Type TYPE_LIST_RANGER_TAG_MASK_INFO = new
TypeToken<List<RangerTagDataMaskInfo>>() {}.getType();
private static final Type TYPE_MAP_RANGER_MASK_INFO = new
TypeToken<Map<String, RangerPolicyItemDataMaskInfo>>() {}.getType();
private static final Type TYPE_MAP_RANGER_POLICY_RESOURCE = new
TypeToken<Map<String, RangerPolicyResource>>() {}.getType();
@@ -164,7 +166,7 @@ public class JsonUtils {
try {
return gson.get().fromJson(jsonStr, TYPE_LIST_AUDIT_FILTER);
} catch (Exception e) {
- LOG.error("failed to create audit filters from: " + jsonStr, e);
+ LOG.error("Cannot get List<AuditFilter> from " + jsonStr, e);
return null;
}
}
@@ -182,7 +184,7 @@ public class JsonUtils {
try {
return gson.get().fromJson(jsonStr, TYPE_LIST_RANGER_PRINCIPAL);
} catch (Exception e) {
- LOG.error("Cannot get List<RangerValidityRecurrence> from " +
jsonStr, e);
+ LOG.error("Cannot get List<RangerPrincipal> from " + jsonStr, e);
return null;
}
}
@@ -191,7 +193,16 @@ public class JsonUtils {
try {
return gson.get().fromJson(jsonStr, TYPE_MAP_RANGER_MASK_INFO);
} catch (Exception e) {
- LOG.error("Cannot get List<RangerValidityRecurrence> from " +
jsonStr, e);
+ LOG.error("Cannot get Map<String, RangerPolicyItemDataMaskInfo>
from " + jsonStr, e);
+ return null;
+ }
+ }
+
+ public static List<RangerTagDataMaskInfo> jsonToListTagMaskInfo(String
jsonStr) {
+ try {
+ return gson.get().fromJson(jsonStr,
TYPE_LIST_RANGER_TAG_MASK_INFO);
+ } catch (Exception e) {
+ LOG.error("Cannot get List<RangerTagDataMaskInfo> from " +
jsonStr, e);
return null;
}
}
@@ -200,7 +211,7 @@ public class JsonUtils {
try {
return gson.get().fromJson(jsonStr,
TYPE_MAP_RANGER_POLICY_RESOURCE);
} catch (Exception e) {
- LOG.error("Cannot get List<RangerValidityRecurrence> from " +
jsonStr, e);
+ LOG.error("Cannot get Map<String, RangerPolicyResource> from " +
jsonStr, e);
return null;
}
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
index 105044f08..d10a70f23 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
@@ -171,14 +171,14 @@ public class RangerGds {
public static class RangerDataShare extends RangerGdsBaseModelObject
implements java.io.Serializable {
private static final long serialVersionUID = 1L;
- private String name;
- private RangerGdsObjectACL acl;
- private String service;
- private String zone;
- private String conditionExpr;
- private Set<String> defaultAccessTypes;
- private Map<String, RangerPolicyItemDataMaskInfo> defaultMasks;
- private String termsOfUse;
+ private String name;
+ private RangerGdsObjectACL acl;
+ private String service;
+ private String zone;
+ private String conditionExpr;
+ private Set<String> defaultAccessTypes;
+ private List<RangerTagDataMaskInfo> defaultTagMasks;
+ private String termsOfUse;
public RangerDataShare() { }
@@ -210,12 +210,12 @@ public class RangerGds {
this.defaultAccessTypes = defaultAccessTypes;
}
- public Map<String, RangerPolicyItemDataMaskInfo> getDefaultMasks() {
- return defaultMasks;
+ public List<RangerTagDataMaskInfo> getDefaultTagMasks() {
+ return defaultTagMasks;
}
- public void setDefaultMasks(Map<String, RangerPolicyItemDataMaskInfo>
defaultMasks) {
- this.defaultMasks = defaultMasks;
+ public void setDefaultTagMasks(List<RangerTagDataMaskInfo>
defaultTagMasks) {
+ this.defaultTagMasks = defaultTagMasks;
}
public String getTermsOfUse() { return termsOfUse; }
@@ -234,7 +234,7 @@ public class RangerGds {
.append("zone={").append(zone).append("} ")
.append("conditionExpr={").append(conditionExpr).append("} ")
.append("defaultAccessTypes={").append(defaultAccessTypes).append("} ")
- .append("defaultMasks={").append(defaultMasks).append("} ")
+ .append("defaultTagMasks={").append(defaultTagMasks).append("} ")
.append("termsOfUse={").append(termsOfUse).append("} ")
.append("}");
@@ -248,7 +248,8 @@ public class RangerGds {
private String name;
private Long dataShareId;
private Map<String, RangerPolicyResource> resource;
- private List<String> subResourceNames;
+ private RangerPolicyResource subResource;
+ private String subResourceType;
private String conditionExpr;
private Set<String> accessTypes;
private RangerPolicyItemRowFilterInfo rowFilter;
@@ -269,9 +270,13 @@ public class RangerGds {
public void setResource(Map<String, RangerPolicyResource> resource) {
this.resource = resource; }
- public List<String> getSubResourceNames() { return subResourceNames; }
+ public RangerPolicyResource getSubResource() { return subResource; }
+
+ public void setSubResource(RangerPolicyResource subResource) {
this.subResource = subResource; }
- public void setSubResourceNames(List<String> subResourceNames) {
this.subResourceNames = subResourceNames; }
+ public String getSubResourceType() { return subResourceType; }
+
+ public void setSubResourceType(String subResourceType) {
this.subResourceType = subResourceType; }
public String getConditionExpr() { return conditionExpr; }
@@ -305,7 +310,8 @@ public class RangerGds {
sb.append("name").append(name).append("} ")
.append("dataShareId={").append(dataShareId).append("} ")
.append("resource={").append(resource).append("} ")
- .append("subResourceNames={").append(subResourceNames).append("}
")
+ .append("subResource={").append(subResource).append("} ")
+ .append("subResourceType={").append(subResourceType).append("} ")
.append("conditionExpr={").append(conditionExpr).append("} ")
.append("accessTypes={").append(accessTypes).append("} ")
.append("rowFilterInfo={").append(rowFilter).append("} ")
@@ -481,6 +487,61 @@ public class RangerGds {
}
}
+ @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
+ @JsonSerialize(include = JsonSerialize.Inclusion.NON_EMPTY)
+ @JsonIgnoreProperties(ignoreUnknown = true)
+ @XmlRootElement
+ @XmlAccessorType(XmlAccessType.FIELD)
+ public static class RangerTagDataMaskInfo implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String tagName;
+ private String conditionExpr;
+ private RangerPolicyItemDataMaskInfo maskInfo;
+
+ public RangerTagDataMaskInfo() { }
+
+ public String getTagName() {
+ return tagName;
+ }
+
+ public void setTagName(String tagName) {
+ this.tagName = tagName;
+ }
+
+ public String getConditionExpr() {
+ return conditionExpr;
+ }
+
+ public void setConditionExpr(String conditionExpr) {
+ this.conditionExpr = conditionExpr;
+ }
+
+ public RangerPolicyItemDataMaskInfo getMaskInfo() {
+ return maskInfo;
+ }
+
+ public void setMaskInfo(RangerPolicyItemDataMaskInfo maskInfo) {
+ this.maskInfo = maskInfo;
+ }
+
+ @Override
+ public String toString() {
+ return toString(new StringBuilder()).toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("RangerTagDataMaskInfo={");
+
+ sb.append("tagName={").append(tagName).append("} ")
+ .append("conditionExpr={").append(conditionExpr).append("} ")
+ .append("maskInfo={").append(maskInfo).append("} ")
+ .append("}");
+
+ return sb;
+ }
+ }
+
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
@JsonSerialize(include = JsonSerialize.Inclusion.NON_EMPTY)
@JsonIgnoreProperties(ignoreUnknown = true)
diff --git a/intg/src/main/python/apache_ranger/model/ranger_gds.py
b/intg/src/main/python/apache_ranger/model/ranger_gds.py
index f93d5eef0..d2dafd7d5 100644
--- a/intg/src/main/python/apache_ranger/model/ranger_gds.py
+++ b/intg/src/main/python/apache_ranger/model/ranger_gds.py
@@ -119,14 +119,14 @@ class RangerDataShare(RangerGdsBaseModelObject):
self.zone = attrs.get('zone')
self.conditionExpr = attrs.get('conditionExpr')
self.defaultAccessTypes = attrs.get('defaultAccessTypes')
- self.defaultMasks = attrs.get('defaultMasks')
+ self.defaultTagMasks = attrs.get('defaultTagMasks')
self.termsOfUse = attrs.get('termsOfUse')
def type_coerce_attrs(self):
super(RangerDataShare, self).type_coerce_attrs()
- self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL)
- self.defaultMasks = type_coerce_dict(self.defaultMasks,
RangerPolicyItemDataMaskInfo)
+ self.acl = type_coerce_dict(self.acl, RangerGdsObjectACL)
+ self.defaultTagMasks = type_coerce_list(self.defaultTagMasks,
RangerTagDataMaskInfo)
class RangerSharedResource(RangerBaseModelObject):
@@ -139,7 +139,8 @@ class RangerSharedResource(RangerBaseModelObject):
self.name = attrs.get('name')
self.dataShareId = attrs.get('dataShareId')
self.resource = attrs.get('resource')
- self.subResourceNames = attrs.get('subResourceNames')
+ self.subResource = attrs.get('subResource')
+ self.subResourceType = attrs.get('subResourceType')
self.conditionExpr = attrs.get('conditionExpr')
self.accessTypes = attrs.get('accessTypes')
self.rowFilter = attrs.get('rowFilter')
@@ -150,6 +151,7 @@ class RangerSharedResource(RangerBaseModelObject):
super(RangerSharedResource, self).type_coerce_attrs()
self.resource = type_coerce_dict(self.resource,
RangerPolicyResource)
+ self.subResource = type_coerce(self.subResource,
RangerPolicyResource)
self.rowFilter = type_coerce(self.rowFilter,
RangerPolicyItemRowFilterInfo)
self.subResourceMasks = type_coerce_dict(self.subResourceMasks,
RangerPolicyItemDataMaskInfo)
@@ -213,6 +215,23 @@ class RangerGdsObjectACL(RangerBase):
self.roles = type_coerce_dict(self.roles, GdsPermission)
+class RangerTagDataMaskInfo(RangerBase):
+ def __init__(self, attrs=None):
+ if attrs is None:
+ attrs = {}
+
+ RangerBase.__init__(self, attrs)
+
+ self.tagName = attrs.get('tagName')
+ self.conditionExpr = attrs.get('conditionExpr')
+ self.maskInfo = attrs.get('maskInfo')
+
+ def type_coerce_attrs(self):
+ super(RangerTagDataMaskInfo, self).type_coerce_attrs()
+
+ self.maskInfo = type_coerce(self.maskInfo,
RangerPolicyItemDataMaskInfo)
+
+
class DataShareInDatasetSummary(RangerBaseModelObject):
def __init__(self, attrs=None):
if attrs is None:
diff --git a/ranger-examples/sample-client/src/main/python/sample_gds_client.py
b/ranger-examples/sample-client/src/main/python/sample_gds_client.py
index ceca4ac02..ee6d43adc 100644
--- a/ranger-examples/sample-client/src/main/python/sample_gds_client.py
+++ b/ranger-examples/sample-client/src/main/python/sample_gds_client.py
@@ -43,14 +43,14 @@ hive_share_1.service = 'dev_hive'
hive_share_1.zone = None
hive_share_1.conditionExpr = "HAS_TAG('SCAN_COMPLETE')"
hive_share_1.defaultAccessTypes = [ '_READ' ]
-hive_share_1.defaultMasks = { 'HAS_TAG("PII")': { 'dataMaskType': 'MASK'
} }
+hive_share_1.defaultTagMasks = [ { 'tagName': 'PII', 'maskInfo': {
'dataMaskType': 'MASK' } } ]
hdfs_share_1 = RangerDataShare({ 'name': 'datashare-2', 'description': 'the
second datashare!', 'acl': { 'groups': { 'finance': GdsPermission.ADMIN } },
'termsOfUse': None })
hdfs_share_1.service = 'dev_hdfs'
hdfs_share_1.zone = None
hdfs_share_1.conditionExpr = "HAS_TAG('SCAN_COMPLETE')"
hdfs_share_1.defaultAccessTypes = [ '_READ' ]
-hdfs_share_1.defaultMasks = None
+hdfs_share_1.defaultTagMasks = None
print(f'Creating dataset: name={dataset_1.name}')
dataset_1 = gds.create_dataset(dataset_1)
@@ -79,7 +79,8 @@ print(f' created data_share: {hdfs_share_1}')
hive_resource_1 = RangerSharedResource({ 'dataShareId': hive_share_1.id,
'name': 'db1.tbl1' })
hive_resource_1.resource = { 'database': { 'values': ['db1'] },
'table': { 'values': ['tbl1'] } }
-hive_resource_1.subResourceNames = [ 'col1', 'col2' ]
+hive_resource_1.subResource = { 'values': [ 'col1', 'col2' ] }
+hive_resource_1.subResourceType = 'columnn'
hive_resource_1.conditionExpr = "HAS_TAG('SCAN_COMPLETE') &&
!HAS_TAG('PII') && TAGS['DATA_QUALITY'].score > 0.8"
hive_resource_1.accessTypes = [ '_READ' ]
hive_resource_1.rowFilter = { 'filterExpr': "country = 'US'" }
@@ -88,7 +89,8 @@ hive_resource_1.profiles = [ 'GDPR', 'HIPPA' ]
hive_resource_2 = RangerSharedResource({ 'dataShareId': hive_share_1.id,
'name': 'db2.tbl2' })
hive_resource_2.resource = { 'database': { 'values': ['db2'] },
'table': { 'values': ['tbl2'] } }
-hive_resource_2.subResourceNames = [ '*' ]
+hive_resource_2.subResource = { 'values': [ '*' ] }
+hive_resource_2.subResourceType = 'column'
hive_resource_2.accessTypes = [ '_READ', '_WRITE' ]
hive_resource_2.profiles = [ 'GDPR' ]
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 331c97027..dbeeaf423 100755
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1762,7 +1762,7 @@ CREATE TABLE `x_gds_data_share`(
, `zone_id` BIGINT(20) NOT NULL
, `condition_expr` TEXT NULL
, `default_access_types` TEXT NULL
- , `default_masks` TEXT NULL
+ , `default_tag_masks` TEXT NULL
, `terms_of_use` TEXT NULL DEFAULT NULL
, `options` TEXT NULL DEFAULT NULL
, `additional_info` TEXT NULL DEFAULT NULL
@@ -1791,7 +1791,8 @@ CREATE TABLE `x_gds_shared_resource`(
, `data_share_id` BIGINT(20) NOT NULL
, `resource` TEXT NOT NULL
, `resource_signature` VARCHAR(128) NOT NULL
- , `sub_resource_names` TEXT NULL DEFAULT NULL
+ , `sub_resource` TEXT NULL DEFAULT NULL
+ , `sub_resource_type` TEXT NULL DEFAULT NULL
, `condition_expr` TEXT NULL DEFAULT NULL
, `access_types` TEXT NULL DEFAULT NULL
, `row_filter` TEXT NULL DEFAULT NULL
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index a0e6c55cc..065bae0df 100755
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1752,7 +1752,7 @@ CREATE TABLE x_gds_data_share(
, zone_id BIGINT NOT NULL
, condition_expr TEXT NULL
, default_access_types TEXT NULL
- , default_masks TEXT NULL
+ , default_tag_masks TEXT NULL
, terms_of_use TEXT NULL DEFAULT NULL
, options TEXT NULL DEFAULT NULL
, additional_info TEXT NULL DEFAULT NULL
@@ -1783,7 +1783,8 @@ CREATE TABLE x_gds_shared_resource(
, data_share_id BIGINT NOT NULL
, resource TEXT NOT NULL
, resource_signature VARCHAR(128) NOT NULL
- , sub_resource_names TEXT NULL DEFAULT NULL
+ , sub_resource TEXT NULL DEFAULT NULL
+ , sub_resource_type TEXT NULL DEFAULT NULL
, condition_expr TEXT NULL DEFAULT NULL
, access_types TEXT NULL DEFAULT NULL
, row_filter TEXT NULL DEFAULT NULL
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
index eaa335753..9feb978ef 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
@@ -988,8 +988,8 @@ public class GdsDBStore extends AbstractGdsStore {
.map(RangerPolicyResource::getValues).filter(Objects::nonNull)
.anyMatch(res ->
hasResource(res, resourceContains));
- if (!includeResource &&
CollectionUtils.isNotEmpty(sharedResource.getSubResourceNames())) {
- includeResource =
sharedResource.getSubResourceNames().stream().filter(Objects::nonNull)
+ if (!includeResource &&
sharedResource.getSubResource() != null &&
CollectionUtils.isNotEmpty(sharedResource.getSubResource().getValues())) {
+ includeResource =
sharedResource.getSubResource().getValues().stream().filter(Objects::nonNull)
.anyMatch(value -> value.contains(resourceContains));
}
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java
index 1d2f6a189..3ab96e29c 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java
@@ -70,8 +70,8 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
@Column(name = "default_access_types")
protected String defaultAccessTypes;
- @Column(name = "default_masks")
- protected String defaultMasks;
+ @Column(name = "default_tag_masks")
+ protected String defaultTagMasks;
@Column(name = "terms_of_use")
protected String termsOfUse;
@@ -129,9 +129,9 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
public void setDefaultAccessTypes(String defaultAccessTypes) {
this.defaultAccessTypes = defaultAccessTypes; }
- public String getDefaultMasks() { return defaultMasks; }
+ public String getDefaultTagMasks() { return defaultTagMasks; }
- public void setDefaultMasks(String defaultMasks) { this.defaultMasks =
defaultMasks; }
+ public void setDefaultTagMasks(String defaultMasks) {this.defaultTagMasks
= defaultMasks; }
public String getTermsOfUse() { return termsOfUse; }
@@ -150,7 +150,7 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
@Override
public int hashCode() {
- return Objects.hash(id, guid, version, isEnabled, serviceId, zoneId,
name, description, acl, conditionExpr, defaultAccessTypes, defaultMasks,
termsOfUse, options, additionalInfo);
+ return Objects.hash(id, guid, version, isEnabled, serviceId, zoneId,
name, description, acl, conditionExpr, defaultAccessTypes, defaultTagMasks,
termsOfUse, options, additionalInfo);
}
@Override
@@ -176,7 +176,7 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
Objects.equals(acl, other.acl) &&
Objects.equals(conditionExpr, other.conditionExpr) &&
Objects.equals(defaultAccessTypes, other.defaultAccessTypes) &&
- Objects.equals(defaultMasks, other.defaultMasks) &&
+ Objects.equals(defaultTagMasks, other.defaultTagMasks) &&
Objects.equals(termsOfUse, other.termsOfUse) &&
Objects.equals(options, other.options) &&
Objects.equals(additionalInfo, other.additionalInfo);
@@ -201,7 +201,7 @@ public class XXGdsDataShare extends XXDBBase implements
Serializable {
.append("acl={").append(acl).append("} ")
.append("conditionExpr={").append(conditionExpr).append("} ")
.append("defaultAccessTypes={").append(defaultAccessTypes).append("}
")
- .append("defaultMasks={").append(defaultMasks).append("} ")
+ .append("defaultMasks={").append(defaultTagMasks).append("} ")
.append("termsOfUse={").append(termsOfUse).append("} ")
.append("options={").append(options).append("} ")
.append("additionalInfo={").append(additionalInfo).append("} ")
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java
index 882cd4392..b6096f217 100644
---
a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java
+++
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java
@@ -61,8 +61,11 @@ public class XXGdsSharedResource extends XXDBBase implements
Serializable {
@Column(name = "resource")
protected String resource;
- @Column(name = "sub_resource_names")
- protected String subResourceNames;
+ @Column(name = "sub_resource")
+ protected String subResource;
+
+ @Column(name = "sub_resource_type")
+ protected String subResourceType;
@Column(name = "resource_signature")
protected String resourceSignature;
@@ -123,9 +126,13 @@ public class XXGdsSharedResource extends XXDBBase
implements Serializable {
public void setResource(String resource) { this.resource = resource; }
- public String getSubResourceNames() { return subResourceNames; }
+ public String getSubResource() { return subResource; }
+
+ public void setSubResource(String subResource) {this.subResource =
subResource; }
+
+ public String getSubResourceType() { return subResourceType; }
- public void setSubResourceNames(String subResourceNames) {
this.subResourceNames = subResourceNames; }
+ public void setSubResourceType(String subResourceType)
{this.subResourceType = subResourceType; }
public String getResourceSignature() { return resourceSignature; }
@@ -164,7 +171,7 @@ public class XXGdsSharedResource extends XXDBBase
implements Serializable {
@Override
public int hashCode() {
- return Objects.hash(id, guid, version, isEnabled, name, description,
dataShareId, resource, subResourceNames, resourceSignature, conditionExpr,
accessTypes, rowFilter, subResourceMasks, profiles, options, additionalInfo);
+ return Objects.hash(id, guid, version, isEnabled, name, description,
dataShareId, resource, subResource, subResourceType, resourceSignature,
conditionExpr, accessTypes, rowFilter, subResourceMasks, profiles, options,
additionalInfo);
}
@Override
@@ -187,7 +194,8 @@ public class XXGdsSharedResource extends XXDBBase
implements Serializable {
Objects.equals(description, other.description) &&
Objects.equals(dataShareId, other.dataShareId) &&
Objects.equals(resource, other.resource) &&
- Objects.equals(subResourceNames, other.subResourceNames) &&
+ Objects.equals(subResource, other.subResource) &&
+ Objects.equals(subResourceType, other.subResourceType) &&
Objects.equals(resourceSignature, other.resourceSignature) &&
Objects.equals(conditionExpr, other.conditionExpr) &&
Objects.equals(accessTypes, other.accessTypes) &&
@@ -215,7 +223,8 @@ public class XXGdsSharedResource extends XXDBBase
implements Serializable {
.append("description={").append(description).append("} ")
.append("dataShareId={").append(dataShareId).append("} ")
.append("resource={").append(resource).append("} ")
- .append("subResourceNames={").append(subResourceNames).append("} ")
+ .append("subResource={").append(subResource).append("} ")
+ .append("subResourceType={").append(subResourceType).append("} ")
.append("conditionExpr={").append(conditionExpr).append("} ")
.append("accessTypes={").append(accessTypes).append("} ")
.append("rowFilter={").append(rowFilter).append("} ")
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
index d4e6ec746..36897c111 100755
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
@@ -236,7 +236,7 @@ public class RangerGdsDataShareService extends
RangerGdsBaseModelService<XXGdsDa
xObj.setZoneId(zoneId);
xObj.setConditionExpr(vObj.getConditionExpr());
xObj.setDefaultAccessTypes(JsonUtils.objectToJson(vObj.getDefaultAccessTypes()));
- xObj.setDefaultMasks(JsonUtils.objectToJson(vObj.getDefaultMasks()));
+
xObj.setDefaultTagMasks(JsonUtils.objectToJson(vObj.getDefaultTagMasks()));
xObj.setTermsOfUse(vObj.getTermsOfUse());
xObj.setOptions(JsonUtils.mapToJson(vObj.getOptions()));
xObj.setAdditionalInfo(JsonUtils.mapToJson(vObj.getAdditionalInfo()));
@@ -262,7 +262,7 @@ public class RangerGdsDataShareService extends
RangerGdsBaseModelService<XXGdsDa
vObj.setZone(zoneName);
vObj.setConditionExpr(xObj.getConditionExpr());
vObj.setDefaultAccessTypes(JsonUtils.jsonToSetString(xObj.getDefaultAccessTypes()));
-
vObj.setDefaultMasks(JsonUtils.jsonToMapMaskInfo(xObj.getDefaultMasks()));
+
vObj.setDefaultTagMasks(JsonUtils.jsonToListTagMaskInfo(xObj.getDefaultTagMasks()));
vObj.setTermsOfUse(xObj.getTermsOfUse());
vObj.setOptions(JsonUtils.jsonToMapStringString(xObj.getOptions()));
vObj.setAdditionalInfo(JsonUtils.jsonToMapStringString(xObj.getAdditionalInfo()));
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
index d9eac708c..0a11d4f1d 100755
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
@@ -199,7 +199,8 @@ public class RangerGdsSharedResourceService extends
RangerGdsBaseModelService<XX
xObj.setDescription(vObj.getDescription());
xObj.setDataShareId(vObj.getDataShareId());
xObj.setResource(JsonUtils.mapToJson(vObj.getResource()));
-
xObj.setSubResourceNames(JsonUtils.listToJson(vObj.getSubResourceNames()));
+ xObj.setSubResource(JsonUtils.objectToJson(vObj.getSubResource()));
+ xObj.setSubResourceType(vObj.getSubResourceType());
xObj.setResourceSignature(new
RangerPolicyResourceSignature(vObj.getResource()).getSignature());
xObj.setConditionExpr(vObj.getConditionExpr());
xObj.setAccessTypes(JsonUtils.objectToJson(vObj.getAccessTypes()));
@@ -221,7 +222,8 @@ public class RangerGdsSharedResourceService extends
RangerGdsBaseModelService<XX
vObj.setDescription(xObj.getDescription());
vObj.setDataShareId(xObj.getDataShareId());
vObj.setResource(JsonUtils.jsonToMapPolicyResource(xObj.getResource()));
-
vObj.setSubResourceNames(JsonUtils.jsonToListString(xObj.getSubResourceNames()));
+ vObj.setSubResource(JsonUtils.jsonToObject(xObj.getSubResource(),
RangerPolicy.RangerPolicyResource.class));
+ vObj.setSubResourceType(xObj.getSubResourceType());
vObj.setConditionExpr(xObj.getConditionExpr());
vObj.setAccessTypes(JsonUtils.jsonToSetString(xObj.getAccessTypes()));
vObj.setRowFilter(JsonUtils.jsonToObject(xObj.getRowFilter(),
RangerPolicy.RangerPolicyItemRowFilterInfo.class));
diff --git
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
index ebffd654e..6c55fd029 100755
---
a/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
+++
b/security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
@@ -34,6 +34,7 @@ import org.apache.ranger.plugin.model.RangerGds.RangerDataset;
import org.apache.ranger.plugin.model.RangerGds.RangerGdsObjectACL;
import org.apache.ranger.plugin.model.RangerGds.RangerProject;
import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource;
+import org.apache.ranger.plugin.model.RangerGds.RangerTagDataMaskInfo;
import
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
import org.apache.ranger.plugin.model.validation.ValidationFailureDetails;
import org.slf4j.Logger;
@@ -183,7 +184,7 @@ public class RangerGdsValidator {
validateAcl(dataShare.getAcl(), "acl", result);
validateAccessTypes(dataShare.getService(), "defaultAccessTypes",
dataShare.getDefaultAccessTypes(), result);
- validateMaskTypes(dataShare.getService(), "defaultMasks",
dataShare.getDefaultMasks(), result);
+ validateMaskTypes(dataShare.getService(), "defaultTagMasks",
dataShare.getDefaultTagMasks(), result);
if (!result.isSuccess()) {
result.throwRESTException();
@@ -203,7 +204,7 @@ public class RangerGdsValidator {
validateDataShareAdmin(existing, result);
validateAcl(dataShare.getAcl(), "acl", result);
validateAccessTypes(dataShare.getService(), "defaultAccessTypes",
dataShare.getDefaultAccessTypes(), result);
- validateMaskTypes(dataShare.getService(), "defaultMasks",
dataShare.getDefaultMasks(), result);
+ validateMaskTypes(dataShare.getService(), "defaultTagMasks",
dataShare.getDefaultTagMasks(), result);
}
if (!result.isSuccess()) {
@@ -799,11 +800,12 @@ public class RangerGdsValidator {
}
}
- private void validateMaskTypes(String serviceName, String fieldName,
Map<String, RangerPolicyItemDataMaskInfo> maskTypes, ValidationResult result) {
+ private void validateMaskTypes(String serviceName, String fieldName,
List<RangerTagDataMaskInfo> maskTypes, ValidationResult result) {
if (maskTypes != null && !maskTypes.isEmpty()) {
Set<String> validMaskTypes =
dataProvider.getMaskTypes(serviceName);
- for (RangerPolicyItemDataMaskInfo maskInfo : maskTypes.values()) {
+ for (RangerTagDataMaskInfo tagMaskInfo : maskTypes) {
+ RangerPolicyItemDataMaskInfo maskInfo =
tagMaskInfo.getMaskInfo();
if (!validMaskTypes.contains(maskInfo.getDataMaskType())) {
result.addValidationFailure(new
ValidationFailureDetails(ValidationErrorCode.GDS_VALIDATION_ERR_INVALID_MASK_TYPE,
fieldName, maskInfo.getDataMaskType()));
}
