Search in sources :

Example 1 with ViewExpression

use of io.prestosql.spi.security.ViewExpression in project ranger by apache.

the class RangerPrestoAccessRequest method getRowFilter.

@Override
public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
    RangerPrestoAccessRequest request = createAccessRequest(createResource(tableName), context, PrestoAccessType.SELECT);
    RangerAccessResult result = getRowFilterResult(request);
    ViewExpression viewExpression = null;
    if (isRowFilterEnabled(result)) {
        String filter = result.getFilterExpr();
        viewExpression = new ViewExpression(context.getIdentity().getUser(), Optional.of(tableName.getCatalogName()), Optional.of(tableName.getSchemaTableName().getSchemaName()), filter);
    }
    return Optional.ofNullable(viewExpression);
}
Also used : RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult) ViewExpression(io.prestosql.spi.security.ViewExpression)

Example 2 with ViewExpression

use of io.prestosql.spi.security.ViewExpression in project ranger by apache.

the class RangerPrestoAccessRequest method getColumnMask.

@Override
public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
    RangerPrestoAccessRequest request = createAccessRequest(createResource(tableName.getCatalogName(), tableName.getSchemaTableName().getSchemaName(), tableName.getSchemaTableName().getTableName(), Optional.of(columnName)), context, PrestoAccessType.SELECT);
    RangerAccessResult result = getDataMaskResult(request);
    ViewExpression viewExpression = null;
    if (isDataMaskEnabled(result)) {
        String maskType = result.getMaskType();
        RangerServiceDef.RangerDataMaskTypeDef maskTypeDef = result.getMaskTypeDef();
        String transformer = null;
        if (maskTypeDef != null) {
            transformer = maskTypeDef.getTransformer();
        }
        if (StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_NULL)) {
            transformer = "NULL";
        } else if (StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_CUSTOM)) {
            String maskedValue = result.getMaskedValue();
            if (maskedValue == null) {
                transformer = "NULL";
            } else {
                transformer = maskedValue;
            }
        }
        if (StringUtils.isNotEmpty(transformer)) {
            transformer = transformer.replace("{col}", columnName).replace("{type}", type.getDisplayName());
        }
        viewExpression = new ViewExpression(context.getIdentity().getUser(), Optional.of(tableName.getCatalogName()), Optional.of(tableName.getSchemaTableName().getSchemaName()), transformer);
        if (LOG.isDebugEnabled()) {
            LOG.debug("getColumnMask: user: %s, catalog: %s, schema: %s, transformer: %s");
        }
    }
    return Optional.ofNullable(viewExpression);
}
Also used : RangerServiceDef(org.apache.ranger.plugin.model.RangerServiceDef) RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult) ViewExpression(io.prestosql.spi.security.ViewExpression)

Example 3 with ViewExpression

use of io.prestosql.spi.security.ViewExpression in project ranger by apache.

the class RangerSystemAccessControlTest method testMisc.

@Test
@SuppressWarnings("PMD")
public void testMisc() {
    assertEquals(accessControlManager.filterViewQueryOwnedBy(context(alice), queryOwners), queryOwners);
    // check {type} / {col} replacement
    final VarcharType varcharType = VarcharType.createVarcharType(20);
    Optional<ViewExpression> ret = accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me", varcharType);
    assertNotNull(ret.get());
    assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
    ret = accessControlManager.getColumnMask(context(alice), aliceTable, "do-not-cast-me", varcharType);
    assertFalse(ret.isPresent());
    ret = accessControlManager.getRowFilter(context(alice), aliceTable);
    assertFalse(ret.isPresent());
    accessControlManager.checkCanExecuteFunction(context(alice), functionName);
    accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), functionName, new PrestoPrincipal(USER, "grantee"), true);
    accessControlManager.checkCanExecuteProcedure(context(alice), aliceProcedure);
}
Also used : VarcharType(io.prestosql.spi.type.VarcharType) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) ViewExpression(io.prestosql.spi.security.ViewExpression) Test(org.junit.Test)

Aggregations

ViewExpression (io.prestosql.spi.security.ViewExpression)3 RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)2 PrestoPrincipal (io.prestosql.spi.security.PrestoPrincipal)1 VarcharType (io.prestosql.spi.type.VarcharType)1 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)1 Test (org.junit.Test)1