use of io.prestosql.spi.security.ViewExpression in project ranger by apache.
the class RangerPrestoAccessRequest method getRowFilter.
@Override
public Optional<ViewExpression> getRowFilter(SystemSecurityContext context, CatalogSchemaTableName tableName) {
RangerPrestoAccessRequest request = createAccessRequest(createResource(tableName), context, PrestoAccessType.SELECT);
RangerAccessResult result = getRowFilterResult(request);
ViewExpression viewExpression = null;
if (isRowFilterEnabled(result)) {
String filter = result.getFilterExpr();
viewExpression = new ViewExpression(context.getIdentity().getUser(), Optional.of(tableName.getCatalogName()), Optional.of(tableName.getSchemaTableName().getSchemaName()), filter);
}
return Optional.ofNullable(viewExpression);
}
use of io.prestosql.spi.security.ViewExpression in project ranger by apache.
the class RangerPrestoAccessRequest method getColumnMask.
@Override
public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
RangerPrestoAccessRequest request = createAccessRequest(createResource(tableName.getCatalogName(), tableName.getSchemaTableName().getSchemaName(), tableName.getSchemaTableName().getTableName(), Optional.of(columnName)), context, PrestoAccessType.SELECT);
RangerAccessResult result = getDataMaskResult(request);
ViewExpression viewExpression = null;
if (isDataMaskEnabled(result)) {
String maskType = result.getMaskType();
RangerServiceDef.RangerDataMaskTypeDef maskTypeDef = result.getMaskTypeDef();
String transformer = null;
if (maskTypeDef != null) {
transformer = maskTypeDef.getTransformer();
}
if (StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_NULL)) {
transformer = "NULL";
} else if (StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_CUSTOM)) {
String maskedValue = result.getMaskedValue();
if (maskedValue == null) {
transformer = "NULL";
} else {
transformer = maskedValue;
}
}
if (StringUtils.isNotEmpty(transformer)) {
transformer = transformer.replace("{col}", columnName).replace("{type}", type.getDisplayName());
}
viewExpression = new ViewExpression(context.getIdentity().getUser(), Optional.of(tableName.getCatalogName()), Optional.of(tableName.getSchemaTableName().getSchemaName()), transformer);
if (LOG.isDebugEnabled()) {
LOG.debug("getColumnMask: user: %s, catalog: %s, schema: %s, transformer: %s");
}
}
return Optional.ofNullable(viewExpression);
}
use of io.prestosql.spi.security.ViewExpression in project ranger by apache.
the class RangerSystemAccessControlTest method testMisc.
@Test
@SuppressWarnings("PMD")
public void testMisc() {
assertEquals(accessControlManager.filterViewQueryOwnedBy(context(alice), queryOwners), queryOwners);
// check {type} / {col} replacement
final VarcharType varcharType = VarcharType.createVarcharType(20);
Optional<ViewExpression> ret = accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me", varcharType);
assertNotNull(ret.get());
assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
ret = accessControlManager.getColumnMask(context(alice), aliceTable, "do-not-cast-me", varcharType);
assertFalse(ret.isPresent());
ret = accessControlManager.getRowFilter(context(alice), aliceTable);
assertFalse(ret.isPresent());
accessControlManager.checkCanExecuteFunction(context(alice), functionName);
accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice), functionName, new PrestoPrincipal(USER, "grantee"), true);
accessControlManager.checkCanExecuteProcedure(context(alice), aliceProcedure);
}
Aggregations