Java Code Examples for org.apache.ranger.plugin.policyengine.RangerAccessResult#getMaskType()

The following examples show how to use org.apache.ranger.plugin.policyengine.RangerAccessResult#getMaskType() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RangerGaianAuthorizer.java    From egeria with Apache License 2.0 6 votes vote down vote up
private boolean addCellValueTransformerAndCheckIfTransformed(QueryContext queryContext, String columnName) {

        logger.logDetail("==> addCellValueTransformerAndCheckIfTransformed(queryContext=" + queryContext + ", " + columnName + ")");
        String columnTransformer = columnName;
        List<String> columnTransformers = queryContext.getColumnTransformers();
        RangerAccessResult result = getRangerDataMaskResult(queryContext, columnName);
        boolean isDataMaskEnabled = isDataMaskEnabled(result);

        if (isDataMaskEnabled) {
            String transformer = getTransformer(result);
            String maskType = result.getMaskType();

            if (StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_NULL)) {
                columnTransformer = NULL_MASK_TYPE;
            } else if (StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_CUSTOM)) {
                columnTransformer = getCustomMaskType(columnName, result);
            } else if (StringUtils.isNotEmpty(transformer)) {
                columnTransformer = transformer.replace("{col}", columnName);
            }
        }

        columnTransformers.add(columnTransformer);
        logger.logDetail("<== addCellValueTransformerAndCheckIfTransformed(queryContext=" + queryContext + ", " + columnName + "): " + isDataMaskEnabled);

        return isDataMaskEnabled;
    }
 
Example 2
Source File: RangerDefaultDataMaskPolicyItemEvaluator.java    From ranger with Apache License 2.0 5 votes vote down vote up
@Override
public void updateAccessResult(RangerPolicyEvaluator policyEvaluator, RangerAccessResult result, RangerPolicyResourceMatcher.MatchType matchType) {
	RangerPolicyItemDataMaskInfo dataMaskInfo = getDataMaskInfo();

	if (result.getMaskType() == null && dataMaskInfo != null) {
		result.setMaskType(dataMaskInfo.getDataMaskType());
		result.setMaskCondition(dataMaskInfo.getConditionExpr());
		result.setMaskedValue(dataMaskInfo.getValueExpr());
		policyEvaluator.updateAccessResult(result, matchType, true, getComments());
	}
}
 
Example 3
Source File: RangerHiveAuthorizer.java    From ranger with Apache License 2.0 4 votes vote down vote up
private boolean addCellValueTransformerAndCheckIfTransformed(HiveAuthzContext context, String databaseName, String tableOrViewName, String columnName, List<String> columnTransformers) throws SemanticException {
	UserGroupInformation ugi = getCurrentUserGroupInfo();

	if(ugi == null) {
		throw new SemanticException("user information not available");
	}

	if(LOG.isDebugEnabled()) {
		LOG.debug("==> addCellValueTransformerAndCheckIfTransformed(" + databaseName + ", " + tableOrViewName + ", " + columnName + ")");
	}

	boolean ret = false;
	String columnTransformer = columnName;

	RangerHiveAuditHandler auditHandler = new RangerHiveAuditHandler();

	try {
		HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext();
		String                  user           = ugi.getShortUserName();
		Set<String>             groups         = Sets.newHashSet(ugi.getGroupNames());
		Set<String>             roles          = getCurrentRoles();
		HiveObjectType          objectType     = HiveObjectType.COLUMN;
		RangerHiveResource      resource       = new RangerHiveResource(objectType, databaseName, tableOrViewName, columnName);
		RangerHiveAccessRequest request        = new RangerHiveAccessRequest(resource, user, groups, roles, objectType.name(), HiveAccessType.SELECT, context, sessionContext);

		RangerAccessResult result = hivePlugin.evalDataMaskPolicies(request, auditHandler);

		ret = isDataMaskEnabled(result);

		if(ret) {
			String                maskType    = result.getMaskType();
			RangerDataMaskTypeDef maskTypeDef = result.getMaskTypeDef();
			String transformer	= null;
			if (maskTypeDef != null) {
				transformer = maskTypeDef.getTransformer();
			}

			if(StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_NULL)) {
				columnTransformer = "NULL";
			} else if(StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_CUSTOM)) {
				String maskedValue = result.getMaskedValue();

				if(maskedValue == null) {
					columnTransformer = "NULL";
				} else {
					columnTransformer = maskedValue.replace("{col}", columnName);
				}

			} else if(StringUtils.isNotEmpty(transformer)) {
				columnTransformer = transformer.replace("{col}", columnName);
			}

			/*
			String maskCondition = result.getMaskCondition();

			if(StringUtils.isNotEmpty(maskCondition)) {
				ret = "if(" + maskCondition + ", " + ret + ", " + columnName + ")";
			}
			*/
		}
	} finally {
		auditHandler.flushAudit();
	}

	columnTransformers.add(columnTransformer);

	if(LOG.isDebugEnabled()) {
		LOG.debug("<== addCellValueTransformerAndCheckIfTransformed(" + databaseName + ", " + tableOrViewName + ", " + columnName + "): " + ret);
	}

	return ret;
}
 
Example 4
Source File: RangerSystemAccessControl.java    From ranger with Apache License 2.0 4 votes vote down vote up
@Override
public Optional<ViewExpression> getColumnMask(SystemSecurityContext context, CatalogSchemaTableName tableName, String columnName, Type type) {
  RangerPrestoAccessRequest request = createAccessRequest(
    createResource(tableName.getCatalogName(), tableName.getSchemaTableName().getSchemaName(),
      tableName.getSchemaTableName().getTableName(), Optional.of(columnName)),
    context, PrestoAccessType.SELECT);
  RangerAccessResult result = getDataMaskResult(request);

  ViewExpression viewExpression = null;
  if (isDataMaskEnabled(result)) {
    String                maskType    = result.getMaskType();
    RangerServiceDef.RangerDataMaskTypeDef maskTypeDef = result.getMaskTypeDef();
    String transformer	= null;

    if (maskTypeDef != null) {
      transformer = maskTypeDef.getTransformer();
    }

    if(StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_NULL)) {
      transformer = "NULL";
    } else if(StringUtils.equalsIgnoreCase(maskType, RangerPolicy.MASK_TYPE_CUSTOM)) {
      String maskedValue = result.getMaskedValue();

      if(maskedValue == null) {
        transformer = "NULL";
      } else {
        transformer = maskedValue;
      }
    }

    if(StringUtils.isNotEmpty(transformer)) {
      transformer = transformer.replace("{col}", columnName).replace("{type}", type.getDisplayName());
    }

    viewExpression = new ViewExpression(
      context.getIdentity().getUser(),
      Optional.of(tableName.getCatalogName()),
      Optional.of(tableName.getSchemaTableName().getSchemaName()),
      transformer
    );
    if (LOG.isDebugEnabled()) {
      LOG.debug("getColumnMask: user: %s, catalog: %s, schema: %s, transformer: %s");
    }

  }

  return Optional.ofNullable(viewExpression);
}