RANGER-3923: governed data sharing using datasets - #1

coldestlin · Mar 30, 2023 · f338a0d · f338a0d
1 parent e11431f
commit f338a0d
Show file tree

Hide file tree

Showing 56 changed files with 8,965 additions and 37 deletions.
diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java b/agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
@@ -24,18 +24,32 @@
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.plugin.model.AuditFilter;
+import org.apache.ranger.plugin.model.RangerPrincipal;
 import org.apache.ranger.plugin.model.RangerValidityRecurrence;
 import org.apache.ranger.plugin.model.RangerValiditySchedule;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.lang.reflect.Type;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 public class JsonUtils {
     private static final Logger LOG = LoggerFactory.getLogger(JsonUtils.class);
 
+    private static final Type TYPE_MAP_STRING_STRING               = new TypeToken<Map<String, String>>() {}.getType();
+    private static final Type TYPE_SET_STRING                      = new TypeToken<Set<String>>() {}.getType();
+    private static final Type TYPE_LIST_STRING                     = new TypeToken<List<String>>() {}.getType();
+    private static final Type TYPE_LIST_RANGER_VALIDITY_SCHEDULE   = new TypeToken<List<RangerValiditySchedule>>() {}.getType();
+    private static final Type TYPE_LIST_AUDIT_FILTER               = new TypeToken<List<AuditFilter>>() {}.getType();
+    private static final Type TYPE_LIST_RANGER_VALIDITY_RECURRENCE = new TypeToken<List<RangerValidityRecurrence>>() {}.getType();
+    private static final Type TYPE_LIST_RANGER_PRINCIPAL           = new TypeToken<List<RangerPrincipal>>() {}.getType();
+    private static final Type TYPE_MAP_RANGER_MASK_INFO            = new TypeToken<Map<String, RangerPolicyItemDataMaskInfo>>() {}.getType();
+    private static final Type TYPE_MAP_RANGER_POLICY_RESOURCE      = new TypeToken<Map<String, RangerPolicyResource>>() {}.getType();
+
     private static final ThreadLocal<Gson> gson = new ThreadLocal<Gson>() {
         @Override
         protected Gson initialValue() {
@@ -100,8 +114,7 @@ public static Map<String, String> jsonToMapStringString(String jsonStr) {
 
         if(StringUtils.isNotEmpty(jsonStr)) {
             try {
-                Type mapType = new TypeToken<Map<String, String>>() {}.getType();
-                ret = gson.get().fromJson(jsonStr, mapType);
+                ret = gson.get().fromJson(jsonStr, TYPE_MAP_STRING_STRING);
             } catch(Exception excp) {
                 LOG.warn("jsonToObject() failed to convert json to object: " + jsonStr, excp);
             }
@@ -110,10 +123,37 @@ public static Map<String, String> jsonToMapStringString(String jsonStr) {
         return ret;
     }
 
+    public static Set<String> jsonToSetString(String jsonStr) {
+        Set<String> ret = null;
+
+        if (StringUtils.isNotEmpty(jsonStr)) {
+            try {
+                ret = gson.get().fromJson(jsonStr, TYPE_SET_STRING);
+            } catch(Exception excp) {
+                LOG.warn("jsonToSetString() failed to convert json to object: " + jsonStr, excp);
+            }
+        }
+
+        return ret;
+    }
+
+    public static List<String> jsonToListString(String jsonStr) {
+        List<String> ret = null;
+
+        if (StringUtils.isNotEmpty(jsonStr)) {
+            try {
+                ret = gson.get().fromJson(jsonStr, TYPE_LIST_STRING);
+            } catch(Exception excp) {
+                LOG.warn("jsonToListString() failed to convert json to object: " + jsonStr, excp);
+            }
+        }
+
+        return ret;
+    }
+
     public static List<RangerValiditySchedule> jsonToRangerValiditySchedule(String jsonStr) {
         try {
-            Type listType = new TypeToken<List<RangerValiditySchedule>>() {}.getType();
-            return gson.get().fromJson(jsonStr, listType);
+            return gson.get().fromJson(jsonStr, TYPE_LIST_RANGER_VALIDITY_SCHEDULE);
         } catch (Exception e) {
             LOG.error("Cannot get List<RangerValiditySchedule> from " + jsonStr, e);
             return null;
@@ -122,8 +162,7 @@ public static List<RangerValiditySchedule> jsonToRangerValiditySchedule(String j
 
     public static List<AuditFilter> jsonToAuditFilterList(String jsonStr) {
         try {
-            Type listType = new TypeToken<List<AuditFilter>>() {}.getType();
-            return gson.get().fromJson(jsonStr, listType);
+            return gson.get().fromJson(jsonStr, TYPE_LIST_AUDIT_FILTER);
         } catch (Exception e) {
             LOG.error("failed to create audit filters from: " + jsonStr, e);
             return null;
@@ -132,9 +171,34 @@ public static List<AuditFilter> jsonToAuditFilterList(String jsonStr) {
 
     public static List<RangerValidityRecurrence> jsonToRangerValidityRecurringSchedule(String jsonStr) {
         try {
-            Type listType = new TypeToken<List<RangerValidityRecurrence>>() {
-            }.getType();
-            return gson.get().fromJson(jsonStr, listType);
+            return gson.get().fromJson(jsonStr, TYPE_LIST_RANGER_VALIDITY_RECURRENCE);
+        } catch (Exception e) {
+            LOG.error("Cannot get List<RangerValidityRecurrence> from " + jsonStr, e);
+            return null;
+        }
+    }
+
+    public static List<RangerPrincipal> jsonToRangerPrincipalList(String jsonStr) {
+        try {
+            return gson.get().fromJson(jsonStr, TYPE_LIST_RANGER_PRINCIPAL);
+        } catch (Exception e) {
+            LOG.error("Cannot get List<RangerValidityRecurrence> from " + jsonStr, e);
+            return null;
+        }
+    }
+
+    public static Map<String, RangerPolicyItemDataMaskInfo> jsonToMapMaskInfo(String jsonStr) {
+        try {
+            return gson.get().fromJson(jsonStr, TYPE_MAP_RANGER_MASK_INFO);
+        } catch (Exception e) {
+            LOG.error("Cannot get List<RangerValidityRecurrence> from " + jsonStr, e);
+            return null;
+        }
+    }
+
+    public static Map<String, RangerPolicyResource> jsonToMapPolicyResource(String jsonStr) {
+        try {
+            return gson.get().fromJson(jsonStr, TYPE_MAP_RANGER_POLICY_RESOURCE);
         } catch (Exception e) {
             LOG.error("Cannot get List<RangerValidityRecurrence> from " + jsonStr, e);
             return null;

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -132,6 +132,32 @@ public enum ValidationErrorCode {
     ROLE_VALIDATION_ERR_INVALID_ROLE_NAME(4007, "No RangerRole found for name[{0}]"),
     ROLE_VALIDATION_ERR_UNSUPPORTED_ACTION(4008, "Internal error: method signature isValid(Long) is only supported for DELETE"),
 
+    GDS_VALIDATION_ERR_NON_EXISTING_USER(4101, "User [{0}] does not exist"),
+    GDS_VALIDATION_ERR_NON_EXISTING_GROUP(4102, "Group [{0}] does not exist"),
+    GDS_VALIDATION_ERR_NON_EXISTING_ROLE(4103, "Role [{0}] does not exist"),
+    GDS_VALIDATION_ERR_NON_EXISTING_SERVICE(4104, "Service [{0}] does not exist"),
+    GDS_VALIDATION_ERR_NON_EXISTING_ZONE(4105, "Zone [{0}] does not exist"),
+    GDS_VALIDATION_ERR_NOT_OWNER(4106, "User [{0}] is not an owner"),
+    GDS_VALIDATION_ERR_SERVICE_NAME_MISSING(4107, "Service name not provided"),
+    GDS_VALIDATION_ERR_DATASET_NAME_CONFLICT(4108, "Dataset with name [{0}] already exists. ID=[{1}]"),
+    GDS_VALIDATION_ERR_DATASET_NAME_NOT_FOUND(4109, "Dataset with name [{0}] does not exist"),
+    GDS_VALIDATION_ERR_DATASET_ID_NOT_FOUND(4110, "Dataset with ID [{0}] does not exist"),
+    GDS_VALIDATION_ERR_PROJECT_NAME_CONFLICT(4111, "Project with name [{0}] already exists. ID=[{1}]"),
+    GDS_VALIDATION_ERR_PROJECT_NAME_NOT_FOUND(4112, "Project with name [{0}] does not exist"),
+    GDS_VALIDATION_ERR_PROJECT_ID_NOT_FOUND(4113, "Project with ID [{0}] does not exist"),
+    GDS_VALIDATION_ERR_DATA_SHARE_NAME_CONFLICT(4114, "Data share with name [{0}] already exists. ID=[{1}]"),
+    GDS_VALIDATION_ERR_DATA_SHARE_NAME_NOT_FOUND(4115, "Data share with name [{0}] does not exist"),
+    GDS_VALIDATION_ERR_DATA_SHARE_ID_NOT_FOUND(4116, "Data share with ID [{0}] does not exist"),
+    GDS_VALIDATION_ERR_DATA_SHARE_NOT_SERVICE_ADMIN(4117, "Not a admin for service [{0}]"),
+    GDS_VALIDATION_ERR_DATA_SHARE_NOT_SERVICE_OR_ZONE_ADMIN(4118, "Not a admin for service [{0}] or zone [{1}]"),
+    GDS_VALIDATION_ERR_INVALID_ACCESS_TYPE(4119, "Not a valid access-type [{0}]"),
+    GDS_VALIDATION_ERR_INVALID_MASK_TYPE(4120, "Not a valid mask-type [{0}]"),
+    GDS_VALIDATION_ERR_SHARED_RESOURCE_NAME_CONFLICT(4121, "Shared resource with name [{0}] already exists in data share [{1}]. ID=[{2}]"),
+    GDS_VALIDATION_ERR_SHARED_RESOURCE_ID_NOT_FOUND(4122, "Shared resource with ID [{0}] does not exist"),
+    GDS_VALIDATION_ERR_ADD_DATA_SHARE_IN_DATASET_INVALID_STATUS(4123, "[{0}]: invalid status while adding data share into a dataset"),
+    GDS_VALIDATION_ERR_DATA_SHARE_IN_DATASET_ID_NOT_FOUND(4124, "Data share-in-dataset with ID [{0}] does not exist"),
+    GDS_VALIDATION_ERR_INVALID_STATUS_CHANGE(4125, "invalid status change from [{0}] to [{1}]"),
+    GDS_VALIDATION_ERR_UPDATE_IMMUTABLE_FIELD(4126, "[{0}] can't be updated"),
 
     ;