Re: [PR] [#5731]feat(auth-ranger): RangerAuthorizationHDFSPlugin supports Fileset authorization [gravitino]

Wed, 04 Dec 2024 00:11:33 -0800 


theoryxu commented on code in PR #5733:
URL: https://github.com/apache/gravitino/pull/5733#discussion_r1868910330


##########
authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHDFSPlugin.java:
##########
@@ -0,0 +1,202 @@
+package org.apache.gravitino.authorization.ranger;
+
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.regex.Pattern;
+import org.apache.gravitino.GravitinoEnv;
+import org.apache.gravitino.MetadataObject;
+import org.apache.gravitino.NameIdentifier;
+import org.apache.gravitino.authorization.Privilege;
+import org.apache.gravitino.authorization.SecurableObject;
+import org.apache.gravitino.authorization.SecurableObjects;
+import org.apache.gravitino.authorization.ranger.reference.RangerDefines;
+import org.apache.gravitino.exceptions.AuthorizationPluginException;
+import org.apache.gravitino.file.Fileset;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class RangerAuthorizationHDFSPlugin extends RangerAuthorizationPlugin {
+  private static final Logger LOG = 
LoggerFactory.getLogger(RangerAuthorizationHDFSPlugin.class);
+
+  private static final Pattern pattern = Pattern.compile("^hdfs://[^/]*");
+
+  private RangerAuthorizationHDFSPlugin(Map<String, String> config) {
+    super(config);
+  }
+
+  public static synchronized RangerAuthorizationHDFSPlugin 
getInstance(Map<String, String> config) {
+    return new RangerAuthorizationHDFSPlugin(config);
+  }
+
+  @Override
+  public void validateRangerMetadataObject(List<String> names, 
RangerMetadataObject.Type type)
+      throws IllegalArgumentException {
+    LOG.info("validateRangerMetadataObject {}", names);
+    Preconditions.checkArgument(
+        names != null && !names.isEmpty(), "Cannot create a Ranger metadata 
object with no names");
+    Preconditions.checkArgument(
+        names.size() == 1,
+        "Cannot create a Ranger metadata object with the name length which is 
not equal 1");
+    Preconditions.checkArgument(
+        type == RangerMetadataObject.Type.PATH,
+        String.format("Cannot create a Ranger metadata object with %s type", 
type));
+
+    for (String name : names) {
+      RangerMetadataObjects.checkName(name);
+    }
+  }
+
+  @Override
+  public Map<Privilege.Name, Set<RangerPrivilege>> privilegesMappingRule() {
+    return ImmutableMap.of(
+        Privilege.Name.READ_FILESET,
+        ImmutableSet.of(RangerPrivileges.RangerHdfsPrivilege.READ),
+        Privilege.Name.WRITE_FILESET,
+        ImmutableSet.of(RangerPrivileges.RangerHdfsPrivilege.WRITE));

Review Comment:
   done



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@gravitino.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to