jerqi commented on code in PR #6575:
URL: https://github.com/apache/gravitino/pull/6575#discussion_r1978707342
##########
authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationPlugin.java:
##########
@@ -745,6 +763,110 @@ public Boolean onGroupAcquired(Group group) {
return Boolean.TRUE;
}
+ @Override
+ public void close() throws IOException {
+ if (!isCreatedByPlugin) {
+ return;
+ }
+
+ try {
+ rangerClient.deleteService(rangerServiceName);
+ } catch (RangerServiceException rse) {
+ throw new AuthorizationPluginException(
+ "Fail to delete Ranger service %s, exception: %s",
rangerServiceName, rse.getMessage());
+ }
+ }
+
+ /** Generate authorization securable object */
+ public abstract AuthorizationSecurableObject
generateAuthorizationSecurableObject(
+ List<String> names,
+ String path,
+ AuthorizationMetadataObject.Type type,
+ Set<AuthorizationPrivilege> privileges);
+
+ public boolean validAuthorizationOperation(List<SecurableObject>
securableObjects) {
+ return securableObjects.stream()
+ .allMatch(
+ securableObject -> {
+ AtomicBoolean match = new AtomicBoolean(true);
+ securableObject.privileges().stream()
+ .forEach(
+ privilege -> {
+ if (!privilege.canBindTo(securableObject.type())) {
+ LOG.error(
+ "The privilege({}) is not supported for the
metadata object({})!",
+ privilege.name(),
+ securableObject.fullName());
+ match.set(false);
+ }
+ });
+ return match.get();
+ });
+ }
+
+ /**
+ * IF rename the SCHEMA, Need to rename these the relevant policies,
`{schema}`, `{schema}.*`,
+ * `{schema}.*.*` <br>
+ * IF rename the TABLE, Need to rename these the relevant policies,
`{schema}.*`, `{schema}.*.*`
+ * <br>
+ * IF rename the COLUMN, Only need to rename `{schema}.*.*` <br>
+ */
+ protected abstract void renameMetadataObject(
+ AuthorizationMetadataObject authzMetadataObject,
+ AuthorizationMetadataObject newAuthzMetadataObject);
+
+ protected abstract void removeMetadataObject(AuthorizationMetadataObject
authzMetadataObject);
+
+ /**
+ * Remove the policy by the metadata object names. <br>
+ *
+ * @param authzMetadataObject The authorization metadata object.
+ */
+ protected void removePolicyByMetadataObject(AuthorizationMetadataObject
authzMetadataObject) {
+ RangerPolicy policy = findManagedPolicy(authzMetadataObject);
+ if (policy != null) {
+ rangerHelper.removeAllGravitinoManagedPolicyItem(policy);
+ }
+ }
Review Comment:
OK. I just put public methods together, protected methods together, private
methods together. I can revert this change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@gravitino.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
