Re: [PR] [#6536] improvement(authz): Create Ranger service if service is absent [gravitino]

Mon, 03 Mar 2025 22:37:35 -0800 


jerqi commented on code in PR #6575:
URL: https://github.com/apache/gravitino/pull/6575#discussion_r1978713739


##########
authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationPlugin.java:
##########
@@ -909,59 +1031,4 @@ private void removePolicyItemIfEqualRoleName(
       policyItem.getRoles().removeIf(roleName::equals);
     }
   }
-
-  /**
-   * IF rename the SCHEMA, Need to rename these the relevant policies, 
`{schema}`, `{schema}.*`,
-   * `{schema}.*.*` <br>
-   * IF rename the TABLE, Need to rename these the relevant policies, 
`{schema}.*`, `{schema}.*.*`
-   * <br>
-   * IF rename the COLUMN, Only need to rename `{schema}.*.*` <br>
-   */
-  protected abstract void renameMetadataObject(
-      AuthorizationMetadataObject authzMetadataObject,
-      AuthorizationMetadataObject newAuthzMetadataObject);
-
-  protected abstract void removeMetadataObject(AuthorizationMetadataObject 
authzMetadataObject);
-
-  /**
-   * Remove the policy by the metadata object names. <br>
-   *
-   * @param authzMetadataObject The authorization metadata object.
-   */
-  protected void removePolicyByMetadataObject(AuthorizationMetadataObject 
authzMetadataObject) {
-    RangerPolicy policy = findManagedPolicy(authzMetadataObject);
-    if (policy != null) {
-      rangerHelper.removeAllGravitinoManagedPolicyItem(policy);
-    }
-  }
-
-  @Override
-  public void close() throws IOException {}
-
-  /** Generate authorization securable object */
-  public abstract AuthorizationSecurableObject 
generateAuthorizationSecurableObject(
-      List<String> names,
-      String path,
-      AuthorizationMetadataObject.Type type,
-      Set<AuthorizationPrivilege> privileges);
-
-  public boolean validAuthorizationOperation(List<SecurableObject> 
securableObjects) {
-    return securableObjects.stream()
-        .allMatch(
-            securableObject -> {
-              AtomicBoolean match = new AtomicBoolean(true);
-              securableObject.privileges().stream()
-                  .forEach(
-                      privilege -> {
-                        if (!privilege.canBindTo(securableObject.type())) {
-                          LOG.error(
-                              "The privilege({}) is not supported for the 
metadata object({})!",
-                              privilege.name(),
-                              securableObject.fullName());
-                          match.set(false);
-                        }
-                      });
-              return match.get();
-            });
-  }

Review Comment:
   I can revert this change.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@gravitino.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to