Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#5966] improvment(authorization): Add path based securable object and user group mapping interface #5967

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

yuqi1129
Copy link
Contributor

What changes were proposed in this pull request?

Add the following things:

  • The interface for user-group mapping between Gravitino and underlying user system.
  • Securable objects for path-based authorization.

Why are the changes needed?

It's a need for path-based authorization

Fix: #5966

Does this PR introduce any user-facing change?

N/A.

How was this patch tested?

Existing tests.

Comment on lines +32 to +58
public enum Type implements AuthorizationMetadataObject.Type {
/** A path is mapped the path of storages like HDFS, S3 etc. */
FILESET(MetadataObject.Type.FILESET),
TABLE(MetadataObject.Type.TABLE),
SCHEMA(MetadataObject.Type.SCHEMA),
CATALOG(MetadataObject.Type.CATALOG);

private final MetadataObject.Type metadataType;

Type(MetadataObject.Type type) {
this.metadataType = type;
}

public MetadataObject.Type metadataObjectType() {
return metadataType;
}

public static PathBasedMetadataObject.Type fromMetadataType(MetadataObject.Type metadataType) {
for (PathBasedMetadataObject.Type type : PathBasedMetadataObject.Type.values()) {
if (type.metadataObjectType() == metadataType) {
return type;
}
}
throw new IllegalArgumentException(
"No matching RangerMetadataObject.Type for " + metadataType);
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only define one PathBased metadata object type PATH

public enum Type implements AuthorizationMetadataObject.Type {
    /** A path is mapped the path of storages like HDFS, S3 etc. */
    PATH(MetadataObject.Type.FILESET, MetadataObject.Type.TABLE, MetadataObject.Type.SCHEMA, MetadataObject.Type. CATALOG);

    private final Set<MetadataObject.Type> validTypes;

    Type(MetadataObject.Type... types) {
        this.validTypes = EnumSet.copyOf(Arrays.asList(types));
    }

    public boolean isValidType(MetadataObject.Type type) {
        return validTypes.contains(type);
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Improvement] Add path-based authorization securable object and user-group mapping interface
2 participants