Skip to content

[enhance](auth)Optimize the authentication logic of Ranger Doris #41207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
morrySnow merged 24 commits into from
Oct 11, 2024
Merged

[enhance](auth)Optimize the authentication logic of Ranger Doris #41207

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
13f1619
1
zddr Aug 26, 2024
e90a641
1
zddr Aug 26, 2024
dec7166
1
zddr Aug 26, 2024
63f14c7
1
zddr Aug 26, 2024
8b7ea3a
1
zddr Aug 26, 2024
4d75b01
1
zddr Aug 26, 2024
b0a465c
1
zddr Aug 26, 2024
67ed015
1
zddr Aug 26, 2024
d205ff7
1
zddr Aug 28, 2024
d5ce13e
1
zddr Aug 28, 2024
607b8a7
1
zddr Sep 18, 2024
7d63197
1
zddr Sep 18, 2024
57259b5
Merge branch 'master' into ranger_enhance1
zddr Sep 18, 2024
1794ddd
1
zddr Sep 18, 2024
8dd362a
1
zddr Sep 18, 2024
5ae7a6a
1
zddr Sep 19, 2024
dc62e0b
1
zddr Sep 19, 2024
5566d34
1
zddr Sep 19, 2024
b00b24e
Merge branch 'master' into ranger_show
zddr Sep 24, 2024
ad89eb5
1
zddr Sep 24, 2024
3703dd7
1
zddr Sep 24, 2024
0c667fb
1
zddr Sep 24, 2024
9d8feaf
1
zddr Sep 24, 2024
ea7e63a
comment
zddr Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions ...core/src/main/java/org/apache/doris/catalog/authorizer/ranger/RangerAccessController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
package org.apache.doris.catalog.authorizer.ranger;

import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.authorizer.ranger.doris.DorisAccessType;
import org.apache.doris.common.AuthorizationException;
import org.apache.doris.mysql.privilege.CatalogAccessController;
import org.apache.doris.mysql.privilege.DataMaskPolicy;
Expand Down Expand Up @@ -92,6 +93,11 @@ public List<? extends RowFilterPolicy> evalRowFilterPolicies(UserIdentity curren
String tbl) {
RangerAccessResourceImpl resource = createResource(ctl, db, tbl);
RangerAccessRequestImpl request = createRequest(currentUser);
// If the access type is not set here, it defaults to ANY1 ACCESS.
// The internal logic of the ranger is to traverse all permission items.
// Since the ranger UI will set the access type to 'SELECT',
// we will keep it consistent with the UI here to avoid performance issues
request.setAccessType(DorisAccessType.SELECT.name());
request.setResource(resource);

if (LOG.isDebugEnabled()) {
Expand Down Expand Up @@ -119,6 +125,7 @@ public Optional<DataMaskPolicy> evalDataMaskPolicy(UserIdentity currentUser, Str
String col) {
RangerAccessResourceImpl resource = createResource(ctl, db, tbl, col);
RangerAccessRequestImpl request = createRequest(currentUser);
request.setAccessType(DorisAccessType.SELECT.name());
request.setResource(resource);

if (LOG.isDebugEnabled()) {
Expand Down
91 changes: 0 additions & 91 deletions ...n/java/org/apache/doris/catalog/authorizer/ranger/cache/CatalogCacheAccessController.java
View file
Open in desktop

This file was deleted.

89 changes: 0 additions & 89 deletions ...core/src/main/java/org/apache/doris/catalog/authorizer/ranger/cache/DatamaskCacheKey.java
View file
Open in desktop

This file was deleted.

107 changes: 0 additions & 107 deletions fe/fe-core/src/main/java/org/apache/doris/catalog/authorizer/ranger/cache/RangerCache.java
View file
Open in desktop

This file was deleted.

41 changes: 0 additions & 41 deletions .../java/org/apache/doris/catalog/authorizer/ranger/cache/RangerCacheInvalidateListener.java
View file
Open in desktop

This file was deleted.

Loading