minor, add a switch to enable/disable Table ACL.
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/555617cb Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/555617cb Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/555617cb Branch: refs/heads/master Commit: 555617cb07362dbe80e53fdfc317d641acc25e19 Parents: 940aef6 Author: tttMelody <245915...@qq.com> Authored: Thu Sep 21 17:49:32 2017 +0800 Committer: Hongbin Ma <m...@kyligence.io> Committed: Thu Sep 21 17:57:08 2017 +0800 ---------------------------------------------------------------------- .../src/main/java/org/apache/kylin/common/KylinConfigBase.java | 4 ++++ core-common/src/main/resources/kylin-defaults.properties | 3 ++- .../java/org/apache/kylin/query/security/QueryIntercept.java | 5 +++++ .../java/org/apache/kylin/rest/security/TableIntercept.java | 5 +++++ 4 files changed, 16 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/555617cb/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java ---------------------------------------------------------------------- diff --git a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java index d535b7d..a86464f 100644 --- a/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java +++ b/core-common/src/main/java/org/apache/kylin/common/KylinConfigBase.java @@ -1157,6 +1157,10 @@ abstract public class KylinConfigBase implements Serializable { return Integer.parseInt(this.getOptional("kylin.query.pushdown.jdbc.pool-min-idle", "0")); } + public boolean isTableACLEnabled() { + return Boolean.valueOf(this.getOptional("kylin.query.acl.table-acl-enabled", "true")); + } + // ============================================================================ // SERVER // ============================================================================ http://git-wip-us.apache.org/repos/asf/kylin/blob/555617cb/core-common/src/main/resources/kylin-defaults.properties ---------------------------------------------------------------------- diff --git a/core-common/src/main/resources/kylin-defaults.properties b/core-common/src/main/resources/kylin-defaults.properties index c2da3f8..bb03520 100644 --- a/core-common/src/main/resources/kylin-defaults.properties +++ b/core-common/src/main/resources/kylin-defaults.properties @@ -259,7 +259,7 @@ kylin.engine.spark-conf.spark.hadoop.yarn.timeline-service.enabled=false #kylin.query.pushdown.runner-class-name=org.apache.kylin.query.adhoc.PushDownRunnerJdbcImpl -#kylin.query.pushdown.update-enabled = false +#kylin.query.pushdown.update-enabled=false #kylin.query.pushdown.jdbc.url=jdbc:hive2://sandbox:10000/default #kylin.query.pushdown.jdbc.driver=org.apache.hive.jdbc.HiveDriver #kylin.query.pushdown.jdbc.username=hive @@ -270,4 +270,5 @@ kylin.engine.spark-conf.spark.hadoop.yarn.timeline-service.enabled=false #kylin.query.pushdown.jdbc.pool-min-idle=0 ### TABLE ACL +kylin.query.acl.table-acl-enabled=true kylin.query.intercepts=org.apache.kylin.rest.security.TableIntercept \ No newline at end of file http://git-wip-us.apache.org/repos/asf/kylin/blob/555617cb/query/src/main/java/org/apache/kylin/query/security/QueryIntercept.java ---------------------------------------------------------------------- diff --git a/query/src/main/java/org/apache/kylin/query/security/QueryIntercept.java b/query/src/main/java/org/apache/kylin/query/security/QueryIntercept.java index 8df0da7..2312568 100644 --- a/query/src/main/java/org/apache/kylin/query/security/QueryIntercept.java +++ b/query/src/main/java/org/apache/kylin/query/security/QueryIntercept.java @@ -26,6 +26,9 @@ import org.apache.kylin.query.relnode.OLAPContext; public abstract class QueryIntercept { public void intercept(List<OLAPContext> contexts) { + if (!isEnabled()) { + return; + } Collection<String> userIdentifierBlackList = getIdentifierBlackList(contexts); intercept(contexts, userIdentifierBlackList); } @@ -43,6 +46,8 @@ public abstract class QueryIntercept { } } + protected abstract boolean isEnabled(); + protected abstract Collection<String> getQueryIdentifiers(List<OLAPContext> contexts); protected abstract Collection<String> getIdentifierBlackList(List<OLAPContext> contexts); http://git-wip-us.apache.org/repos/asf/kylin/blob/555617cb/server-base/src/main/java/org/apache/kylin/rest/security/TableIntercept.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/security/TableIntercept.java b/server-base/src/main/java/org/apache/kylin/rest/security/TableIntercept.java index c87f674..442ce88 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/security/TableIntercept.java +++ b/server-base/src/main/java/org/apache/kylin/rest/security/TableIntercept.java @@ -30,6 +30,11 @@ import org.apache.kylin.query.security.QueryInterceptUtil; public class TableIntercept extends QueryIntercept{ @Override + protected boolean isEnabled() { + return KylinConfig.getInstanceFromEnv().isTableACLEnabled(); + } + + @Override public Set<String> getQueryIdentifiers(List<OLAPContext> contexts) { return QueryInterceptUtil.getAllTblsWithSchema(contexts); }