This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new a6583cf RANGER-3526: policy evaluation ordering to use name as secondary sorting key a6583cf is described below commit a6583cffdf5813773721f7ae1e02e632de886558 Author: Madhan Neethiraj <mad...@apache.org> AuthorDate: Sat Nov 27 13:01:20 2021 -0800 RANGER-3526: policy evaluation ordering to use name as secondary sorting key --- .../policyevaluator/RangerPolicyEvaluator.java | 6 +++++- .../policyengine/test_aclprovider_mask_filter.json | 22 ++++++++++++++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java index 15a6465..8fbbf94 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java @@ -193,7 +193,7 @@ public interface RangerPolicyEvaluator extends RangerPolicyResourceEvaluator { } private int compareNormal(RangerPolicyEvaluator me, RangerPolicyEvaluator other) { - final int result; + int result; if (me.hasDeny() && !other.hasDeny()) { result = -1; @@ -201,6 +201,10 @@ public interface RangerPolicyEvaluator extends RangerPolicyResourceEvaluator { result = 1; } else { result = Integer.compare(me.getEvalOrder(), other.getEvalOrder()); + + if (result == 0) { + result = me.getPolicy().getName().compareTo(other.getPolicy().getName()); + } } return result; diff --git a/agents-common/src/test/resources/policyengine/test_aclprovider_mask_filter.json b/agents-common/src/test/resources/policyengine/test_aclprovider_mask_filter.json index f6ebaf5..6ff4886 100644 --- a/agents-common/src/test/resources/policyengine/test_aclprovider_mask_filter.json +++ b/agents-common/src/test/resources/policyengine/test_aclprovider_mask_filter.json @@ -91,7 +91,7 @@ } }, "policies": [ - {"id":101,"name":"db=employee, table=personal, column=ssn: mask","isEnabled":true,"isAuditEnabled":true,"policyType":1, + {"id":101,"name":"01: db=employee, table=personal, column=ssn: mask","isEnabled":true,"isAuditEnabled":true,"policyType":1, "resources":{"database":{"values":["employee"]},"table":{"values":["personal"]},"column":{"values":["ssn"]}}, "dataMaskPolicyItems":[ {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false, @@ -102,6 +102,17 @@ } ] }, + {"id":1011,"name":"02: db=employee, table=personal, column=ssn,dummy: mask","isEnabled":true,"isAuditEnabled":true,"policyType":1, + "resources":{"database":{"values":["employee"]},"table":{"values":["personal"]},"column":{"values":["ssn", "dummy"]}}, + "dataMaskPolicyItems":[ + {"accesses":[{"type":"select","isAllowed":true}],"users":["user1"],"groups":[],"delegateAdmin":false, + "dataMaskInfo": {"dataMaskType":"HASH"} + }, + {"accesses":[{"type":"select","isAllowed":true}],"users":["user2"],"groups":[],"delegateAdmin":false, + "dataMaskInfo": {"dataMaskType":"MASK"} + } + ] + }, {"id":102,"name":"db=hr, table=employee, column=date_of_birth: mask","isEnabled":true,"isAuditEnabled":true,"policyType":1, "resources":{"database":{"values":["hr"]},"table":{"values":["employee"]},"column":{"values":["date_of_birth"]}}, "dataMaskPolicyItems":[ @@ -189,6 +200,11 @@ { "itemId": 8, "name": "hive:all", "label": "hive:all", "impliedGrants": [ "hive:select", "hive:update", "hive:create", "hive:drop", "hive:alter", "hive:index", "hive:lock" ] } ], + "dataMaskDef": { + "resources":[ + {"name":"tag"} + ] + }, "contextEnrichers": [ { "itemId": 1, "name": "TagEnricher", "enricher": "org.apache.ranger.plugin.contextenricher.RangerTagEnricher", @@ -267,7 +283,9 @@ "resource":{"elements":{"database":"employee", "table":"personal", "column":"ssn"}}, "dataMasks": [ {"users":["user1"], "groups":[], "roles":[], "accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}}, - {"users":["user2"], "groups":[], "roles":[], "accessTypes":["select"], "maskInfo":{"dataMaskType":"SHUFFLE"}} + {"users":["user2"], "groups":[], "roles":[], "accessTypes":["select"], "maskInfo":{"dataMaskType":"SHUFFLE"}}, + {"users":["user1"], "groups":[], "roles":[], "accessTypes":["select"], "maskInfo":{"dataMaskType":"HASH"}}, + {"users":["user2"], "groups":[], "roles":[], "accessTypes":["select"], "maskInfo":{"dataMaskType":"MASK"}} ] }, {"name":"mask: hr.employee.date_of_birth",