----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74057/ -----------------------------------------------------------
(Updated Aug. 11, 2022, 6:06 p.m.) Review request for ranger and Madhan Neethiraj. Repository: ranger Description ------- It would be nice to be able to do fine-grained access control (FGA) over nested structures, e.g., the JSON responses of API calls. This requires the individual attributes in a JSON object to be first-class metadata objects which can be tagged and on which policies can be written. We have built a plugin and the corresponding Apache Atlas metadata structures and tagsync-mapper to support TBAC/RBAC/ABAC FGA over JSON structures. Our instigating use case was FGA over the JSON responses of API calls, but this plugin has potential value anywhere FGA over the individual attributes of nested structures is needed, eg JSON messages read from Kafka topics. Diffs (updated) ----- agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java db629c85d agents-common/src/main/resources/service-defs/ranger-servicedef-nestedstructure.json PRE-CREATION dev-support/ranger-pmd-ruleset.xml 88d77f236 plugin-nestedstructure/.gitignore PRE-CREATION plugin-nestedstructure/LICENSE PRE-CREATION plugin-nestedstructure/NOTICE PRE-CREATION plugin-nestedstructure/README.md PRE-CREATION plugin-nestedstructure/conf/log4j.properties PRE-CREATION plugin-nestedstructure/conf/ranger-nestedstructure-audit.xml PRE-CREATION plugin-nestedstructure/conf/ranger-nestedstructure-policymgr-ssl.xml PRE-CREATION plugin-nestedstructure/conf/ranger-nestedstructure-security.xml PRE-CREATION plugin-nestedstructure/pom.xml PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/AccessResult.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/DataMasker.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/FieldLevelAccess.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/JsonManipulator.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/MaskTypes.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/MaskingException.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureAccessType.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureAuditHandler.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureAuthorizer.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureResource.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/NestedStructureService.java PRE-CREATION plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/RecordFilterJavaScript.java PRE-CREATION plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/ExampleClient.java PRE-CREATION plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestDataMasker.java PRE-CREATION plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestJsonManipulator.java PRE-CREATION plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestNestedStructureAuthorizer.java PRE-CREATION plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java PRE-CREATION plugin-nestedstructure/src/test/resources/servicedef-nestedstructure.json PRE-CREATION plugin-nestedstructure/src/test/resources/test_customer_records.json PRE-CREATION pom.xml 0945f4b1d tagsync/src/main/java/org/apache/ranger/tagsync/nestedstructureplugin/AtlasNestedStructureResourceMapper.java PRE-CREATION tagsync/src/test/java/org/apache/ranger/tagsync/nestedstructureplugin/ResourceTests.java PRE-CREATION Diff: https://reviews.apache.org/r/74057/diff/4/ Changes: https://reviews.apache.org/r/74057/diff/3-4/ Testing ------- File Attachments ---------------- 0001-patch-with-edits-based-on-OS-review.patch https://reviews.apache.org/media/uploaded/files/2022/07/26/9d048baa-1968-4201-b213-1b807ed02587__0001-patch-with-edits-based-on-OS-review.patch original patch https://reviews.apache.org/media/uploaded/files/2022/07/27/5d6d9df2-b661-4d03-bba3-3f08cb26c32e__3809-plugin-nestedstructure-RANGER-3828-with-tagsync-Atla.patch RANGER-3828-3.patch https://reviews.apache.org/media/uploaded/files/2022/07/28/6367376f-0582-450c-a1e5-e61d982b5ff2__RANGER-3828-3.patch RANGER-3828-4.patch https://reviews.apache.org/media/uploaded/files/2022/08/11/f4f107af-b79e-4c9e-a406-24881e4107ca__RANGER-3828-4.patch Thanks, Barbara Eckman