You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@submarine.apache.org by li...@apache.org on 2020/03/17 08:45:11 UTC
[submarine] branch master updated: SUBMARINE-433. Expose Spark
Security API with Authz w/ w/o DataMasking and Row Filtering
This is an automated email from the ASF dual-hosted git repository.
liuxun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git
The following commit(s) were added to refs/heads/master by this push:
new fd9b577 SUBMARINE-433. Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
fd9b577 is described below
commit fd9b577ee1036b104e743babbafef232b293d0ba
Author: Kent Yao <ya...@hotmail.com>
AuthorDate: Tue Mar 17 15:43:56 2020 +0800
SUBMARINE-433. Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
### What is this PR for?
Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
Then one is only enabled with security features with authorization and conf restricting
the other is fully applied data masking and row filtering too.
### What type of PR is it?
Improvement
### Todos
* [ ] - Task
### What is the Jira issue?
* Open an issue on Jira https://issues.apache.org/jira/browse/SUBMARINE-433
* Put link here, and add [SUBMARINE-*Jira number*] in PR title, eg. [SUBMARINE-23]
### How should this be tested?
* First time? Setup Travis CI as described on https://submarine.apache.org/contribution/contributions.html#continuous-integration
* Strongly recommended: add automated unit tests for any new or changed behavior
* Outline any manual steps to test the PR here.
pass current travis
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Kent Yao <ya...@hotmail.com>
Closes #231 from yaooqinn/SUBMARINE-433 and squashes the following commits:
e511a59 [Kent Yao] SUBMARINE-433. Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
---
.../RangerSparkAuthzExtension.scala} | 21 ++++++++++++++-------
.../{ => api}/RangerSparkSQLExtension.scala | 15 ++++++++++++++-
2 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
similarity index 68%
copy from submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
copy to submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
index 1dc1ad0..42b4b7e 100644
--- a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
+++ b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
@@ -17,18 +17,25 @@
* under the License.
*/
-package org.apache.submarine.spark.security
+package org.apache.submarine.spark.security.api
import org.apache.spark.sql.SparkSessionExtensions
-import org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension, SubmarineDataMaskingExtension, SubmarineRowFilterExtension, SubmarineSparkRangerAuthorizationExtension}
-import org.apache.spark.sql.execution.SubmarineSparkPlanOmitStrategy
+import org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension, SubmarineSparkRangerAuthorizationExtension}
+import org.apache.submarine.spark.security.Extensions
-class RangerSparkSQLExtension extends Extensions {
+/**
+ * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
+ * <ul>
+ * <li>Table/Column level authorization</li>
+ * <ul>
+ *
+ * To work with Spark SQL, we need to enable it via spark extensions
+ *
+ * spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkAuthzExtension
+ */
+class RangerSparkAuthzExtension extends Extensions {
override def apply(ext: SparkSessionExtensions): Unit = {
ext.injectCheckRule(SubmarineConfigurationCheckExtension)
ext.injectOptimizerRule(SubmarineSparkRangerAuthorizationExtension)
- ext.injectOptimizerRule(SubmarineRowFilterExtension)
- ext.injectOptimizerRule(SubmarineDataMaskingExtension)
- ext.injectPlannerStrategy(SubmarineSparkPlanOmitStrategy)
}
}
diff --git a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
similarity index 76%
rename from submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
rename to submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
index 1dc1ad0..25cd7d9 100644
--- a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
+++ b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
@@ -17,12 +17,25 @@
* under the License.
*/
-package org.apache.submarine.spark.security
+package org.apache.submarine.spark.security.api
import org.apache.spark.sql.SparkSessionExtensions
import org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension, SubmarineDataMaskingExtension, SubmarineRowFilterExtension, SubmarineSparkRangerAuthorizationExtension}
import org.apache.spark.sql.execution.SubmarineSparkPlanOmitStrategy
+import org.apache.submarine.spark.security.Extensions
+/**
+ * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
+ * <ul>
+ * <li>Table/Column level authorization</li>
+ * <li>Row level filtering</li>
+ * <li>Data masking</li>
+ * <ul>
+ *
+ * To work with Spark SQL, we need to enable it via spark extensions
+ *
+ * spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkSQLExtension
+ */
class RangerSparkSQLExtension extends Extensions {
override def apply(ext: SparkSessionExtensions): Unit = {
ext.injectCheckRule(SubmarineConfigurationCheckExtension)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org