[submarine] branch master updated: SUBMARINE-433. Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering

[li...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

liuxun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git


The following commit(s) were added to refs/heads/master by this push:
     new fd9b577  SUBMARINE-433. Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
fd9b577 is described below

commit fd9b577ee1036b104e743babbafef232b293d0ba
Author: Kent Yao <ya...@hotmail.com>
AuthorDate: Tue Mar 17 15:43:56 2020 +0800

    SUBMARINE-433. Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
    
    ### What is this PR for?
    
    Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
    Then one is only enabled with security features with authorization and conf restricting
    the other is fully applied data masking and row filtering too.
    
    ### What type of PR is it?
    Improvement
    ### Todos
    * [ ] - Task
    
    ### What is the Jira issue?
    * Open an issue on Jira https://issues.apache.org/jira/browse/SUBMARINE-433
    * Put link here, and add [SUBMARINE-*Jira number*] in PR title, eg. [SUBMARINE-23]
    
    ### How should this be tested?
    * First time? Setup Travis CI as described on https://submarine.apache.org/contribution/contributions.html#continuous-integration
    * Strongly recommended: add automated unit tests for any new or changed behavior
    * Outline any manual steps to test the PR here.
    
    pass current travis
    
    ### Screenshots (if appropriate)
    
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? No
    * Does this needs documentation? No
    
    Author: Kent Yao <ya...@hotmail.com>
    
    Closes #231 from yaooqinn/SUBMARINE-433 and squashes the following commits:
    
    e511a59 [Kent Yao] SUBMARINE-433. Expose Spark Security API with Authz w/ w/o DataMasking and Row Filtering
---
 .../RangerSparkAuthzExtension.scala}                | 21 ++++++++++++++-------
 .../{ => api}/RangerSparkSQLExtension.scala         | 15 ++++++++++++++-
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
similarity index 68%
copy from submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
copy to submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
index 1dc1ad0..42b4b7e 100644
--- a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
+++ b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkAuthzExtension.scala
@@ -17,18 +17,25 @@
  * under the License.
  */
 
-package org.apache.submarine.spark.security
+package org.apache.submarine.spark.security.api
 
 import org.apache.spark.sql.SparkSessionExtensions
-import org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension, SubmarineDataMaskingExtension, SubmarineRowFilterExtension, SubmarineSparkRangerAuthorizationExtension}
-import org.apache.spark.sql.execution.SubmarineSparkPlanOmitStrategy
+import org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension, SubmarineSparkRangerAuthorizationExtension}
+import org.apache.submarine.spark.security.Extensions
 
-class RangerSparkSQLExtension extends Extensions {
+/**
+ * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
+ * <ul>
+ *   <li>Table/Column level authorization</li>
+ * <ul>
+ *
+ * To work with Spark SQL, we need to enable it via spark extensions
+ *
+ * spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkAuthzExtension
+ */
+class RangerSparkAuthzExtension extends Extensions {
   override def apply(ext: SparkSessionExtensions): Unit = {
     ext.injectCheckRule(SubmarineConfigurationCheckExtension)
     ext.injectOptimizerRule(SubmarineSparkRangerAuthorizationExtension)
-    ext.injectOptimizerRule(SubmarineRowFilterExtension)
-    ext.injectOptimizerRule(SubmarineDataMaskingExtension)
-    ext.injectPlannerStrategy(SubmarineSparkPlanOmitStrategy)
   }
 }
diff --git a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
similarity index 76%
rename from submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
rename to submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
index 1dc1ad0..25cd7d9 100644
--- a/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/RangerSparkSQLExtension.scala
+++ b/submarine-security/spark-security/src/main/scala/org/apache/submarine/spark/security/api/RangerSparkSQLExtension.scala
@@ -17,12 +17,25 @@
  * under the License.
  */
 
-package org.apache.submarine.spark.security
+package org.apache.submarine.spark.security.api
 
 import org.apache.spark.sql.SparkSessionExtensions
 import org.apache.spark.sql.catalyst.optimizer.{SubmarineConfigurationCheckExtension, SubmarineDataMaskingExtension, SubmarineRowFilterExtension, SubmarineSparkRangerAuthorizationExtension}
 import org.apache.spark.sql.execution.SubmarineSparkPlanOmitStrategy
+import org.apache.submarine.spark.security.Extensions
 
+/**
+ * ACL Management for Apache Spark SQL with Apache Ranger, enabling:
+ * <ul>
+ *   <li>Table/Column level authorization</li>
+ *   <li>Row level filtering</li>
+ *   <li>Data masking</li>
+ * <ul>
+ *
+ * To work with Spark SQL, we need to enable it via spark extensions
+ *
+ * spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkSQLExtension
+ */
 class RangerSparkSQLExtension extends Extensions {
   override def apply(ext: SparkSessionExtensions): Unit = {
     ext.injectCheckRule(SubmarineConfigurationCheckExtension)


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@submarine.apache.org
For additional commands, e-mail: dev-help@submarine.apache.org