RANGER-4650: Hive plugin should make column-type available in masking…

… expression
apache · Apr 25, 2024 · ccb31a7 · ccb31a7
1 parent f3637ac
commit ccb31a7
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/...t/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/...t/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -43,6 +43,7 @@
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.metastore.IMetaStoreClient;
 import org.apache.hadoop.hive.metastore.api.Database;
+import org.apache.hadoop.hive.metastore.api.FieldSchema;
 import org.apache.hadoop.hive.metastore.api.HiveObjectRef;
 import org.apache.hadoop.hive.metastore.api.Table;
 import org.apache.hadoop.hive.ql.parse.SemanticException;
@@ -1440,6 +1441,18 @@ private boolean addCellValueTransformerAndCheckIfTransformed(HiveAuthzContext co
 					columnTransformer = transformer.replace("{col}", columnName);
 				}
 
+				if (columnTransformer.contains("{colType}")) {
+					String colType = getColumnType(tableOrView, columnName, metaStoreClient);
+
+					if (StringUtils.isBlank(colType)) {
+						LOG.warn("addCellValueTransformerAndCheckIfTransformed(" + databaseName + ", " + tableOrViewName + ", " + columnName + "): failed to find column datatype");
+
+						colType = "string";
+					}
+
+					columnTransformer = columnTransformer.replace("{colType}", colType);
+				}
+
 				/*
 				String maskCondition = result.getMaskCondition();
 
@@ -3201,6 +3214,39 @@ static void setOwnerUser(RangerHiveResource resource, HivePrivilegeObject hiveOb
 		}
 	}
 
+	private static String getColumnType(HivePrivilegeObject hiveObj, String colName, IMetaStoreClient metaStoreClient) {
+		String ret = null;
+
+		if (hiveObj != null && metaStoreClient != null) {
+			try {
+				switch (hiveObj.getType()) {
+					case TABLE_OR_VIEW:
+					case COLUMN:
+						Table             table = metaStoreClient.getTable(hiveObj.getDbname(), hiveObj.getObjectName());
+						List<FieldSchema> cols  = table != null && table.getSd() != null ? table.getSd().getCols() : null;
+
+						if (CollectionUtils.isNotEmpty(cols)) {
+							for (FieldSchema col : cols) {
+								if (StringUtils.equalsIgnoreCase(col.getName(), colName)) {
+									ret = col.getType();
+									break;
+								}
+							}
+						}
+						break;
+				}
+			} catch (Exception excp) {
+				LOG.error("failed to get column type from Hive metastore. dbName=" + hiveObj.getDbname() + ", tblName=" + hiveObj.getObjectName() + ", colName=" + colName, excp);
+			}
+		}
+
+		if (LOG.isDebugEnabled()) {
+			LOG.debug("getColumnType(" + hiveObj + ", " + colName + "): columnType=" + ret);
+		}
+
+		return ret;
+	}
+
 	private IMetaStoreClient getMetaStoreClient() {
 		IMetaStoreClient ret = null;