TEIID-2327 initial commit of column masking

admin/src/main/java/org/teiid/adminapi/AdminPlugin.java

@@ -77,6 +77,7 @@ public static enum Event implements BundleUtil.Event {
 		TEIID70049,
 		TEIID70050,	
 		TEIID70051,
-		TEIID70052
+		TEIID70052, 
+		TEIID70053
 	}
 }

admin/src/main/java/org/teiid/adminapi/DataPolicy.java

@@ -130,5 +130,16 @@ interface DataPermission {
 		 * The condition string
 		 */
 		String getCondition();
+
+		/**
+		 * The column mask string
+		 */
+		String getMask();
+
+		/**
+		 * The column mask order
+		 */
+		int getOrder();
+
 	}
 }

admin/src/main/java/org/teiid/adminapi/impl/DataPolicyMetadata.java

@@ -22,14 +22,17 @@
 package org.teiid.adminapi.impl;
 
 import java.io.Serializable;
+import java.lang.ref.SoftReference;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.TreeMap;
 import java.util.concurrent.CopyOnWriteArrayList;
 
+import org.teiid.adminapi.AdminPlugin;
 import org.teiid.adminapi.DataPolicy;
+import org.teiid.core.TeiidRuntimeException;
 
 
 public class DataPolicyMetadata implements DataPolicy, Serializable {
@@ -104,6 +107,13 @@ private void addPermissionMetadata(PermissionMetaData permission) {
 					permission.setCondition("(" + permission.getCondition() + ") OR (" + previous.getCondition() + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
 				}
 			}
+			if (previous.getMask() != null) {
+				if (permission.getMask() != null) {
+					throw new TeiidRuntimeException(AdminPlugin.Event.TEIID70053, AdminPlugin.Util.gs(AdminPlugin.Event.TEIID70053, this.getName(), permission.getResourceName()));
+				}
+				permission.setMask(previous.getMask());
+				permission.setOrder(previous.getOrder());
+			}
 		}
 	}
 
@@ -144,6 +154,10 @@ public static class PermissionMetaData implements DataPermission, Serializable {
         // XML based fields
         private String resourceName;
         private String condition;
+        private volatile SoftReference<Object> resolvedCondition;
+        private String mask;
+        private volatile SoftReference<Object> resolvedMask;
+        private int order;
         protected byte bits;
         protected byte bitsSet;
 
@@ -239,6 +253,12 @@ public String getType() {
         	if (Boolean.TRUE.equals(getAllowLanguage())) {
         		sb.append("L");//$NON-NLS-1$
         	}
+        	if (condition != null) {
+        		sb.append(" condition ").append(condition); //$NON-NLS-1$
+        	}
+        	if (mask != null) {
+        		sb.append(" mask ").append(mask); //$NON-NLS-1$
+        	}
         	return sb.toString();
         }
 
@@ -308,6 +328,46 @@ public String getCondition() {
 		public void setCondition(String filter) {
 			this.condition = filter;
 		}
+
+		@Override
+		public String getMask() {
+			return mask;
+		}
+
+		public void setMask(String mask) {
+			this.mask = mask;
+		}
+
+		@Override
+		public int getOrder() {
+			return order;
+		}
+
+		public void setOrder(int order) {
+			this.order = order;
+		}
+
+		public Object getResolvedCondition() {
+			if (resolvedCondition != null) {
+				return resolvedCondition.get();
+			}
+			return null;
+		}
+
+		public void setResolvedCondition(Object resolvedCondition) {
+			this.resolvedCondition = new SoftReference<Object>(resolvedCondition);
+		}
+
+		public Object getResolvedMask() {
+			if (resolvedMask != null) {
+				return resolvedMask.get();
+			}
+			return null;
+		}
+
+		public void setResolvedMask(Object resolvedMask) {
+			this.resolvedMask = new SoftReference<Object>(resolvedMask);
+		}
 	}
 
     public Boolean isAllowCreateTemporaryTables() {

admin/src/main/java/org/teiid/adminapi/impl/VDBMetadataMapper.java

@@ -1005,6 +1005,8 @@ public static class PermissionMetaDataMapper implements MetadataMapper<Permissio
 		private static final String ALLOW_ALTER = "allow-alter"; //$NON-NLS-1$
 		private static final String ALLOW_LANGUAGE = "allow-language"; //$NON-NLS-1$
 		private static final String CONDITION = "condition"; //$NON-NLS-1$
+		private static final String MASK = "mask"; //$NON-NLS-1$
+		private static final String ORDER = "order"; //$NON-NLS-1$
 
 		public static PermissionMetaDataMapper INSTANCE = new PermissionMetaDataMapper();
 
@@ -1039,6 +1041,12 @@ public ModelNode wrap(PermissionMetaData permission, ModelNode node) {
 			if(permission.getCondition() != null) {
 				node.get(CONDITION).set(permission.getCondition());
 			}
+			if(permission.getMask() != null) {
+				node.get(MASK).set(permission.getMask());
+			}
+			if(permission.getOrder() != 0) {
+				node.get(ORDER).set(permission.getOrder());
+			}
 			return node;
 		}
 
@@ -1076,6 +1084,12 @@ public PermissionMetaData unwrap(ModelNode node) {
 			if (node.has(CONDITION)) {
 				permission.setCondition(node.get(CONDITION).asString());
 			}
+			if (node.has(MASK)) {
+				permission.setMask(node.get(MASK).asString());
+			}
+			if (node.has(ORDER)) {
+				permission.setOrder(node.get(ORDER).asInt());
+			}
 			return permission;
 		}
 		public ModelNode describe(ModelNode node) {

admin/src/main/java/org/teiid/adminapi/impl/VDBMetadataParser.java

@@ -230,6 +230,12 @@ private static void parsePermission(XMLStreamReader reader, PermissionMetaData p
 			case CONDITION:
 				permission.setCondition(reader.getElementText());
 				break;
+			case MASK:
+				if (reader.getAttributeCount() > 0) {
+					permission.setOrder(Integer.valueOf(reader.getAttributeValue(0)));
+				}
+				permission.setMask(reader.getElementText());
+				break;
              default: 
             	 throw new XMLStreamException(AdminPlugin.Util.gs("unexpected_element7",reader.getName(), 
             			 Element.RESOURCE_NAME.getLocalName(),
@@ -238,7 +244,7 @@ private static void parsePermission(XMLStreamReader reader, PermissionMetaData p
             			 Element.ALLOW_DELETE.getLocalName(),
             			 Element.ALLOW_EXECUTE.getLocalName(),
             			 Element.ALLOW_READ.getLocalName(),
-            			 Element.ALLOW_UPADTE.getLocalName(), Element.ALLOW_LANGUAGE.getLocalName(), Element.CONDITION.getLocalName()), reader.getLocation()); 
+            			 Element.ALLOW_UPADTE.getLocalName(), Element.ALLOW_LANGUAGE.getLocalName(), Element.CONDITION.getLocalName(), Element.MASK.getLocalName()), reader.getLocation()); 
             }
         }		
 	}	
@@ -380,6 +386,8 @@ enum Element {
 	    ALLOW_ALTER("allow-alter"),
 	    ALLOW_LANGUAGE("allow-language"),
 	    CONDITION("condition"),
+	    MASK("mask"),
+	    ORDER("order"),
 	    MAPPED_ROLE_NAME("mapped-role-name"),
 	    ENTRY("entry"),
 	    METADATA("metadata");
@@ -511,6 +519,13 @@ private static void writeDataPolicy(XMLStreamWriter writer, DataPolicy dp)  thro
 			if (permission.getCondition() != null) {
 				writeElement(writer, Element.CONDITION, permission.getCondition());
 			}
+			if (permission.getMask() != null) {
+				if (permission.getOrder() != 0) {
+					writeElement(writer, Element.MASK, permission.getMask(), new String[] {Element.ORDER.getLocalName(), String.valueOf(permission.getOrder())});
+				} else {
+					writeElement(writer, Element.MASK, permission.getMask());
+				}
+			}
 			writer.writeEndElement();			
 		}
 
@@ -594,8 +609,11 @@ private static void writeAttribute(XMLStreamWriter writer,
 		}
 	}
 
-	private static void writeElement(final XMLStreamWriter writer, final Element element, String value) throws XMLStreamException {
+	private static void writeElement(final XMLStreamWriter writer, final Element element, String value, String[] ... attributes) throws XMLStreamException {
         writer.writeStartElement(element.getLocalName());
+        for (String[] attribute : attributes) {
+        	writeAttribute(writer, attribute[0], attribute[1]);
+        }
         writer.writeCharacters(value);
         writer.writeEndElement();
     }     

admin/src/main/resources/org/teiid/adminapi/i18n.properties

@@ -94,4 +94,6 @@ unexpected_element3=Unexpected Element {0} encountered, expecting one of {1} {2}
 unexpected_element4=Unexpected Element {0} encountered, expecting one of {1} {2} {3} {4} 
 unexpected_element5=Unexpected Element {0} encountered, expecting one of {1} {2} {3} {4} {5} 
 unexpected_element6=Unexpected Element {0} encountered, expecting one of {1} {2} {3} {4} {5} {6} 
-unexpected_element7=Unexpected Element {0} encountered, expecting one of {1} {2} {3} {4} {5} {6} {7}
+unexpected_element7=Unexpected Element {0} encountered, expecting one of {1} {2} {3} {4} {5} {6} {7}
+
+TEIID70053=Conflicting mask definition for resource {1} in role {0}.

admin/src/test/java/org/teiid/adminapi/impl/TestVDBMetaData.java

@@ -117,7 +117,7 @@ static void validateVDB(VDBMetaData vdb) {
 		assertTrue(role.getMappedRoleNames().contains("ROLE2")); //$NON-NLS-1$
 
 		List<DataPolicy.DataPermission> permissions = role.getPermissions();
-		assertEquals(3, permissions.size());
+		assertEquals(4, permissions.size());
 
 		boolean lang = false;
 		for (DataPolicy.DataPermission p: permissions) {
@@ -130,12 +130,16 @@ static void validateVDB(VDBMetaData vdb) {
 			if (p.getResourceName().equalsIgnoreCase("myTable.T1")) { //$NON-NLS-1$
 				assertTrue(p.getAllowRead());
 				assertNull(p.getAllowDelete());
+				continue;
 			}
-			else {
-				assertFalse(p.getAllowRead());
-				assertTrue(p.getAllowDelete());
-				assertEquals("col1 = user()", p.getCondition());
+			if (p.getResourceName().equalsIgnoreCase("myTable.T2.col1")) { //$NON-NLS-1$
+				assertEquals("col2", p.getMask());
+				assertEquals(1, p.getOrder());
+				continue;
 			}
+			assertFalse(p.getAllowRead());
+			assertTrue(p.getAllowDelete());
+			assertEquals("col1 = user()", p.getCondition());
 		}
 		assertTrue(lang);
 	}
@@ -206,6 +210,12 @@ static VDBMetaData buildVDB() {
 		perm3.setAllowLanguage(true);
 		roleOne.addPermission(perm3);
 
+		PermissionMetaData perm4 = new PermissionMetaData();
+		perm4.setResourceName("myTable.T2.col1"); //$NON-NLS-1$
+		perm4.setMask("col2");
+		perm4.setOrder(1);
+		roleOne.addPermission(perm4);
+
 		roleOne.setMappedRoleNames(Arrays.asList("ROLE1", "ROLE2")); //$NON-NLS-1$ //$NON-NLS-2$
 
 		vdb.addDataPolicy(roleOne);

admin/src/test/resources/parser-test-vdb.xml

@@ -34,6 +34,10 @@
             <allow-alter>true</allow-alter>
             <condition>col1 = user()</condition>
         </permission>
+        <permission>
+            <resource-name>myTable.T2.col1</resource-name>
+            <mask order="1">col2</mask>
+        </permission>
         <permission>
             <resource-name>javascript</resource-name>
             <allow-language>true</allow-language>

api/src/main/java/org/teiid/translator/ExecutionFactory.java

@@ -566,7 +566,7 @@ public NullOrder getDefaultNullOrder() {
     }
 
 	/**
-	 * Returns whether the database supports explicit join ordering.
+	 * Returns whether the database supports explicit null ordering.
 	 * @since 7.1
 	 * @return true if nulls first/last can be specified
 	 */

client/src/main/resources/vdb-deployer.xsd

@@ -127,6 +127,15 @@
 									             <xs:element name="allow-execute" type="xs:boolean" minOccurs="0"/>
 									             <xs:element name="allow-alter" type="xs:boolean" minOccurs="0"/>	
 									             <xs:element name="condition" type="xs:string" minOccurs="0"/>
+									             <xs:element name="mask" minOccurs="0">
+									             	<xs:complexType>
+									             		<xs:simpleContent>
+      														<xs:extension base="xs:string">
+        														<xs:attribute name="order" type="xs:string"/>
+        													</xs:extension>
+    													</xs:simpleContent>
+    												</xs:complexType>
+									             </xs:element>
 											</xs:sequence>
 											<xs:element name="allow-language" type="xs:boolean" minOccurs="0"/>
 							             </xs:choice>

engine/src/main/java/org/teiid/query/QueryPlugin.java

@@ -551,5 +551,6 @@ public static enum Event implements BundleUtil.Event{
     	TEIID31136, 
     	TEIID31137, 
     	TEIID31138,
+    	TEIID31139,
 	}
 }