diff --git a/agents-audit/core/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java b/agents-audit/core/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java index 35ebd075e7..9839fde3ca 100644 --- a/agents-audit/core/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java +++ b/agents-audit/core/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java @@ -116,6 +116,9 @@ public class AuthzAuditEvent extends AuditEventBase { @JsonProperty("projects") protected Set projects; + @JsonProperty("datasetIds") + protected Set datasetIds; + @JsonProperty("additional_info") protected String additionalInfo; @@ -469,6 +472,14 @@ public void setProjects(Set projects) { this.projects = projects; } + public Set getDatasetIds() { + return datasetIds; + } + + public void setDatasetIds(Set datasetIds) { + this.datasetIds = datasetIds; + } + public String getClusterName() { return clusterName; } diff --git a/agents-audit/dest-solr/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/dest-solr/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java index 17e57571a1..cfe1a45ac1 100644 --- a/agents-audit/dest-solr/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java +++ b/agents-audit/dest-solr/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java @@ -316,6 +316,7 @@ SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) { doc.setField("tags", auditEvent.getTags()); doc.addField("datasets", auditEvent.getDatasets()); doc.addField("projects", auditEvent.getProjects()); + doc.addField("datasetIds", auditEvent.getDatasetIds()); doc.setField("cluster", auditEvent.getClusterName()); doc.setField("zoneName", auditEvent.getZoneName()); doc.setField("agentHost", auditEvent.getAgentHostname()); diff --git a/agents-audit/dest-solr/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java b/agents-audit/dest-solr/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java index ef0e210b85..e8472650a6 100644 --- a/agents-audit/dest-solr/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java +++ b/agents-audit/dest-solr/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java @@ -295,6 +295,7 @@ SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) { doc.addField("tags", auditEvent.getTags()); doc.addField("datasets", auditEvent.getDatasets()); doc.addField("projects", auditEvent.getProjects()); + doc.addField("datasetIds", auditEvent.getDatasetIds()); doc.addField("cluster", auditEvent.getClusterName()); doc.addField("zone", auditEvent.getZoneName()); doc.addField("agentHost", auditEvent.getAgentHostname()); diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java index 04f9d95f04..90fda3d188 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java @@ -137,6 +137,7 @@ public AuthzAuditEvent getAuthzEvents(RangerAccessResult result) { ret.setDatasets(getDatasets(request)); ret.setProjects(getProjects(request)); + ret.setDatasetIds(getDatasetIds(request)); ret.setAdditionalInfo(getAdditionalInfo(request)); ret.setClusterName(request.getClusterName()); ret.setZoneName(result.getZoneName()); @@ -223,6 +224,12 @@ public final Set getProjects(RangerAccessRequest request) { return gdsResult != null ? gdsResult.getProjects() : null; } + public final Set getDatasetIds(RangerAccessRequest request) { + GdsAccessResult gdsResult = RangerAccessRequestUtil.getGdsResultFromContext(request.getContext()); + + return gdsResult != null ? gdsResult.getDatasetIds() : null; + } + public String getAdditionalInfo(RangerAccessRequest request) { if (StringUtils.isBlank(request.getRemoteIPAddress()) && CollectionUtils.isEmpty(request.getForwardedAddresses())) { return null; diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java index e2a07859e1..b739f721d2 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsAccessResult.java @@ -35,6 +35,7 @@ public class GdsAccessResult { private List rowFilters; private Set datasets; private Set projects; + private Set datasetIds; private Set allowedByDatasets; private Set allowedByProjects; @@ -113,6 +114,10 @@ public Set getProjects() { return projects; } + public Set getDatasetIds() { + return datasetIds; + } + public Set getAllowedByDatasets() { return allowedByDatasets; } @@ -137,6 +142,14 @@ public void addProject(String name) { projects.add(name); } + public void addDatasetId(Long id) { + if (datasetIds == null) { + datasetIds = new HashSet<>(); + } + + datasetIds.add(id); + } + public void addAllowedByDataset(String name) { if (allowedByDatasets == null) { allowedByDatasets = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); @@ -155,7 +168,7 @@ public void addAllowedByProject(String name) { @Override public int hashCode() { - return Objects.hash(isAllowed, isAudited, policyId, policyVersion, maskType, maskedValue, maskCondition, rowFilters, datasets, projects, allowedByDatasets, allowedByProjects); + return Objects.hash(isAllowed, isAudited, policyId, policyVersion, maskType, maskedValue, maskCondition, rowFilters, datasets, projects, datasetIds, allowedByDatasets, allowedByProjects); } @Override @@ -177,6 +190,7 @@ public boolean equals(Object obj) { Objects.equals(rowFilters, other.rowFilters) && Objects.equals(datasets, other.datasets) && Objects.equals(projects, other.projects) && + Objects.equals(datasetIds, other.datasetIds) && Objects.equals(allowedByDatasets, other.allowedByDatasets) && Objects.equals(allowedByProjects, other.allowedByProjects); } @@ -203,6 +217,7 @@ public StringBuilder toString(StringBuilder sb) { sb.append(", rowFilters={").append(rowFilters).append("}"); sb.append(", datasets={").append(datasets).append("}"); sb.append(", projects={").append(projects).append("}"); + sb.append(", datasetIds={").append(datasetIds).append("}"); sb.append(", allowedByDatasets={").append(allowedByDatasets).append("}"); sb.append(", allowedByProjects={").append(allowedByProjects).append("}"); sb.append("}"); diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java index 9bdff2ce96..789dd83abe 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsDatasetEvaluator.java @@ -111,6 +111,7 @@ public void evaluate(RangerAccessRequest request, GdsAccessResult result, Collec if (isActive()) { result.addDataset(getName()); + result.addDatasetId(getId()); if (!policyEvaluators.isEmpty()) { GdsDatasetAccessRequest datasetRequest = new GdsDatasetAccessRequest(getId(), gdsServiceDef, request); diff --git a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_access.json b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_access.json index 1f0ea2eb69..c10eb8196e 100644 --- a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_access.json +++ b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_access.json @@ -13,7 +13,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "column: sales.prospects.channel, user: ds-user, access: select", @@ -21,7 +21,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects", "column": "channel" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: sales.orders, user: ds-user, access: select", @@ -29,7 +29,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "database: sales, user: ds-user, access: _any", @@ -37,7 +37,7 @@ "resource": { "elements": { "database": "sales" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: finance.invoices, user: ds-user, access: select", @@ -45,7 +45,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: finance.invoices, user: ds1-user, access: select", @@ -53,7 +53,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds1-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: finance.invoices, user: ds2-user, access: select", @@ -61,7 +61,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds2-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } }, { "name": "table: finance.payments, user: ds-user, access: select", @@ -69,7 +69,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "database: finance, user: ds-user, access: _any", @@ -77,7 +77,7 @@ "resource": { "elements": { "database": "finance" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: shipping.shipments, user: ds-user, access: select", @@ -85,7 +85,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } }, { "name": "database: shipping, user: ds-user, access: _any", @@ -93,7 +93,7 @@ "resource": { "elements": { "database": "shipping" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } }, { "name": "table: customers.contact_info, user: ds-user, access: select", @@ -101,7 +101,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } }, { "name": "table: customers.contact_info, user: ds3-user, access: select", @@ -109,7 +109,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds3-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } }, { "name": "table: customers.contact_info, user: ds6-user, access: select", @@ -117,7 +117,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds6-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2006 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2006 } }, { "name": "database: customers, user: ds-user, access: _any", @@ -125,7 +125,7 @@ "resource": { "elements": { "database": "customers" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } }, { "name": "table: operations.facilities, user: ds-user, access: select", @@ -133,7 +133,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004 } }, { "name": "database: operations, user: ds-user, access: _any", @@ -141,7 +141,7 @@ "resource": { "elements": { "database": "operations" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004 } }, @@ -151,7 +151,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: sales.orders, user: proj-user, access: select", @@ -159,7 +159,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: finance.invoices, user: proj-user, access: select", @@ -167,7 +167,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: finance.payments, user: proj-user, access: select", @@ -175,7 +175,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: shipping.shipments, user: proj-user, access: select", @@ -183,7 +183,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: customers.contact_info, user: proj-user, access: select", @@ -191,7 +191,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-2", "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-2", "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } }, { "name": "table: customers.contact_info, user: proj2-user, access: select", @@ -199,7 +199,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj2-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } }, { "name": "table: customers.contact_info, user: proj4-user, access: select", @@ -207,7 +207,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj4-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3004 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3004 } }, { "name": "table: operations.facilities, user: proj-user, access: select", @@ -215,7 +215,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, @@ -225,7 +225,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: sales.orders, user: scott, access: select", @@ -233,7 +233,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: finance.invoices, user: scott, access: select", @@ -241,7 +241,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: finance.payments, user: scott, access: select", @@ -249,7 +249,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: shipping.shipments, user: scott, access: select", @@ -257,7 +257,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: customers.contact_info, user: scott, access: select", @@ -265,7 +265,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: operations.facilities, user: scott, access: select", @@ -273,7 +273,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, @@ -283,7 +283,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { diff --git a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_data_mask.json b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_data_mask.json index 40aea708e3..c172c0c147 100644 --- a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_data_mask.json +++ b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_data_mask.json @@ -13,7 +13,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "column: sales.prospects.channel, user: ds-user, access: select", @@ -21,7 +21,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects", "column": "channel" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "maskType": "MASK_NULL" } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "maskType": "MASK_NULL" } }, { "name": "table: sales.orders, user: ds-user, access: select", @@ -29,7 +29,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "column: sales.orders.amount, user: ds-user, access: select", @@ -37,7 +37,7 @@ "resource": { "elements": { "database": "sales", "table": "orders", "column": "amount" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "maskType": "CUSTOM", "maskedValue": "-1" } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "maskType": "CUSTOM", "maskedValue": "-1" } }, { "name": "database: sales, user: ds-user, access: _any", @@ -45,7 +45,7 @@ "resource": { "elements": { "database": "sales" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: finance.invoices, user: ds-user, access: select", @@ -53,7 +53,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "column: finance.invoices.amount, user: ds-user, access: select", @@ -61,7 +61,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices", "column": "amount" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "maskType": "CUSTOM", "maskedValue": "-1" } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "maskType": "CUSTOM", "maskedValue": "-1" } }, { "name": "table: finance.invoices, user: ds1-user, access: select", @@ -69,7 +69,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds1-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: finance.invoices, user: ds2-user, access: select", @@ -77,7 +77,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds2-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } }, { "name": "table: finance.payments, user: ds-user, access: select", @@ -85,7 +85,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "column: finance.payments.amount, user: ds-user, access: select", @@ -93,7 +93,7 @@ "resource": { "elements": { "database": "finance", "table": "payments", "column": "amount" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "maskType": "CUSTOM", "maskedValue": "-1" } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "maskType": "CUSTOM", "maskedValue": "-1" } }, { "name": "database: finance, user: ds-user, access: _any", @@ -101,7 +101,7 @@ "resource": { "elements": { "database": "finance" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001 } }, { "name": "table: shipping.shipments, user: ds-user, access: select", @@ -109,7 +109,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } }, { "name": "database: shipping, user: ds-user, access: _any", @@ -117,7 +117,7 @@ "resource": { "elements": { "database": "shipping" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002 } }, { "name": "table: customers.contact_info, user: ds-user, access: select", @@ -125,7 +125,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } }, { "name": "table: customers.contact_info, user: ds3-user, access: select", @@ -133,7 +133,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds3-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } }, { "name": "table: customers.contact_info, user: ds6-user, access: select", @@ -141,7 +141,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds6-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2006 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2006 } }, { "name": "database: customers, user: ds-user, access: _any", @@ -149,7 +149,7 @@ "resource": { "elements": { "database": "customers" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003 } }, { "name": "table: operations.facilities, user: ds-user, access: select", @@ -157,7 +157,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004 } }, { "name": "database: operations, user: ds-user, access: _any", @@ -165,7 +165,7 @@ "resource": { "elements": { "database": "operations" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004 } }, @@ -175,7 +175,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: sales.orders, user: proj-user, access: select", @@ -183,7 +183,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: finance.invoices, user: proj-user, access: select", @@ -191,7 +191,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: finance.payments, user: proj-user, access: select", @@ -199,7 +199,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: shipping.shipments, user: proj-user, access: select", @@ -207,7 +207,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001 } }, { "name": "table: customers.contact_info, user: proj-user, access: select", @@ -215,7 +215,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-2", "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-2", "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } }, { "name": "table: customers.contact_info, user: proj2-user, access: select", @@ -223,7 +223,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj2-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 3002 } }, { "name": "table: customers.contact_info, user: proj4-user, access: select", @@ -231,7 +231,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj4-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3004 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3004 } }, { "name": "table: operations.facilities, user: proj-user, access: select", @@ -239,7 +239,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, @@ -249,7 +249,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: sales.orders, user: scott, access: select", @@ -257,7 +257,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: finance.invoices, user: scott, access: select", @@ -265,7 +265,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: finance.payments, user: scott, access: select", @@ -273,7 +273,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: shipping.shipments, user: scott, access: select", @@ -281,7 +281,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: customers.contact_info, user: scott, access: select", @@ -289,7 +289,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: operations.facilities, user: scott, access: select", @@ -297,7 +297,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, @@ -307,7 +307,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { diff --git a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_row_filter.json b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_row_filter.json index 4dbc256e68..6e1b7e0608 100644 --- a/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_row_filter.json +++ b/agents-common/src/test/resources/policyengine/gds/test_gds_policy_hive_row_filter.json @@ -13,7 +13,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: sales.orders, user: ds-user, access: select", @@ -21,7 +21,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "database: sales, user: ds-user, access: _any", @@ -29,7 +29,7 @@ "resource": { "elements": { "database": "sales" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": null } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": null } }, { "name": "table: finance.invoices, user: ds-user, access: select", @@ -37,7 +37,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: finance.invoices, user: ds1-user, access: select", @@ -45,7 +45,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds1-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: finance.invoices, user: ds2-user, access: select", @@ -53,7 +53,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "ds2-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: finance.payments, user: ds-user, access: select", @@ -61,7 +61,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "database: finance, user: ds-user, access: _any", @@ -69,7 +69,7 @@ "resource": { "elements": { "database": "finance" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": null } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByDatasets": [ "dataset-1", "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2001, "rowFilters": null } }, { "name": "table: shipping.shipments, user: ds-user, access: select", @@ -77,7 +77,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "database: shipping, user: ds-user, access: _any", @@ -85,7 +85,7 @@ "resource": { "elements": { "database": "shipping" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002, "rowFilters": null } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByDatasets": [ "dataset-2" ], "isAllowed": true, "isAudited": true, "policyId": 2002, "rowFilters": null } }, { "name": "table: customers.contact_info, user: ds-user, access: select", @@ -93,7 +93,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'", "country = 'US'" ] } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'", "country = 'US'" ] } }, { "name": "table: customers.contact_info, user: ds3-user, access: select", @@ -101,7 +101,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds3-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3" ], "isAllowed": true, "isAudited": true, "policyId": 2003, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3" ], "isAllowed": true, "isAudited": true, "policyId": 2003, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: customers.contact_info, user: ds6-user, access: select", @@ -109,7 +109,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "ds6-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2006, "rowFilters": [ "country = 'US'" ] } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2006, "rowFilters": [ "country = 'US'" ] } }, { "name": "database: customers, user: ds-user, access: _any", @@ -117,7 +117,7 @@ "resource": { "elements": { "database": "customers" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003, "rowFilters": null } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003, "rowFilters": null } }, { @@ -126,7 +126,7 @@ "resource": { "elements": { "database": "customers", "table": "shipping_address" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-6" ], "projects": [ "project-4" ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": false, "isAudited": true, "policyId": 2006, "rowFilters": [ "country = 'US'" ] } + "result": { "datasets": [ "dataset-6" ], "projects": [ "project-4" ], "datasetIds": [ 6 ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": false, "isAudited": true, "policyId": 2006, "rowFilters": [ "country = 'US'" ] } }, { "name": "table: customers.shipping_address, user: ds3-user, access: select", @@ -134,7 +134,7 @@ "resource": { "elements": { "database": "customers", "table": "shipping_address" } }, "accessType": "select", "user": "ds3-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-6" ], "projects": [ "project-4" ], "allowedByDatasets": null, "isAllowed": false, "isAudited": true, "policyId": -1, "rowFilters": null } + "result": { "datasets": [ "dataset-6" ], "projects": [ "project-4" ], "datasetIds": [ 6 ], "allowedByDatasets": null, "isAllowed": false, "isAudited": true, "policyId": -1, "rowFilters": null } }, { "name": "table: customers.shipping_address, user: ds6-user, access: select", @@ -142,7 +142,7 @@ "resource": { "elements": { "database": "customers", "table": "shipping_address" } }, "accessType": "select", "user": "ds6-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-6" ], "projects": [ "project-4" ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": false, "isAudited": true, "policyId": 2006, "rowFilters": [ "country = 'US'" ] } + "result": { "datasets": [ "dataset-6" ], "projects": [ "project-4" ], "datasetIds": [ 6 ], "allowedByDatasets": [ "dataset-6" ], "isAllowed": false, "isAudited": true, "policyId": 2006, "rowFilters": [ "country = 'US'" ] } }, { "name": "database: customers, user: ds-user, access: _any", @@ -150,7 +150,7 @@ "resource": { "elements": { "database": "customers" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003, "rowFilters": null } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByDatasets": [ "dataset-3", "dataset-6" ], "isAllowed": true, "isAudited": true, "policyId": 2003, "rowFilters": null } }, @@ -160,7 +160,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004, "rowFilters": [ "country = 'US'" ] } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004, "rowFilters": [ "country = 'US'" ] } }, { "name": "database: operations, user: ds-user, access: _any", @@ -168,7 +168,7 @@ "resource": { "elements": { "database": "operations" } }, "accessType": "", "user": "ds-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004, "rowFilters": null } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "allowedByDatasets": [ "dataset-4" ], "isAllowed": true, "isAudited": true, "policyId": 2004, "rowFilters": null } }, @@ -178,7 +178,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: sales.orders, user: proj-user, access: select", @@ -186,7 +186,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: finance.invoices, user: proj-user, access: select", @@ -194,7 +194,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: finance.payments, user: proj-user, access: select", @@ -202,7 +202,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: shipping.shipments, user: proj-user, access: select", @@ -210,7 +210,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "allowedByProjects": [ "project-1" ], "isAllowed": true, "isAudited": true, "policyId": 3001, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: customers.contact_info, user: proj-user, access: select", @@ -218,7 +218,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-2", "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3002, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'", "country = 'US'" ] } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-2", "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3002, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'", "country = 'US'" ] } }, { "name": "table: customers.contact_info, user: proj2-user, access: select", @@ -226,7 +226,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj2-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 3002, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-2" ], "isAllowed": true, "isAudited": true, "policyId": 3002, "rowFilters": [ "created_time >= '2023-01-01' and created_time < '2024-01-01'" ] } }, { "name": "table: customers.contact_info, user: proj4-user, access: select", @@ -234,7 +234,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "proj4-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "allowedByProjects": [ "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3004, "rowFilters": [ "country = 'US'" ] } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "allowedByProjects": [ "project-4" ], "isAllowed": true, "isAudited": true, "policyId": 3004, "rowFilters": [ "country = 'US'" ] } }, { "name": "table: operations.facilities, user: proj-user, access: select", @@ -242,7 +242,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "proj-user", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, @@ -252,7 +252,7 @@ "resource": { "elements": { "database": "sales", "table": "prospects" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: sales.orders, user: scott, access: select", @@ -260,7 +260,7 @@ "resource": { "elements": { "database": "sales", "table": "orders" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1" ], "projects": [ "project-1" ], "datasetIds": [ 1 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: finance.invoices, user: scott, access: select", @@ -268,7 +268,7 @@ "resource": { "elements": { "database": "finance", "table": "invoices" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: finance.payments, user: scott, access: select", @@ -276,7 +276,7 @@ "resource": { "elements": { "database": "finance", "table": "payments" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-1", "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 1, 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: shipping.shipments, user: scott, access: select", @@ -284,7 +284,7 @@ "resource": { "elements": { "database": "shipping", "table": "shipments" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-2" ], "projects": [ "project-1" ], "datasetIds": [ 2 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: customers.contact_info, user: scott, access: select", @@ -292,7 +292,7 @@ "resource": { "elements": { "database": "customers", "table": "contact_info" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-3", "dataset-6" ], "projects": [ "project-2", "project-4" ], "datasetIds": [ 3, 6 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { "name": "table: operations.facilities, user: scott, access: select", @@ -300,7 +300,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, @@ -310,7 +310,7 @@ "resource": { "elements": { "database": "operations", "table": "facilities" } }, "accessType": "select", "user": "scott", "userGroups": [] }, - "result": { "datasets": [ "dataset-4" ], "projects": null, "isAllowed": false, "isAudited": true, "policyId": -1 } + "result": { "datasets": [ "dataset-4" ], "projects": null, "datasetIds": [ 4 ], "isAllowed": false, "isAudited": true, "policyId": -1 } }, { diff --git a/dev-support/ranger-docker/config/solr-ranger_audits/managed-schema b/dev-support/ranger-docker/config/solr-ranger_audits/managed-schema index df53a05dfb..eabb5f8fdb 100644 --- a/dev-support/ranger-docker/config/solr-ranger_audits/managed-schema +++ b/dev-support/ranger-docker/config/solr-ranger_audits/managed-schema @@ -94,4 +94,5 @@ + diff --git a/security-admin/contrib/elasticsearch_for_audit_setup/conf/ranger_es_schema.json b/security-admin/contrib/elasticsearch_for_audit_setup/conf/ranger_es_schema.json index d90e18b7db..001ec75ce3 100644 --- a/security-admin/contrib/elasticsearch_for_audit_setup/conf/ranger_es_schema.json +++ b/security-admin/contrib/elasticsearch_for_audit_setup/conf/ranger_es_schema.json @@ -117,6 +117,9 @@ "projects": { "type": "keyword" }, + "datasetIds": { + "type": "long" + }, "text": { "type": "text" }, diff --git a/security-admin/contrib/solr_for_audit_setup/conf/managed-schema b/security-admin/contrib/solr_for_audit_setup/conf/managed-schema index df53a05dfb..eabb5f8fdb 100644 --- a/security-admin/contrib/solr_for_audit_setup/conf/managed-schema +++ b/security-admin/contrib/solr_for_audit_setup/conf/managed-schema @@ -94,4 +94,5 @@ + diff --git a/security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchAccessAuditsService.java b/security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchAccessAuditsService.java index 41d7121dd7..663448c868 100644 --- a/security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchAccessAuditsService.java +++ b/security-admin/src/main/java/org/apache/ranger/amazon/cloudwatch/CloudWatchAccessAuditsService.java @@ -287,6 +287,11 @@ private VXAccessAudit populateViewBean(AuthzAuditEvent auditEvent) { accessAudit.setProjects(value.toString()); } + value = auditEvent.getDatasetIds(); + if (value != null) { + accessAudit.setDatasetIds(value.toString()); + } + return accessAudit; } } diff --git a/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchAccessAuditsService.java b/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchAccessAuditsService.java index 502e2388df..982c78bb02 100644 --- a/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchAccessAuditsService.java +++ b/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchAccessAuditsService.java @@ -333,6 +333,15 @@ private VXAccessAudit populateViewBean(GetResponse doc) { } } + value = source.get("datasetIds"); + if (value != null) { + try { + accessAudit.setDatasetIds(JsonUtilsV2.nonSerializableObjToJson(value)); + } catch (Exception e) { + LOGGER.warn("Failed to convert datasetIds to json", e); + } + } + return accessAudit; } } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index d3d0dde721..da12f21cf0 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@ -570,6 +570,7 @@ public VXAccessAuditList getAccessLogs(@Context HttpServletRequest request, @Que searchUtil.extractString(request, searchCriteria, "agentHost", "Agent Host Name", StringUtil.VALIDATION_TEXT); searchUtil.extractString(request, searchCriteria, "eventId", "Event Id", null); searchUtil.extractString(request, searchCriteria, "datasets", "DataSets", null); + searchUtil.extractLong(request, searchCriteria, "datasetId", "Dataset Id"); boolean isKeyAdmin = msBizUtil.isKeyAdmin(); boolean isAuditKeyAdmin = msBizUtil.isAuditKeyAdmin(); diff --git a/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java index f3d6fde874..3ad9b4a89e 100644 --- a/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java +++ b/security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java @@ -298,6 +298,15 @@ private VXAccessAudit populateViewBean(SolrDocument doc) { } } + value = doc.getFieldValue("datasetIds"); + if (value != null) { + try { + accessAudit.setDatasetIds(JsonUtilsV2.nonSerializableObjToJson(value)); + } catch (Exception e) { + LOGGER.warn("Failed to convert datasetIds to json", e); + } + } + return accessAudit; } } diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java b/security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java index 49a4f8d39d..1e3c27a631 100644 --- a/security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java +++ b/security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java @@ -141,6 +141,8 @@ public class VXAccessAudit extends VXDataObject implements java.io.Serializable protected String projects; + protected String datasetIds; + protected String clusterName; // Security Zone @@ -571,6 +573,14 @@ public void setProjects(String projects) { this.projects = projects; } + public String getDatasetIds() { + return datasetIds; + } + + public void setDatasetIds(String datasetIds) { + this.datasetIds = datasetIds; + } + /** * @return the clusterName */ @@ -626,6 +636,7 @@ public String toString() { str += "tags={" + tags + "}"; str += "datasets={" + datasets + "}"; str += "projects={" + projects + "}"; + str += "datasetIds={" + datasetIds + "}"; str += "clusterName={" + clusterName + "}"; str += "zoneName={" + zoneName + "}"; str += "agentHost={" + agentHost + "}"; diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java index b651c02dbb..ba820e9a96 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java @@ -572,7 +572,7 @@ public void testGetAccessLogs() { Mockito.verify(searchUtil, Mockito.times(16)).extractString(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class)); Mockito.verify(searchUtil, Mockito.times(4)).extractInt(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString()); Mockito.verify(searchUtil, Mockito.times(2)).extractDate(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()); - Mockito.verify(searchUtil).extractLong(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString()); + Mockito.verify(searchUtil, Mockito.times(2)).extractLong(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString()); Mockito.verify(searchUtil).extractStringList(Mockito.any(HttpServletRequest.class), (SearchCriteria) Mockito.any(), Mockito.eq("requestUser"), Mockito.eq("Users"), Mockito.eq("requestUser"), Mockito.any(), Mockito.eq(StringUtil.VALIDATION_TEXT)); Mockito.verify(searchUtil).extractStringList(Mockito.any(HttpServletRequest.class), (SearchCriteria) Mockito.any(), Mockito.eq("excludeUser"), Mockito.eq("Exclude Users"), Mockito.eq("-requestUser"), Mockito.any(), Mockito.eq(StringUtil.VALIDATION_TEXT)); Mockito.verify(searchUtil).extractStringList(Mockito.any(HttpServletRequest.class), (SearchCriteria) Mockito.any(), Mockito.eq("zoneName"), Mockito.eq("Zone Name List"), Mockito.eq("zoneName"), Mockito.eq(null), Mockito.eq(null)); @@ -607,7 +607,7 @@ public void testGetAccessLogsForKms() { Mockito.verify(searchUtil, Mockito.times(16)).extractString(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class)); Mockito.verify(searchUtil, Mockito.times(4)).extractInt(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString()); Mockito.verify(searchUtil, Mockito.times(2)).extractDate(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()); - Mockito.verify(searchUtil).extractLong(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString()); + Mockito.verify(searchUtil, Mockito.times(2)).extractLong(Mockito.any(), Mockito.any(), Mockito.anyString(), Mockito.anyString()); Mockito.verify(searchUtil).extractStringList(Mockito.any(HttpServletRequest.class), (SearchCriteria) Mockito.any(), Mockito.eq("requestUser"), Mockito.eq("Users"), Mockito.eq("requestUser"), Mockito.any(), Mockito.eq(StringUtil.VALIDATION_TEXT)); Mockito.verify(searchUtil).extractStringList(Mockito.any(HttpServletRequest.class), (SearchCriteria) Mockito.any(), Mockito.eq("excludeUser"), Mockito.eq("Exclude Users"), Mockito.eq("-requestUser"), Mockito.any(), Mockito.eq(StringUtil.VALIDATION_TEXT)); Mockito.verify(searchUtil).extractStringList(Mockito.any(HttpServletRequest.class), (SearchCriteria) Mockito.any(), Mockito.eq("zoneName"), Mockito.eq("Zone Name List"), Mockito.eq("zoneName"), Mockito.eq(null), Mockito.eq(null));