RANGER-3812: Python client updated to support multiple resource sets in a policy

mneethiraj · mneethiraj · commit cfdbc6e84f5d · 2022-07-24T23:46:45.000-07:00
(cherry picked from commit 711a266)
diff --git a/intg/src/main/python/apache_ranger/model/ranger_policy.py b/intg/src/main/python/apache_ranger/model/ranger_policy.py
@@ -40,6 +40,7 @@ def __init__(self, attrs=None):
         self.resourceSignature    = attrs.get('resourceSignature')
         self.isAuditEnabled       = attrs.get('isAuditEnabled')
         self.resources            = attrs.get('resources')
+        self.additionalResources  = attrs.get('additionalResources')
         self.policyItems          = attrs.get('policyItems')
         self.denyPolicyItems      = attrs.get('denyPolicyItems')
         self.allowExceptions      = attrs.get('allowExceptions')
@@ -58,6 +59,7 @@ def type_coerce_attrs(self):
         super(RangerPolicy, self).type_coerce_attrs()
 
         self.resources            = type_coerce_dict(self.resources, RangerPolicyResource)
+        self.additionalResources  = type_coerce_list(self.additionalResources, dict)
         self.policyItems          = type_coerce_list(self.policyItems, RangerPolicyItem)
         self.denyPolicyItems      = type_coerce_list(self.denyPolicyItems, RangerPolicyItem)
         self.allowExceptions      = type_coerce_list(self.allowExceptions, RangerPolicyItem)
@@ -66,6 +68,25 @@ def type_coerce_attrs(self):
         self.rowFilterPolicyItems = type_coerce_list(self.rowFilterPolicyItems, RangerRowFilterPolicyItem)
         self.validitySchedules    = type_coerce_list(self.validitySchedules, RangerValiditySchedule)
 
+        if isinstance(self.additionalResources, list):
+            additionalResources = []
+
+            for entry in self.additionalResources:
+                additionalResources.append(type_coerce_dict(entry, RangerPolicyResource))
+
+            self.additionalResources = additionalResources
+        else:
+            self.additionalResources = None
+
+    def add_resource(self, resource):
+        if resource is not None:
+            if self.resources is None:
+                self.resources = resource
+            else:
+                if self.additionalResources is None:
+                    self.additionalResources = []
+
+                self.additionalResources.append(resource)
 
 class RangerPolicyResource(RangerBase):
     def __init__(self, attrs=None):
diff --git a/ranger-examples/sample-client/src/main/python/sample_client.py b/ranger-examples/sample-client/src/main/python/sample_client.py
@@ -156,7 +156,15 @@
 policy.description = 'test description'
 policy.resources   = { 'database': RangerPolicyResource({ 'values': ['test_db'] }),
                        'table':    RangerPolicyResource({ 'values': ['test_tbl'] }),
-					   'column':   RangerPolicyResource({ 'values': ['*'] }) }
+                       'column':   RangerPolicyResource({ 'values': ['*'] }) }
+policy.add_resource({ 'database': RangerPolicyResource({ 'values': ['test_db1'] }),
+                      'table':    RangerPolicyResource({ 'values': ['test_tbl1'] }),
+                      'column':   RangerPolicyResource({ 'values': ['*'] }) })
+policy.add_resource({ 'database': RangerPolicyResource({ 'values': ['test_db2'] }),
+                      'table':    RangerPolicyResource({ 'values': ['test_tbl2'] }),
+                      'column':   RangerPolicyResource({ 'values': ['*'] }) })
+
+
 
 allowItem1          = RangerPolicyItem()
 allowItem1.users    = [ 'admin' ]
@@ -189,7 +197,7 @@
 data_mask_policy.description = 'test description'
 data_mask_policy.resources   = { 'database': RangerPolicyResource({ 'values': ['test_db'] }),
                                  'table':    RangerPolicyResource({ 'values': ['test_tbl'] }),
-					             'column':   RangerPolicyResource({ 'values': ['test_col'] }) }
+                                 'column':   RangerPolicyResource({ 'values': ['test_col'] }) }
 
 policyItem1              = RangerDataMaskPolicyItem()
 policyItem1.users        = [ 'admin' ]
