public List translateOwner()

in authorizations/authorization-ranger/src/main/java/org/apache/gravitino/authorization/ranger/RangerAuthorizationHadoopSQLPlugin.java [449:528]

• 70 lines of code
• 5 McCabe index (conditional complexity)

  public List<AuthorizationSecurableObject> translateOwner(MetadataObject gravitinoMetadataObject) {
    List<AuthorizationSecurableObject> rangerSecurableObjects = new ArrayList<>();

    switch (gravitinoMetadataObject.type()) {
      case METALAKE:
      case CATALOG:
        // Add `*` for the SCHEMA permission
        rangerSecurableObjects.add(
            generateAuthorizationSecurableObject(
                ImmutableList.of(RangerHelper.RESOURCE_ALL),
                RangerHadoopSQLMetadataObject.Type.SCHEMA,
                ownerMappingRule()));
        // Add `*.*` for the TABLE permission
        rangerSecurableObjects.add(
            generateAuthorizationSecurableObject(
                ImmutableList.of(RangerHelper.RESOURCE_ALL, RangerHelper.RESOURCE_ALL),
                RangerHadoopSQLMetadataObject.Type.TABLE,
                ownerMappingRule()));
        // Add `*.*.*` for the COLUMN permission
        rangerSecurableObjects.add(
            generateAuthorizationSecurableObject(
                ImmutableList.of(
                    RangerHelper.RESOURCE_ALL,
                    RangerHelper.RESOURCE_ALL,
                    RangerHelper.RESOURCE_ALL),
                RangerHadoopSQLMetadataObject.Type.COLUMN,
                ownerMappingRule()));
        break;
      case SCHEMA:
        // Add `{schema}` for the SCHEMA permission
        rangerSecurableObjects.add(
            generateAuthorizationSecurableObject(
                ImmutableList.of(gravitinoMetadataObject.name() /*Schema name*/),
                RangerHadoopSQLMetadataObject.Type.SCHEMA,
                ownerMappingRule()));
        // Add `{schema}.*` for the TABLE permission
        rangerSecurableObjects.add(
            generateAuthorizationSecurableObject(
                ImmutableList.of(
                    gravitinoMetadataObject.name() /*Schema name*/, RangerHelper.RESOURCE_ALL),
                RangerHadoopSQLMetadataObject.Type.TABLE,
                ownerMappingRule()));
        // Add `{schema}.*.*` for the COLUMN permission
        rangerSecurableObjects.add(
            generateAuthorizationSecurableObject(
                ImmutableList.of(
                    gravitinoMetadataObject.name() /*Schema name*/,
                    RangerHelper.RESOURCE_ALL,
                    RangerHelper.RESOURCE_ALL),
                RangerHadoopSQLMetadataObject.Type.COLUMN,
                ownerMappingRule()));
        break;
      case TABLE:
        translateMetadataObject(gravitinoMetadataObject).stream()
            .forEach(
                rangerMetadataObject -> {
                  // Add `{schema}.{table}` for the TABLE permission
                  rangerSecurableObjects.add(
                      generateAuthorizationSecurableObject(
                          rangerMetadataObject.names(),
                          RangerHadoopSQLMetadataObject.Type.TABLE,
                          ownerMappingRule()));
                  // Add `{schema}.{table}.*` for the COLUMN permission
                  rangerSecurableObjects.add(
                      generateAuthorizationSecurableObject(
                          Stream.concat(
                                  rangerMetadataObject.names().stream(),
                                  Stream.of(RangerHelper.RESOURCE_ALL))
                              .collect(Collectors.toList()),
                          RangerHadoopSQLMetadataObject.Type.COLUMN,
                          ownerMappingRule()));
                });
        break;
      default:
        throw new AuthorizationPluginException(
            ErrorMessages.OWNER_PRIVILEGE_NOT_SUPPORTED, gravitinoMetadataObject.type());
    }

    return rangerSecurableObjects;
  }