This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 4668bf8 RANGER-2374: Add refresh access type to hive service
definition
4668bf8 is described below
commit 4668bf8d7175d8d6dd37c3c6a2663008f7899080
Author: Austin Nobis <[email protected]>
AuthorDate: Thu Apr 11 09:26:26 2019 -0500
RANGER-2374: Add refresh access type to hive service definition
Signed-off-by: rmani <[email protected]>
---
.../service-defs/ranger-servicedef-hive.json | 9 +-
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../optimized/current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../optimized/current/ranger_core_db_sqlserver.sql | 1 +
.../patch/PatchForHiveServiceDefUpdate_J10027.java | 224 +++++++++++++++++++++
7 files changed, 238 insertions(+), 1 deletion(-)
diff --git
a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index 08e04e9..370ff56 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -202,7 +202,8 @@
"read",
"write",
"repladmin",
- "serviceadmin"
+ "serviceadmin",
+ "refresh"
]
},
@@ -234,6 +235,12 @@
"itemId": 13,
"name": "tempudfadmin",
"label": "Temporary UDF Admin"
+ },
+
+ {
+ "itemId": 14,
+ "name": "refresh",
+ "label": "Refresh"
}
],
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 707c311..ef413b6 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1625,4 +1625,5 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10020',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10025',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10026',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10027',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index e7d8989..0838bac 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1773,5 +1773,6 @@ INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10020',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10025',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10026',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10027',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index a1998fc..3ed9e75 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1719,6 +1719,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10020',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10025',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10026',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10027',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',current_timestamp,'Ranger
1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_trx_log;
diff --git
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 207c5a3..e82f43e 100644
---
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2086,6 +2086,8 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10026',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10027',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
diff --git
a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 36aefcf..281de40 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3726,6 +3726,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10020',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10025',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10026',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10027',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
CREATE VIEW [dbo].[vx_trx_log] AS
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
new file mode 100644
index 0000000..9ac8d99
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
@@ -0,0 +1,224 @@
+package org.apache.ranger.patch;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.RangerBizUtil;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.JSONUtil;
+import org.apache.ranger.common.RangerValidatorFactory;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
+import org.apache.ranger.plugin.model.validation.RangerValidator;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.service.RangerPolicyService;
+import org.apache.ranger.service.XPermMapService;
+import org.apache.ranger.service.XPolicyService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+@Component
+public class PatchForHiveServiceDefUpdate_J10027 extends BaseLoader {
+ private static final Logger logger =
Logger.getLogger(PatchForHiveServiceDefUpdate_J10027.class);
+ public static final String SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME =
"hive";
+ public static final String REFRESH_ACCESS_TYPE_NAME = "refresh";
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcDBStore;
+
+ @Autowired
+ JSONUtil jsonUtil;
+
+ @Autowired
+ RangerPolicyService policyService;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ @Autowired
+ XPolicyService xPolService;
+
+ @Autowired
+ XPermMapService xPermMapService;
+
+ @Autowired
+ RangerBizUtil bizUtil;
+
+ @Autowired
+ RangerValidatorFactory validatorFactory;
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchForHiveServiceDefUpdate_J10027 loader =
(PatchForHiveServiceDefUpdate_J10027)
CLIUtil.getBean(PatchForHiveServiceDefUpdate_J10027.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting.");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("PatchForHiveServiceDefUpdate data ");
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchForHiveServiceDefUpdate.execLoad()");
+ try {
+ if (!updateHiveServiceDef()) {
+ logger.error("Failed to apply the patch.");
+ System.exit(1);
+ }
+ } catch (Exception e) {
+ logger.error("Error while updateHiveServiceDef()data.",
e);
+ System.exit(1);
+ }
+ logger.info("<== PatchForHiveServiceDefUpdate.execLoad()");
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ private boolean updateHiveServiceDef() throws Exception {
+ RangerServiceDef ret;
+ RangerServiceDef embeddedHiveServiceDef;
+ RangerServiceDef dbHiveServiceDef;
+ List<RangerServiceDef.RangerAccessTypeDef>
embeddedHiveAccessTypes;
+ XXServiceDef xXServiceDefObj;
+
+ embeddedHiveServiceDef =
EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
+
+ if (embeddedHiveServiceDef != null) {
+ xXServiceDefObj =
daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
+ Map<String, String> serviceDefOptionsPreUpdate;
+ String jsonPreUpdate;
+
+ if (xXServiceDefObj != null) {
+ jsonPreUpdate = xXServiceDefObj.getDefOptions();
+ serviceDefOptionsPreUpdate =
jsonStringToMap(jsonPreUpdate);
+ } else {
+ logger.error("Hive service-definition does not
exist in the Ranger DAO.");
+ return false;
+ }
+ dbHiveServiceDef =
svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
+
+ if (dbHiveServiceDef != null) {
+ embeddedHiveAccessTypes =
embeddedHiveServiceDef.getAccessTypes();
+
+ if (embeddedHiveAccessTypes != null) {
+ if
(checkNewHiveAccessTypesPresent(embeddedHiveAccessTypes)) {
+ if
(!embeddedHiveAccessTypes.toString().equalsIgnoreCase(dbHiveServiceDef.getAccessTypes().toString()))
{
+
dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes);
+ }
+ }
+ }
+ } else {
+ logger.error("Hive service-definition does not
exist in the db store.");
+ return false;
+ }
+ RangerServiceDefValidator validator =
validatorFactory.getServiceDefValidator(svcStore);
+ validator.validate(dbHiveServiceDef,
RangerValidator.Action.UPDATE);
+
+ ret = svcStore.updateServiceDef(dbHiveServiceDef);
+ if (ret == null) {
+ throw new RuntimeException("Error while
updating " + SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME + " service-def");
+ }
+ xXServiceDefObj =
daoMgr.getXXServiceDef().findByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
+ if (xXServiceDefObj != null) {
+ String jsonStrPostUpdate =
xXServiceDefObj.getDefOptions();
+ Map<String, String> serviceDefOptionsPostUpdate
= jsonStringToMap(jsonStrPostUpdate);
+ if (serviceDefOptionsPostUpdate != null &&
serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES))
{
+ if (serviceDefOptionsPreUpdate == null
||
!serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES))
{
+ String preUpdateValue =
serviceDefOptionsPreUpdate == null ? null :
serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
+ if (preUpdateValue == null) {
+
serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
+ } else {
+
serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES,
preUpdateValue);
+ }
+
xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
+
daoMgr.getXXServiceDef().update(xXServiceDefObj);
+ }
+ }
+ } else {
+ logger.error("Hive service-definition does not
exist in the Ranger DAO.");
+ return false;
+ }
+ } else {
+ logger.error("The embedded Hive service-definition does
not exist.");
+ return false;
+ }
+ return true;
+ }
+
+ private static boolean
checkNewHiveAccessTypesPresent(List<RangerServiceDef.RangerAccessTypeDef>
accessTypeDefs) {
+ boolean ret = false;
+ for (RangerServiceDef.RangerAccessTypeDef accessTypeDef :
accessTypeDefs) {
+ if
(REFRESH_ACCESS_TYPE_NAME.equals(accessTypeDef.getName())) {
+ ret = true;
+ break;
+ }
+ }
+ return ret;
+ }
+
+ private String mapToJsonString(Map<String, String> map) {
+ String ret = null;
+ if (map != null) {
+ try {
+ ret = jsonUtil.readMapToString(map);
+ } catch (Exception ex) {
+ logger.warn("mapToJsonString() failed to
convert map: " + map, ex);
+ }
+ }
+ return ret;
+ }
+
+ protected Map<String, String> jsonStringToMap(String jsonStr) {
+ Map<String, String> ret = null;
+ if (!StringUtils.isEmpty(jsonStr)) {
+ try {
+ ret = jsonUtil.jsonToMap(jsonStr);
+ } catch (Exception ex) {
+ // fallback to earlier format:
"name1=value1;name2=value2"
+ for (String optionString : jsonStr.split(";")) {
+ if (StringUtils.isEmpty(optionString)) {
+ continue;
+ }
+ String[] nvArr =
optionString.split("=");
+ String name = (nvArr != null &&
nvArr.length > 0) ? nvArr[0].trim() : null;
+ String value = (nvArr != null &&
nvArr.length > 1) ? nvArr[1].trim() : null;
+ if (StringUtils.isEmpty(name)) {
+ continue;
+ }
+ if (ret == null) {
+ ret = new HashMap<String,
String>();
+ }
+ ret.put(name, value);
+ }
+ }
+ }
+ return ret;
+ }
+}
