This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 11f13d4 RANGER-3337: Ranger policy not taking effect with HDFS
Snapshots
11f13d4 is described below
commit 11f13d4eab5372f8868b53b764a11bedf891a789
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Tue Jul 13 12:13:24 2021 -0700
RANGER-3337: Ranger policy not taking effect with HDFS Snapshots
---
.../ranger/authorization/hadoop/RangerHdfsAuthorizer.java | 14 +++++++++++---
.../ranger/services/hdfs/RangerHdfsAuthorizerTest.java | 3 ++-
2 files changed, 13 insertions(+), 4 deletions(-)
diff --git
a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 7d92427..874f779 100644
---
a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -326,10 +326,18 @@ public class RangerHdfsAuthorizer extends
INodeAttributeProvider {
}
} else {
- resourcePath =
DFSUtil.byteArray2PathString(components, 0, i);
+ if (snapshotId !=
Snapshot.CURRENT_STATE_ID) {
+ resourcePath =
DFSUtil.byteArray2PathString(pathByNameArr);
- if (LOG.isDebugEnabled()) {
-
LOG.debug("INodeAttributes array is used to figure out path to resource,
resourcePath:[" + resourcePath +"]");
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("pathByNameArr array is used to figure out path to resource,
resourcePath:[" + resourcePath +"]");
+ }
+ } else {
+ resourcePath =
DFSUtil.byteArray2PathString(components, 0, i);
+
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("INodeAttributes array is used to figure out path to resource,
resourcePath:[" + resourcePath +"]");
+ }
}
}
diff --git
a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
index 66ba071..a204b6c 100644
---
a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
+++
b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
@@ -33,6 +33,7 @@ import org.apache.hadoop.hdfs.server.namenode.INode;
import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider;
import
org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider.AccessControlEnforcer;
import org.apache.hadoop.hdfs.server.namenode.INodeAttributes;
+import org.apache.hadoop.hdfs.server.namenode.snapshot.Snapshot;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer;
@@ -48,7 +49,7 @@ import org.mockito.Mockito;
*/
public class RangerHdfsAuthorizerTest {
- private final static int SNAPSHOT_ID = 1;
+ private final static int SNAPSHOT_ID = Snapshot.CURRENT_STATE_ID;
private final static String FILE_OWNER = "fileOwner";
private final static String FILE_GROUP = "superGroup";
private static final FsPermission READ_ONLY = new
FsPermission(FsAction.READ, FsAction.NONE, FsAction.NONE);