This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.2 by this push:
     new a1191d7  RANGER-3337: Ranger policy not taking effect with HDFS 
Snapshots
a1191d7 is described below

commit a1191d7292fa44e05a9c6e09f513ccf881760a8f
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Tue Jul 13 12:13:24 2021 -0700

    RANGER-3337: Ranger policy not taking effect with HDFS Snapshots
---
 .../ranger/authorization/hadoop/RangerHdfsAuthorizer.java  | 14 +++++++++++---
 .../ranger/services/hdfs/RangerHdfsAuthorizerTest.java     |  3 ++-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git 
a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
 
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index bef6b17..605a719 100644
--- 
a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ 
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -327,10 +327,18 @@ public class RangerHdfsAuthorizer extends 
INodeAttributeProvider {
                                                }
                                        } else {
 
-                                               resourcePath = 
DFSUtil.byteArray2PathString(components, 0, i);
+                                               if (snapshotId != 
Snapshot.CURRENT_STATE_ID) {
+                                                       resourcePath = 
DFSUtil.byteArray2PathString(pathByNameArr);
 
-                                               if (LOG.isDebugEnabled()) {
-                                                       
LOG.debug("INodeAttributes array is used to figure out path to resource, 
resourcePath:[" + resourcePath +"]");
+                                                       if 
(LOG.isDebugEnabled()) {
+                                                               
LOG.debug("pathByNameArr array is used to figure out path to resource, 
resourcePath:[" + resourcePath +"]");
+                                                       }
+                                               } else {
+                                                       resourcePath = 
DFSUtil.byteArray2PathString(components, 0, i);
+
+                                                       if 
(LOG.isDebugEnabled()) {
+                                                               
LOG.debug("INodeAttributes array is used to figure out path to resource, 
resourcePath:[" + resourcePath +"]");
+                                                       }
                                                }
                                        }
 
diff --git 
a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
 
b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
index 66ba071..a204b6c 100644
--- 
a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
+++ 
b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
@@ -33,6 +33,7 @@ import org.apache.hadoop.hdfs.server.namenode.INode;
 import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider;
 import 
org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider.AccessControlEnforcer;
 import org.apache.hadoop.hdfs.server.namenode.INodeAttributes;
+import org.apache.hadoop.hdfs.server.namenode.snapshot.Snapshot;
 import org.apache.hadoop.security.AccessControlException;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer;
@@ -48,7 +49,7 @@ import org.mockito.Mockito;
  */
 public class RangerHdfsAuthorizerTest {
 
-    private final static int SNAPSHOT_ID = 1;
+    private final static int SNAPSHOT_ID = Snapshot.CURRENT_STATE_ID;
     private final static String FILE_OWNER = "fileOwner";
     private final static String FILE_GROUP = "superGroup";
     private static final FsPermission READ_ONLY = new 
FsPermission(FsAction.READ, FsAction.NONE, FsAction.NONE);

Reply via email to