This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new a1191d7 RANGER-3337: Ranger policy not taking effect with HDFS
Snapshots
a1191d7 is described below
commit a1191d7292fa44e05a9c6e09f513ccf881760a8f
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Tue Jul 13 12:13:24 2021 -0700
RANGER-3337: Ranger policy not taking effect with HDFS Snapshots
---
.../ranger/authorization/hadoop/RangerHdfsAuthorizer.java | 14 +++++++++++---
.../ranger/services/hdfs/RangerHdfsAuthorizerTest.java | 3 ++-
2 files changed, 13 insertions(+), 4 deletions(-)
diff --git
a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index bef6b17..605a719 100644
---
a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++
b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -327,10 +327,18 @@ public class RangerHdfsAuthorizer extends
INodeAttributeProvider {
}
} else {
- resourcePath =
DFSUtil.byteArray2PathString(components, 0, i);
+ if (snapshotId !=
Snapshot.CURRENT_STATE_ID) {
+ resourcePath =
DFSUtil.byteArray2PathString(pathByNameArr);
- if (LOG.isDebugEnabled()) {
-
LOG.debug("INodeAttributes array is used to figure out path to resource,
resourcePath:[" + resourcePath +"]");
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("pathByNameArr array is used to figure out path to resource,
resourcePath:[" + resourcePath +"]");
+ }
+ } else {
+ resourcePath =
DFSUtil.byteArray2PathString(components, 0, i);
+
+ if
(LOG.isDebugEnabled()) {
+
LOG.debug("INodeAttributes array is used to figure out path to resource,
resourcePath:[" + resourcePath +"]");
+ }
}
}
diff --git
a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
index 66ba071..a204b6c 100644
---
a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
+++
b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
@@ -33,6 +33,7 @@ import org.apache.hadoop.hdfs.server.namenode.INode;
import org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider;
import
org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider.AccessControlEnforcer;
import org.apache.hadoop.hdfs.server.namenode.INodeAttributes;
+import org.apache.hadoop.hdfs.server.namenode.snapshot.Snapshot;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer;
@@ -48,7 +49,7 @@ import org.mockito.Mockito;
*/
public class RangerHdfsAuthorizerTest {
- private final static int SNAPSHOT_ID = 1;
+ private final static int SNAPSHOT_ID = Snapshot.CURRENT_STATE_ID;
private final static String FILE_OWNER = "fileOwner";
private final static String FILE_GROUP = "superGroup";
private static final FsPermission READ_ONLY = new
FsPermission(FsAction.READ, FsAction.NONE, FsAction.NONE);