Merge branch 'master' into stack
Conflicts:
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
jisql/.gitignore
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/091677bb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/091677bb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/091677bb
Branch: refs/heads/stack
Commit: 091677bba0008d11fe6b5911b4320dec59eb5e9d
Parents: 9f559d5 0f3ace8
Author: Madhan Neethiraj <[email protected]>
Authored: Thu Feb 12 09:20:56 2015 -0800
Committer: Madhan Neethiraj <[email protected]>
Committed: Thu Feb 12 09:20:56 2015 -0800
----------------------------------------------------------------------
.../hive/authorizer/RangerHiveAuthorizer.java | 20 +
jisql/.gitignore | 2 -
migration-util/bin/import_ranger_to_ambari.py | 950 +++++++++++++++++++
.../bin/ranger_admin_install.properties | 166 ++++
.../bin/ranger_hbase_plugin_install.properties | 115 +++
.../bin/ranger_hdfs_plugin_install.properties | 106 +++
.../bin/ranger_hive_plugin_install.properties | 115 +++
.../bin/ranger_knox_plugin_install.properties | 109 +++
.../bin/ranger_storm_plugin_install.properties | 106 +++
.../bin/ranger_usersync_install.properties | 104 ++
migration-util/doc/README.TXT | 76 ++
pom.xml | 3 +-
ranger-util/src/.gitignore | 1 +
src/main/assembly/migration-util.xml | 43 +
14 files changed, 1913 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/091677bb/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --cc
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index d7d7a34,49301ff..152c59a
---
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@@ -334,11 -263,71 +334,31 @@@ public class RangerHiveAuthorizer exten
}
}
+ /**
+ * Check if user has privileges to do this action on these objects
- * @param hiveOpType
- * @param inputsHObjs
- * @param outputHObjs
++ * @param objs
+ * @param context
+ * @throws HiveAuthzPluginException
+ * @throws HiveAccessControlException
+ */
+ // Commented out to avoid build errors until this interface is stable in
Hive Branch
+ // @Override
+ public List<HivePrivilegeObject>
filterListCmdObjects(List<HivePrivilegeObject> objs,
+
HiveAuthzContext context)
+ throws HiveAuthzPluginException,
HiveAccessControlException {
+ List<HivePrivilegeObject> ret = null;
+
+ // TODO: only the objects the user has access-to should be
added to 'ret'
+ ret = objs;
+
+ return ret;
+ }
-
- private List<RangerHiveObjectAccessInfo>
getObjectAccessInfo(HiveOperationType hiveOpType,
-
List<HivePrivilegeObject> inputsHObjs,
-
List<HivePrivilegeObject> outputHObjs,
-
RangerHiveAccessContext context) {
- List<RangerHiveObjectAccessInfo> ret = new
ArrayList<RangerHiveObjectAccessInfo>();
-
- if(inputsHObjs != null) {
- for(HivePrivilegeObject hiveObj : inputsHObjs) {
- RangerHiveObjectAccessInfo hiveAccessObj =
getObjectAccessInfo(hiveOpType, hiveObj, context, true);
-
- if( hiveAccessObj != null
- && hiveAccessObj.getAccessType() !=
HiveAccessType.ADMIN // access check is performed at the Ranger policy server,
as a part of updating the permissions
- && !ret.contains(hiveAccessObj)) {
- ret.add(hiveAccessObj);
- }
- }
- }
-
- if(outputHObjs != null) {
- for(HivePrivilegeObject hiveObj : outputHObjs) {
- RangerHiveObjectAccessInfo hiveAccessObj =
getObjectAccessInfo(hiveOpType, hiveObj, context, false);
-
- if( hiveAccessObj != null
- && hiveAccessObj.getAccessType() !=
HiveAccessType.ADMIN // access check is performed at the Ranger policy server,
as a part of updating the permissions
- && !ret.contains(hiveAccessObj)) {
- ret.add(hiveAccessObj);
- }
- }
- }
-
- if(ret.size() == 0 && LOG.isDebugEnabled()) {
- LOG.debug("getObjectAccessInfo(): no objects found for
access check! " + toString(hiveOpType, inputsHObjs, outputHObjs, context));
- }
-
- return ret;
- }
+
- private RangerHiveObjectAccessInfo
getObjectAccessInfo(HiveOperationType hiveOpType, HivePrivilegeObject hiveObj,
RangerHiveAccessContext context, boolean isInput) {
- RangerHiveObjectAccessInfo ret = null;
+ private RangerHiveResource getHiveResource(HiveOperationType
hiveOpType,
+
HivePrivilegeObject hiveObj) {
+ RangerHiveResource ret = null;
HiveObjectType objectType = getObjectType(hiveObj, hiveOpType);
- HiveAccessType accessType = getAccessType(hiveObj, hiveOpType,
isInput);
- String operType = hiveOpType.name();
switch(objectType) {
case DATABASE:
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/091677bb/jisql/.gitignore
----------------------------------------------------------------------
diff --cc jisql/.gitignore
index 798e8dd,b83d222..0f63015
--- a/jisql/.gitignore
+++ b/jisql/.gitignore
@@@ -1,4 -1,1 +1,2 @@@
/target/
+/bin/
- /bin/
- /target
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/091677bb/pom.xml
----------------------------------------------------------------------
