incubator-ranger git commit: RANGER-962: Ranger plugin should have an option to use X-Forwarded-For address

Mon, 27 Jun 2016 14:15:12 -0700 

Repository: incubator-ranger
Updated Branches:
  refs/heads/master 0f4d0abde -> af564f38f


RANGER-962: Ranger plugin should have an option to use X-Forwarded-For address


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/af564f38
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/af564f38
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/af564f38

Branch: refs/heads/master
Commit: af564f38f8e895358f69f52e4208f20b5519aff0
Parents: 0f4d0ab
Author: Abhay Kulkarni <[email protected]>
Authored: Mon Jun 27 14:07:26 2016 -0700
Committer: Madhan Neethiraj <[email protected]>
Committed: Mon Jun 27 14:07:26 2016 -0700

----------------------------------------------------------------------
 .../authorizer/RangerHiveAccessRequest.java     | 21 ++++++++--------
 .../hive/authorizer/RangerHiveAuthorizer.java   | 25 ++++++++++----------
 pom.xml                                         |  2 +-
 3 files changed, 24 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/af564f38/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
----------------------------------------------------------------------
diff --git 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
index 5d5d462..f2f8541 100644
--- 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
+++ 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
@@ -25,12 +25,11 @@ import java.util.Set;
 import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.QueryContext;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
 import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
 
-
 public class RangerHiveAccessRequest extends RangerAccessRequestImpl {
        private HiveAccessType accessType = HiveAccessType.NONE;
 
@@ -43,21 +42,19 @@ public class RangerHiveAccessRequest extends 
RangerAccessRequestImpl {
                                                                   Set<String>  
           userGroups,
                                                                   String       
           hiveOpTypeName,
                                                                   
HiveAccessType          accessType,
-                                                                  QueryContext 
           context,
+                                                                  
HiveAuthzContext        context,
                                                                   
HiveAuthzSessionContext sessionContext,
-                                                                  
HiveAuthenticationProvider hiveAuthenticator) {
+                                                                  
HiveAuthenticationProvider hiveAuthenticator) { // NOPMD
                this.setResource(resource);
                this.setUser(user);
                this.setUserGroups(userGroups);
                this.setAccessTime(new Date());
                this.setAction(hiveOpTypeName);
-               
+
                if(context != null) {
                        this.setRequestData(context.getCommandString());
-               }
-
-               if(hiveAuthenticator != null) {
-                       
this.setClientIPAddress(hiveAuthenticator.getUserIpAddress());
+                       
this.setForwardedAddresses(context.getForwardedAddresses());
+                       this.setRemoteIPAddress(context.getIpAddress());
                }
 
                if(sessionContext != null) {
@@ -81,13 +78,13 @@ public class RangerHiveAccessRequest extends 
RangerAccessRequestImpl {
                           Set<String>             userGroups,
                           HiveOperationType       hiveOpType,
                           HiveAccessType          accessType,
-                          QueryContext            context,
+                          HiveAuthzContext        context,
                           HiveAuthzSessionContext sessionContext,
                           HiveAuthenticationProvider hiveAuthenticator) {
                this(resource, user, userGroups, hiveOpType.name(), accessType, 
context, sessionContext, hiveAuthenticator);
        }
 
-       public RangerHiveAccessRequest(RangerHiveResource resource, String 
user, Set<String> groups, QueryContext context, HiveAuthzSessionContext 
sessionContext, HiveAuthenticationProvider hiveAuthenticator) {
+       public RangerHiveAccessRequest(RangerHiveResource resource, String 
user, Set<String> groups, HiveAuthzContext context, HiveAuthzSessionContext 
sessionContext, HiveAuthenticationProvider hiveAuthenticator) {
                this(resource, user, groups, "METADATA OPERATION", 
HiveAccessType.USE, context, sessionContext, hiveAuthenticator);
        }
 
@@ -105,6 +102,8 @@ public class RangerHiveAccessRequest extends 
RangerAccessRequestImpl {
                ret.setAccessTime(getAccessTime());
                ret.setAction(getAction());
                ret.setClientIPAddress(getClientIPAddress());
+               ret.setRemoteIPAddress(getRemoteIPAddress());
+               ret.setForwardedAddresses(getForwardedAddresses());
                ret.setRequestData(getRequestData());
                ret.setClientType(getClientType());
                ret.setSessionId(getSessionId());

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/af564f38/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 6b19b61..69f85e2 100644
--- 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -48,7 +48,7 @@ import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType;
-import org.apache.hadoop.hive.ql.security.authorization.plugin.QueryContext;
+import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
 import org.apache.hadoop.hive.ql.session.SessionState;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
@@ -209,7 +209,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
        public void checkPrivileges(HiveOperationType         hiveOpType,
                                                                
List<HivePrivilegeObject> inputHObjs,
                                                            
List<HivePrivilegeObject> outputHObjs,
-                                                           QueryContext        
      context)
+                                                           HiveAuthzContext    
      context)
                      throws HiveAuthzPluginException, 
HiveAccessControlException {
                UserGroupInformation ugi = getCurrentUserGroupInfo();
 
@@ -384,7 +384,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
     // Commented out to avoid build errors until this interface is stable in 
Hive Branch
        // @Override
        public List<HivePrivilegeObject> 
filterListCmdObjects(List<HivePrivilegeObject> objs,
-                                                                               
                                  QueryContext              context)
+                                                                               
                                  HiveAuthzContext          context)
                      throws HiveAuthzPluginException, 
HiveAccessControlException {
                
                if (LOG.isDebugEnabled()) {
@@ -431,7 +431,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
                                        List<String> columns = 
privilegeObject.getColumns();
                                        List<String> partitionKeys = 
privilegeObject.getPartKeys();
                                        String commandString = context == null 
? null : context.getCommandString();
-                                       String ipAddress = authenticator == 
null ? null : authenticator.getUserIpAddress();
+                                       String ipAddress = context == null ? 
null : context.getIpAddress();
 
                                        final String format = 
"filterListCmdObjects: actionType[%s], objectType[%s], objectName[%s], 
dbName[%s], columns[%s], partitionKeys[%s]; context: commandString[%s], 
ipAddress[%s]";
                                        LOG.debug(String.format(format, 
actionType, objectType, objectName, dbName, columns, partitionKeys, 
commandString, ipAddress));
@@ -469,7 +469,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
        }
 
        @Override
-       public List<HivePrivilegeObject> 
applyRowFilterAndColumnMasking(QueryContext queryContext, 
List<HivePrivilegeObject> hiveObjs) throws SemanticException {
+       public List<HivePrivilegeObject> 
applyRowFilterAndColumnMasking(HiveAuthzContext queryContext, 
List<HivePrivilegeObject> hiveObjs) throws SemanticException {
                List<HivePrivilegeObject> ret = new 
ArrayList<HivePrivilegeObject>();
 
                if(LOG.isDebugEnabled()) {
@@ -535,7 +535,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
                return true; // TODO: derive from the policies
        }
 
-       private String getRowFilterExpression(QueryContext context, String 
databaseName, String tableOrViewName) throws SemanticException {
+       private String getRowFilterExpression(HiveAuthzContext context, String 
databaseName, String tableOrViewName) throws SemanticException {
                UserGroupInformation ugi = getCurrentUserGroupInfo();
 
                if(ugi == null) {
@@ -575,7 +575,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
                return ret;
        }
 
-       private String getCellValueTransformer(QueryContext context, String 
databaseName, String tableOrViewName, String columnName) throws 
SemanticException {
+       private String getCellValueTransformer(HiveAuthzContext context, String 
databaseName, String tableOrViewName, String columnName) throws 
SemanticException {
                UserGroupInformation ugi = getCurrentUserGroupInfo();
 
                if(ugi == null) {
@@ -1147,9 +1147,9 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
        private String toString(HiveOperationType         hiveOpType,
                                                        
List<HivePrivilegeObject> inputHObjs,
                                                        
List<HivePrivilegeObject> outputHObjs,
-                                                       QueryContext            
  context,
+                                                       HiveAuthzContext        
  context,
                                                        HiveAuthzSessionContext 
  sessionContext,
-                                                       
HiveAuthenticationProvider authenticator) {
+                                                       
HiveAuthenticationProvider authenticator) { // NOPMD
                StringBuilder sb = new StringBuilder();
                
                sb.append("'checkPrivileges':{");
@@ -1165,9 +1165,10 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
 
                sb.append(", 'context':{");
                sb.append("'clientType':").append(sessionContext == null ? null 
: sessionContext.getClientType());
-               sb.append(", 'commandString':").append(context == null ? null : 
context.getCommandString());
-               sb.append(", 'ipAddress':").append(authenticator == null ? null 
: authenticator.getUserIpAddress());
-               sb.append(", 'sessionString':").append(sessionContext == null ? 
null : sessionContext.getSessionString());
+               sb.append(", 'commandString':").append(context == null ? "null" 
: context.getCommandString());
+               sb.append(", 'ipAddress':").append(context == null ? "null" : 
context.getIpAddress());
+               sb.append(", 'forwardedAddresses':").append(context == null ? 
"null" : StringUtils.join(context.getForwardedAddresses(), ", "));
+               sb.append(", 'sessionString':").append(sessionContext == null ? 
"null" : sessionContext.getSessionString());
                sb.append("}");
 
                sb.append(", 
'user':").append(this.getCurrentUserGroupInfo().getUserName());

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/af564f38/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c99d108..6315230 100644
--- a/pom.xml
+++ b/pom.xml
@@ -163,7 +163,7 @@
         <hadoop.version>2.7.0</hadoop.version>
         <hamcrest.all.version>1.3</hamcrest.all.version>
         <hbase.version>1.1.3</hbase.version>
-        <hive.version>2.1.0-SNAPSHOT</hive.version>
+        <hive.version>2.1.0</hive.version>
         <htrace-core.version>3.1.0-incubating</htrace-core.version>
                
<httpcomponents.httpclient.version>4.5.2</httpcomponents.httpclient.version>
                
<httpcomponents.httpcore.version>4.4.4</httpcomponents.httpcore.version>

Reply via email to