Repository: incubator-ranger Updated Branches: refs/heads/master af564f38f -> d52eeff5a
RANGER-1056 - Update to Hive 2.1.0 (rebased) Signed-off-by: Madhan Neethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d52eeff5 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d52eeff5 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d52eeff5 Branch: refs/heads/master Commit: d52eeff5aa321f737883b9d438f7ac12ce353ebb Parents: af564f3 Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Jun 27 14:25:44 2016 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Mon Jun 27 14:42:33 2016 -0700 ---------------------------------------------------------------------- .../authorizer/RangerHiveAccessRequest.java | 13 +++++------ .../hive/authorizer/RangerHiveAuthorizer.java | 23 ++++++++------------ 2 files changed, 14 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d52eeff5/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java index f2f8541..ae83cf4 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java @@ -22,7 +22,6 @@ package org.apache.ranger.authorization.hive.authorizer; import java.util.Date; import java.util.Set; -import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext; @@ -43,8 +42,7 @@ public class RangerHiveAccessRequest extends RangerAccessRequestImpl { String hiveOpTypeName, HiveAccessType accessType, HiveAuthzContext context, - HiveAuthzSessionContext sessionContext, - HiveAuthenticationProvider hiveAuthenticator) { // NOPMD + HiveAuthzSessionContext sessionContext) { this.setResource(resource); this.setUser(user); this.setUserGroups(userGroups); @@ -79,13 +77,12 @@ public class RangerHiveAccessRequest extends RangerAccessRequestImpl { HiveOperationType hiveOpType, HiveAccessType accessType, HiveAuthzContext context, - HiveAuthzSessionContext sessionContext, - HiveAuthenticationProvider hiveAuthenticator) { - this(resource, user, userGroups, hiveOpType.name(), accessType, context, sessionContext, hiveAuthenticator); + HiveAuthzSessionContext sessionContext) { + this(resource, user, userGroups, hiveOpType.name(), accessType, context, sessionContext); } - public RangerHiveAccessRequest(RangerHiveResource resource, String user, Set<String> groups, HiveAuthzContext context, HiveAuthzSessionContext sessionContext, HiveAuthenticationProvider hiveAuthenticator) { - this(resource, user, groups, "METADATA OPERATION", HiveAccessType.USE, context, sessionContext, hiveAuthenticator); + public RangerHiveAccessRequest(RangerHiveResource resource, String user, Set<String> groups, HiveAuthzContext context, HiveAuthzSessionContext sessionContext) { + this(resource, user, groups, "METADATA OPERATION", HiveAccessType.USE, context, sessionContext); } public HiveAccessType getHiveAccessType() { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d52eeff5/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index 69f85e2..307602a 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -39,6 +39,7 @@ import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hadoop.hive.ql.parse.SemanticException; import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException; +import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext; import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory; @@ -48,7 +49,6 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType; import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType; -import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext; import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.hadoop.security.UserGroupInformation; import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; @@ -221,12 +221,11 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { try { HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext(); - HiveAuthenticationProvider authenticator = getHiveAuthenticator(); String user = ugi.getShortUserName(); Set<String> groups = Sets.newHashSet(ugi.getGroupNames()); if(LOG.isDebugEnabled()) { - LOG.debug(toString(hiveOpType, inputHObjs, outputHObjs, context, sessionContext, authenticator)); + LOG.debug(toString(hiveOpType, inputHObjs, outputHObjs, context, sessionContext)); } if(hiveOpType == HiveOperationType.DFS) { @@ -263,7 +262,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { } if(!existsByResourceAndAccessType(requests, resource, accessType)) { - RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, hiveOpType, accessType, context, sessionContext, authenticator); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, hiveOpType, accessType, context, sessionContext); requests.add(request); } @@ -272,7 +271,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { // this should happen only for SHOWDATABASES if (hiveOpType == HiveOperationType.SHOWDATABASES) { RangerHiveResource resource = new RangerHiveResource(HiveObjectType.DATABASE, null); - RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, hiveOpType.name(), HiveAccessType.USE, context, sessionContext, authenticator); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, hiveOpType.name(), HiveAccessType.USE, context, sessionContext); requests.add(request); } else { if (LOG.isDebugEnabled()) { @@ -307,7 +306,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { } if(!existsByResourceAndAccessType(requests, resource, accessType)) { - RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, hiveOpType, accessType, context, sessionContext, authenticator); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, hiveOpType, accessType, context, sessionContext); requests.add(request); } @@ -412,7 +411,6 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { // get user/group info UserGroupInformation ugi = getCurrentUserGroupInfo(); // we know this can't be null since we checked it above! HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext(); - HiveAuthenticationProvider authenticator = getHiveAuthenticator(); String user = ugi.getShortUserName(); Set<String> groups = Sets.newHashSet(ugi.getGroupNames()); if (LOG.isDebugEnabled()) { @@ -441,7 +439,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { if (resource == null) { LOG.error("filterListCmdObjects: RangerHiveResource returned by createHiveResource is null"); } else { - RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, context, sessionContext, authenticator); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, context, sessionContext); RangerAccessResult result = hivePlugin.isAccessAllowed(request); if (result == null) { LOG.error("filterListCmdObjects: Internal error: null RangerAccessResult object received back from isAccessAllowed()!"); @@ -552,12 +550,11 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { try { HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext(); - HiveAuthenticationProvider authenticator = getHiveAuthenticator(); String user = ugi.getShortUserName(); Set<String> groups = Sets.newHashSet(ugi.getGroupNames()); HiveObjectType objectType = HiveObjectType.TABLE; RangerHiveResource resource = new RangerHiveResource(objectType, databaseName, tableOrViewName); - RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, objectType.name(), HiveAccessType.SELECT, context, sessionContext, authenticator); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, objectType.name(), HiveAccessType.SELECT, context, sessionContext); RangerRowFilterResult result = hivePlugin.evalRowFilterPolicies(request, auditHandler); @@ -592,12 +589,11 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { try { HiveAuthzSessionContext sessionContext = getHiveAuthzSessionContext(); - HiveAuthenticationProvider authenticator = getHiveAuthenticator(); String user = ugi.getShortUserName(); Set<String> groups = Sets.newHashSet(ugi.getGroupNames()); HiveObjectType objectType = HiveObjectType.COLUMN; RangerHiveResource resource = new RangerHiveResource(objectType, databaseName, tableOrViewName, columnName); - RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, objectType.name(), HiveAccessType.SELECT, context, sessionContext, authenticator); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, objectType.name(), HiveAccessType.SELECT, context, sessionContext); RangerDataMaskResult result = hivePlugin.evalDataMaskPolicies(request, auditHandler); @@ -1148,8 +1144,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { List<HivePrivilegeObject> inputHObjs, List<HivePrivilegeObject> outputHObjs, HiveAuthzContext context, - HiveAuthzSessionContext sessionContext, - HiveAuthenticationProvider authenticator) { // NOPMD + HiveAuthzSessionContext sessionContext) { StringBuilder sb = new StringBuilder(); sb.append("'checkPrivileges':{");
