Github user interma commented on a diff in the pull request:
https://github.com/apache/incubator-hawq/pull/1253#discussion_r121583655
--- Diff:
ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
---
@@ -25,41 +25,48 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.service.ResourceLookupContext;
+import org.apache.ranger.plugin.util.PasswordUtils;
import java.util.*;
+import java.io.IOException;
public class RangerServiceHawq extends RangerBaseService {
private static final Log LOG =
LogFactory.getLog(RangerServiceHawq.class);
public RangerServiceHawq() {
- super();
- }
-
- @Override
- public void init(RangerServiceDef serviceDef, RangerService service) {
- super.init(serviceDef, service);
- }
-
+ super();
+ }
+
+ @Override
+ public void init(RangerServiceDef serviceDef, RangerService service) {
+ super.init(serviceDef, service);
+ }
+
@Override
public HashMap<String, Object> validateConfig() throws Exception {
boolean isDebugEnabled = LOG.isDebugEnabled();
- if(isDebugEnabled) {
+ if (isDebugEnabled) {
LOG.debug("==> RangerServiceHawq.validateConfig Service:
(hawq)");
}
HashMap<String, Object> result = new HashMap<>();
- String serviceName = getServiceName();
if (configs != null) {
- try {
- HawqClient hawqClient = new HawqClient(serviceName,
configs);
- result = hawqClient.checkConnection(configs);
- hawqClient.close();
- } catch (HadoopException e) {
- LOG.error("<== RangerServiceHawq.validateConfig Error:" +
e);
- throw e;
+ boolean retry = false;
+
+ // try normal password (user input in webform)
+ result = check_connection(configs);
+ if (!(boolean)(result.get("connectivityStatus"))) {
+ retry = true;
+ }
+
+ if (retry) {
+ // try decrypt password
+ decrypt_password(configs);
+ result = check_connection(configs);
--- End diff --
Explain why try check_connection() twice in this validateConfig():
validateConfig() is called in ranger UI "test connection" buttion, and the
password stored in ranger db is encrypted (I have tested).
There are two situations when user clicks "test connection" button:
1. User already inputed a new password, and the password is plain(not
encrypted).
2. User didn't change anything, just click button, but the password is
encrypted (fetch directly from ranger db).
Since there is no way to identify these two situations, we just try twice:
plain password and decrypted password, test connection is success if one of
them is passed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
