You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2022/07/25 18:07:01 UTC
[ranger] 26/28: RANGER-3840: SHOW DATABASES doesn't list databases owned by the user
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ee2dc9bb54477a25a5bd0a1b984b9c67d944fd37
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Fri Jul 22 14:19:05 2022 -0700
RANGER-3840: SHOW DATABASES doesn't list databases owned by the user
(cherry picked from commit 8875a7eabbfbaccd454864ac85bf280da6ed12b8)
---
.../authorization/hive/authorizer/RangerHiveAuthorizer.java | 13 ++++++-------
.../hive/authorizer/RangerHivePolicyProvider.java | 6 ++++--
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 86abdf7e6..8f6801be1 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -186,7 +186,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
if (hivePlugin == null) {
throw new HiveAuthzPluginException();
}
- RangerHivePolicyProvider policyProvider = new RangerHivePolicyProvider(hivePlugin);
+ RangerHivePolicyProvider policyProvider = new RangerHivePolicyProvider(hivePlugin, this);
return policyProvider;
}
@@ -1465,7 +1465,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
switch(objectType) {
case DATABASE:
case TABLE_OR_VIEW:
- resource = createHiveResource(privilegeObject, getMetaStoreClient());
+ resource = createHiveResource(privilegeObject);
break;
default:
LOG.warn("RangerHiveAuthorizer.createHiveResourceForFiltering: unexpected objectType:" + objectType);
@@ -1474,9 +1474,8 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
return resource;
}
- static RangerHiveResource createHiveResource(HivePrivilegeObject privilegeObject, IMetaStoreClient metaStoreClient) {
+ RangerHiveResource createHiveResource(HivePrivilegeObject privilegeObject) {
RangerHiveResource resource = null;
-
HivePrivilegeObjectType objectType = privilegeObject.getType();
String objectName = privilegeObject.getObjectName();
String dbName = privilegeObject.getDbname();
@@ -1487,14 +1486,12 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
break;
case TABLE_OR_VIEW:
resource = new RangerHiveResource(HiveObjectType.TABLE, dbName, objectName);
- setOwnerUser(resource, privilegeObject, metaStoreClient);
break;
case COLUMN:
List<String> columns = privilegeObject.getColumns();
int numOfColumns = columns == null ? 0 : columns.size();
if (numOfColumns == 1) {
resource = new RangerHiveResource(HiveObjectType.COLUMN, dbName, objectName, columns.get(0));
- setOwnerUser(resource, privilegeObject, metaStoreClient);
} else {
LOG.warn("RangerHiveAuthorizer.getHiveResource: unexpected number of columns requested:" + numOfColumns + ", objectType:" + objectType);
}
@@ -1504,6 +1501,8 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
if (resource != null) {
+ setOwnerUser(resource, privilegeObject, getMetaStoreClient());
+
resource.setServiceDef(hivePlugin == null ? null : hivePlugin.getServiceDef());
}
@@ -2689,7 +2688,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
LOG.debug("==> RangerHivePolicyProvider.getRangerResourceACLs:[" + hiveObject + "]");
}
- RangerHiveResource hiveResource = createHiveResource(hiveObject, getMetaStoreClient());
+ RangerHiveResource hiveResource = createHiveResource(hiveObject);
RangerAccessRequestImpl request = new RangerAccessRequestImpl(hiveResource, RangerPolicyEngine.ANY_ACCESS, null, null, null);
ret = hivePlugin.getResourceACLs(request);
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHivePolicyProvider.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHivePolicyProvider.java
index ea95fd5ad..5e50b867f 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHivePolicyProvider.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHivePolicyProvider.java
@@ -51,8 +51,9 @@ public class RangerHivePolicyProvider implements HivePolicyProvider {
private final Set<String> hivePrivileges;
private final RangerBasePlugin rangerPlugin;
+ private final RangerHiveAuthorizer authorizer;
- public RangerHivePolicyProvider(@NotNull RangerBasePlugin hivePlugin) {
+ public RangerHivePolicyProvider(@NotNull RangerBasePlugin hivePlugin, @NotNull RangerHiveAuthorizer authorizer) {
Set<String> privileges = new HashSet<>();
for (HiveResourceACLs.Privilege privilege : HiveResourceACLs.Privilege.values()) {
@@ -61,6 +62,7 @@ public class RangerHivePolicyProvider implements HivePolicyProvider {
this.hivePrivileges = new HashSet<>(privileges);
this.rangerPlugin = hivePlugin;
+ this.authorizer = authorizer;
}
@Override
@@ -74,7 +76,7 @@ public class RangerHivePolicyProvider implements HivePolicyProvider {
perf = RangerPerfTracer.getPerfTracer(PERF_HIVEACLPROVIDER_REQUEST_LOG, "RangerHivePolicyProvider.getResourceACLS()");
}
// Extract and build RangerHiveResource from inputObject
- RangerHiveResource hiveResource = RangerHiveAuthorizer.createHiveResource(hiveObject, null);
+ RangerHiveResource hiveResource = authorizer.createHiveResource(hiveObject);
ret = getResourceACLs(hiveResource);
RangerPerfTracer.log(perf);
return ret;