You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2021/12/09 04:24:28 UTC
[ranger] branch master updated (0258fcf -> 6554332)
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 0258fcf RANGER-3484:Ranger usersync directory is being created as root owner
new 00dd3fc RANGER-3298: Add coarse URI check for Hive Agent -PMD fix
new 6554332 RANGER-3490 : Make policy resource signature is unique in a service part2
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../apache/ranger/plugin/model/RangerPolicyResourceSignature.java | 4 ++--
.../ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java | 7 +++----
2 files changed, 5 insertions(+), 6 deletions(-)
[ranger] 02/02: RANGER-3490 : Make policy resource signature is unique in a service part2
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 65543320e43b94e09b07eba647bf347b8b64fe14
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Tue Dec 7 13:32:41 2021 +0530
RANGER-3490 : Make policy resource signature is unique in a service part2
Signed-off-by: pradeep <pr...@apache.org>
---
.../org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
index 77b274e..a2f4b9a 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
@@ -121,8 +121,8 @@ public class RangerPolicyResourceSignature {
LOG.debug("isPolicyValidForResourceSignatureComputation: resources collection on policy was null!");
} else if (_policy.getResources().containsKey(null)) {
LOG.debug("isPolicyValidForResourceSignatureComputation: resources collection has resource with null name!");
- } else if (StringUtils.isEmpty(_policy.getGuid())) {
- LOG.debug("isPolicyValidForResourceSignatureComputation: policy GUID is empty!");
+ } else if (!_policy.getIsEnabled() && StringUtils.isEmpty(_policy.getGuid())) {
+ LOG.debug("isPolicyValidForResourceSignatureComputation: policy GUID is empty for a disabled policy!");
} else {
valid = true;
}
[ranger] 01/02: RANGER-3298: Add coarse URI check for Hive Agent -PMD fix
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 00dd3fcd88aa6e10bf1f2e3a68c76a85c7218de2
Author: Ramesh Mani <rm...@apache.org>
AuthorDate: Wed Dec 8 10:42:37 2021 -0800
RANGER-3298: Add coarse URI check for Hive Agent -PMD fix
Signed-off-by: pradeep <pr...@apache.org>
---
.../ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index ad857e4..951e550 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -66,7 +66,6 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.model.RangerPolicy;
@@ -862,7 +861,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
if (shouldCheckAccess) {
- if (!isURIAccessAllowed(user, permission, path, fs, RangerHivePlugin.URIPermissionCoarseCheck)) {
+ if (!isURIAccessAllowed(user, permission, path, fs)) {
throw new HiveAccessControlException(
String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", user,
permission.name(), path));
@@ -960,7 +959,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
if (shouldCheckAccess) {
- if (!isURIAccessAllowed(user, permission, path, fs, RangerHivePlugin.URIPermissionCoarseCheck)) {
+ if (!isURIAccessAllowed(user, permission, path, fs)) {
throw new HiveAccessControlException(
String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", user,
permission.name(), path));
@@ -2099,7 +2098,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
private boolean isURIAccessAllowed(String userName, FsAction action, Path filePath, FileSystem fs) {
- return isURIAccessAllowed(userName, action, filePath, fs, false);
+ return isURIAccessAllowed(userName, action, filePath, fs, RangerHivePlugin.URIPermissionCoarseCheck);
}
private boolean isURIAccessAllowed(String userName, FsAction action, Path filePath, FileSystem fs, boolean coarseCheck) {