You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by zh...@apache.org on 2017/08/11 03:14:15 UTC

ranger git commit: RANGER-1669:We need to support the original functionality of hive:show grant user username

Repository: ranger
Updated Branches:
  refs/heads/master 0736d98e2 -> 0878d19e9


RANGER-1669:We need to support the original functionality of hive:show grant user username

Signed-off-by: peng.jianhua <pe...@zte.com.cn>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/0878d19e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/0878d19e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/0878d19e

Branch: refs/heads/master
Commit: 0878d19e9fc39c13c136411ee4df6c6fa33c7b43
Parents: 0736d98
Author: peng.jianhua <pe...@zte.com.cn>
Authored: Thu Aug 10 20:22:48 2017 +0800
Committer: peng.jianhua <pe...@zte.com.cn>
Committed: Thu Aug 10 23:12:27 2017 -0400

----------------------------------------------------------------------
 .../hive/authorizer/RangerHiveAuthorizer.java   | 81 +++++++++++---------
 .../services/hive/HIVERangerAuthorizerTest.java |  9 +++
 2 files changed, 54 insertions(+), 36 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/0878d19e/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 6872e50..1c7a9d0 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1457,51 +1457,60 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 	public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal,
 			HivePrivilegeObject privObj) throws HiveAuthzPluginException {
 		try {
+
 			LOG.debug("RangerHiveAuthorizer.showPrivileges()");
 			IMetaStoreClient mClient = getMetastoreClientFactory()
 					.getHiveMetastoreClient();
 			List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>();
-			String principalName = principal == null ? null : principal
-					.getName();
-			PrincipalType principalType = principal == null ? null
-					: AuthorizationUtils.getThriftPrincipalType(principal
-							.getType());
+			String principalName = null;
+			PrincipalType principalType = null;
+			if (principal != null) {
+				principalName = principal.getName();
+				principalType = AuthorizationUtils
+						.getThriftPrincipalType(principal.getType());
+			}
 
 			List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
 					principalName, principalType,
 					this.getThriftHiveObjectRef(privObj));
-
-			for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
-				HivePrincipal resPrincipal = new HivePrincipal(
-						msObjPriv.getPrincipalName(),
-						AuthorizationUtils.getHivePrincipalType(msObjPriv
-								.getPrincipalType()));
-
-				PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
-				HivePrivilege resPrivilege = new HivePrivilege(
-						msGrantInfo.getPrivilege(), null);
-
-				HiveObjectRef msObjRef = msObjPriv.getHiveObject();
-				org.apache.hadoop.hive.metastore.api.HiveObjectType objectType = msObjRef
-						.getObjectType();
-				if (!isSupportedObjectType(msObjRef.getObjectType())) {
-					continue;
+			if (msObjPrivs != null) {
+				for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
+					HiveObjectRef msObjRef = msObjPriv.getHiveObject();
+					org.apache.hadoop.hive.metastore.api.HiveObjectType objectType = msObjRef
+							.getObjectType();
+					if (!isSupportedObjectType(objectType)) {
+						continue;
+					}
+					HivePrincipal resPrincipal = new HivePrincipal(
+							msObjPriv.getPrincipalName(),
+							AuthorizationUtils.getHivePrincipalType(msObjPriv
+									.getPrincipalType()));
+
+					PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
+					HivePrivilege resPrivilege = new HivePrivilege(
+							msGrantInfo.getPrivilege(), null);
+
+					HivePrivilegeObject resPrivObj = new HivePrivilegeObject(
+							getPluginPrivilegeObjType(objectType),
+							msObjRef.getDbName(), msObjRef.getObjectName(),
+							msObjRef.getPartValues(), msObjRef.getColumnName());
+
+					HivePrincipal grantorPrincipal = new HivePrincipal(
+							msGrantInfo.getGrantor(),
+							AuthorizationUtils.getHivePrincipalType(msGrantInfo
+									.getGrantorType()));
+
+					HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(
+							resPrincipal, resPrivilege, resPrivObj,
+							grantorPrincipal, msGrantInfo.isGrantOption(),
+							msGrantInfo.getCreateTime());
+					resPrivInfos.add(resPrivInfo);
 				}
-				HivePrivilegeObject resPrivObj = new HivePrivilegeObject(
-						getPluginPrivilegeObjType(objectType),
-						msObjRef.getDbName(), msObjRef.getObjectName(),
-						msObjRef.getPartValues(), msObjRef.getColumnName());
-
-				HivePrincipal grantorPrincipal = new HivePrincipal(
-						msGrantInfo.getGrantor(),
-						AuthorizationUtils.getHivePrincipalType(msGrantInfo
-								.getGrantorType()));
-
-				HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(
-						resPrincipal, resPrivilege, resPrivObj,
-						grantorPrincipal, msGrantInfo.isGrantOption(),
-						msGrantInfo.getCreateTime());
-				resPrivInfos.add(resPrivInfo);
+
+			} else {
+				throw new HiveAccessControlException(
+						"RangerHiveAuthorizer.showPrivileges():User has to specify"
+								+ " a user name or role in the show grant. ");
 			}
 			return resPrivInfos;
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/0878d19e/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
index 011d2c3..c6f0b8f 100644
--- a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
+++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
@@ -900,4 +900,13 @@ public class HIVERangerAuthorizerTest {
         connection.close();
     }
 
+    @Test
+    public void testShowPrivileges() throws Exception {
+        String initialUrl = "jdbc:hive2://localhost:" + port;
+        Connection connection = DriverManager.getConnection(initialUrl, "admin", "admin");
+        Statement statement = connection.createStatement();
+        Assert.assertTrue(statement.execute("show grant user admin"));
+        statement.close();
+    }
+
 }