You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by zh...@apache.org on 2017/08/11 03:14:15 UTC
ranger git commit: RANGER-1669:We need to support the original
functionality of hive:show grant user username
Repository: ranger
Updated Branches:
refs/heads/master 0736d98e2 -> 0878d19e9
RANGER-1669:We need to support the original functionality of hive:show grant user username
Signed-off-by: peng.jianhua <pe...@zte.com.cn>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/0878d19e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/0878d19e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/0878d19e
Branch: refs/heads/master
Commit: 0878d19e9fc39c13c136411ee4df6c6fa33c7b43
Parents: 0736d98
Author: peng.jianhua <pe...@zte.com.cn>
Authored: Thu Aug 10 20:22:48 2017 +0800
Committer: peng.jianhua <pe...@zte.com.cn>
Committed: Thu Aug 10 23:12:27 2017 -0400
----------------------------------------------------------------------
.../hive/authorizer/RangerHiveAuthorizer.java | 81 +++++++++++---------
.../services/hive/HIVERangerAuthorizerTest.java | 9 +++
2 files changed, 54 insertions(+), 36 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/0878d19e/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 6872e50..1c7a9d0 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1457,51 +1457,60 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal,
HivePrivilegeObject privObj) throws HiveAuthzPluginException {
try {
+
LOG.debug("RangerHiveAuthorizer.showPrivileges()");
IMetaStoreClient mClient = getMetastoreClientFactory()
.getHiveMetastoreClient();
List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>();
- String principalName = principal == null ? null : principal
- .getName();
- PrincipalType principalType = principal == null ? null
- : AuthorizationUtils.getThriftPrincipalType(principal
- .getType());
+ String principalName = null;
+ PrincipalType principalType = null;
+ if (principal != null) {
+ principalName = principal.getName();
+ principalType = AuthorizationUtils
+ .getThriftPrincipalType(principal.getType());
+ }
List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
principalName, principalType,
this.getThriftHiveObjectRef(privObj));
-
- for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
- HivePrincipal resPrincipal = new HivePrincipal(
- msObjPriv.getPrincipalName(),
- AuthorizationUtils.getHivePrincipalType(msObjPriv
- .getPrincipalType()));
-
- PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
- HivePrivilege resPrivilege = new HivePrivilege(
- msGrantInfo.getPrivilege(), null);
-
- HiveObjectRef msObjRef = msObjPriv.getHiveObject();
- org.apache.hadoop.hive.metastore.api.HiveObjectType objectType = msObjRef
- .getObjectType();
- if (!isSupportedObjectType(msObjRef.getObjectType())) {
- continue;
+ if (msObjPrivs != null) {
+ for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
+ HiveObjectRef msObjRef = msObjPriv.getHiveObject();
+ org.apache.hadoop.hive.metastore.api.HiveObjectType objectType = msObjRef
+ .getObjectType();
+ if (!isSupportedObjectType(objectType)) {
+ continue;
+ }
+ HivePrincipal resPrincipal = new HivePrincipal(
+ msObjPriv.getPrincipalName(),
+ AuthorizationUtils.getHivePrincipalType(msObjPriv
+ .getPrincipalType()));
+
+ PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
+ HivePrivilege resPrivilege = new HivePrivilege(
+ msGrantInfo.getPrivilege(), null);
+
+ HivePrivilegeObject resPrivObj = new HivePrivilegeObject(
+ getPluginPrivilegeObjType(objectType),
+ msObjRef.getDbName(), msObjRef.getObjectName(),
+ msObjRef.getPartValues(), msObjRef.getColumnName());
+
+ HivePrincipal grantorPrincipal = new HivePrincipal(
+ msGrantInfo.getGrantor(),
+ AuthorizationUtils.getHivePrincipalType(msGrantInfo
+ .getGrantorType()));
+
+ HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(
+ resPrincipal, resPrivilege, resPrivObj,
+ grantorPrincipal, msGrantInfo.isGrantOption(),
+ msGrantInfo.getCreateTime());
+ resPrivInfos.add(resPrivInfo);
}
- HivePrivilegeObject resPrivObj = new HivePrivilegeObject(
- getPluginPrivilegeObjType(objectType),
- msObjRef.getDbName(), msObjRef.getObjectName(),
- msObjRef.getPartValues(), msObjRef.getColumnName());
-
- HivePrincipal grantorPrincipal = new HivePrincipal(
- msGrantInfo.getGrantor(),
- AuthorizationUtils.getHivePrincipalType(msGrantInfo
- .getGrantorType()));
-
- HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(
- resPrincipal, resPrivilege, resPrivObj,
- grantorPrincipal, msGrantInfo.isGrantOption(),
- msGrantInfo.getCreateTime());
- resPrivInfos.add(resPrivInfo);
+
+ } else {
+ throw new HiveAccessControlException(
+ "RangerHiveAuthorizer.showPrivileges():User has to specify"
+ + " a user name or role in the show grant. ");
}
return resPrivInfos;
http://git-wip-us.apache.org/repos/asf/ranger/blob/0878d19e/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
index 011d2c3..c6f0b8f 100644
--- a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
+++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
@@ -900,4 +900,13 @@ public class HIVERangerAuthorizerTest {
connection.close();
}
+ @Test
+ public void testShowPrivileges() throws Exception {
+ String initialUrl = "jdbc:hive2://localhost:" + port;
+ Connection connection = DriverManager.getConnection(initialUrl, "admin", "admin");
+ Statement statement = connection.createStatement();
+ Assert.assertTrue(statement.execute("show grant user admin"));
+ statement.close();
+ }
+
}