You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2021/01/02 12:37:38 UTC
[ranger] branch master updated (f13d208 -> 6fcab69)
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from f13d208 RANGER-3134:Remove global JAAS Configuration for Ranger auditing to SOLR
new 5797bb9 RANGER-3135: optimze log print for querying roles
new bd1cf09 RANGER-3136: NUllPointException occur when import polices anf isOverride is selected
new 6fcab69 RANGER-3137: add select permission for lookup user in hive-agent
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../ranger/services/hive/RangerServiceHive.java | 5 ++++-
.../main/java/org/apache/ranger/rest/RoleREST.java | 20 ++++++++++++--------
.../java/org/apache/ranger/rest/ServiceREST.java | 3 ++-
3 files changed, 18 insertions(+), 10 deletions(-)
[ranger] 01/03: RANGER-3135: optimze log print for querying roles
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 5797bb9541c1bfa84fbfd9bd19dbd635c4928b6f
Author: rujia1019 <82...@163.com>
AuthorDate: Tue Dec 29 20:21:26 2020 +0800
RANGER-3135: optimze log print for querying roles
Signed-off-by: pradeep <pr...@apache.org>
---
.../main/java/org/apache/ranger/rest/RoleREST.java | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 86cda07..20db16d 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -280,6 +280,9 @@ public class RoleREST {
if (ret == null) {
throw restErrorUtil.createRESTException("User doesn't have permissions to get details for " + roleName);
}
+ if (ret.getName() == null) {
+ throw restErrorUtil.createRESTException("Role with name: " + roleName + " does not exist");
+ }
} catch(WebApplicationException excp) {
throw excp;
@@ -931,16 +934,17 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
try {
- if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
- existingRole = roleStore.getRole(roleName);
- ensureRoleAccess(effectiveUser, userGroups, existingRole);
-
- } else {
- existingRole = roleStore.getRole(roleName);
+ existingRole = roleStore.getRole(roleName);
+ if (!ensureRoleAccess(effectiveUser, userGroups, existingRole)) {
+ LOG.error("User does not have permission for this operation");
+ return null;
}
} catch (Exception ex) {
- LOG.error(ex.getMessage());
- return null;
+ if (bizUtil.isUserRangerAdmin(effectiveUser)) {
+ return new RangerRole();
+ } else {
+ return null;
+ }
}
return existingRole;
[ranger] 02/03: RANGER-3136: NUllPointException occur when import
polices anf isOverride is selected
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit bd1cf093b7a03431e3bbddf36dd2a565c32dcd40
Author: rujia1019 <82...@163.com>
AuthorDate: Tue Dec 29 21:17:45 2020 +0800
RANGER-3136: NUllPointException occur when import polices anf isOverride is selected
Signed-off-by: pradeep <pr...@apache.org>
---
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 8db022e..63ad281 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -2698,7 +2698,8 @@ public class ServiceREST {
for (int i = 0; i < sourceServices.size(); i++) {
if (!destinationServices.get(i).isEmpty() ) {
SearchFilter filter = new SearchFilter();
- filter.setParam("zoneName",zoneName);
+ filter.setParam(SearchFilter.ZONE_NAME, zoneName);
+ filter.setParam(SearchFilter.SERVICE_NAME, destinationServices.get(i));
RangerService service=getServiceByName(destinationServices.get(i));
final RangerPolicyList servicePolicies = getServicePolicies(destinationServices.get(i),filter);
if (servicePolicies != null) {
[ranger] 03/03: RANGER-3137: add select permission for lookup user
in hive-agent
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 6fcab6993e8beb94c80514dd44f53d9d5e63db8c
Author: rujia1019 <82...@163.com>
AuthorDate: Wed Dec 30 17:18:08 2020 +0800
RANGER-3137: add select permission for lookup user in hive-agent
Signed-off-by: pradeep <pr...@apache.org>
---
.../main/java/org/apache/ranger/services/hive/RangerServiceHive.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java b/hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java
index dbec221..e3b245c 100644
--- a/hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java
+++ b/hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java
@@ -128,8 +128,11 @@ public class RangerServiceHive extends RangerBaseService {
if (defaultPolicy.getName().contains("all") && StringUtils.isNotBlank(lookUpUser)) {
RangerPolicyItem policyItemForLookupUser = new RangerPolicyItem();
+ List<RangerPolicyItemAccess> accessListForLookupUser = new ArrayList<>();
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_SELECT));
policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
- policyItemForLookupUser.setAccesses(Collections.singletonList(new RangerPolicyItemAccess(ACCESS_TYPE_READ)));
+ policyItemForLookupUser.setAccesses(accessListForLookupUser);
policyItemForLookupUser.setDelegateAdmin(false);
defaultPolicy.getPolicyItems().add(policyItemForLookupUser);
}