You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2016/04/11 11:04:18 UTC
incubator-ranger git commit: RANGER-917: Ranger Hive authorizer
updates for changes in Hive
Repository: incubator-ranger
Updated Branches:
refs/heads/master 2867cc55e -> efdde916c
RANGER-917: Ranger Hive authorizer updates for changes in Hive
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/efdde916
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/efdde916
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/efdde916
Branch: refs/heads/master
Commit: efdde916c60a93bb0bce634ebee3c7000f52646f
Parents: 2867cc5
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Mon Apr 11 02:02:54 2016 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon Apr 11 02:02:54 2016 -0700
----------------------------------------------------------------------
.../service-defs/ranger-servicedef-hive.json | 12 ++---
.../hive/authorizer/RangerHiveAuthorizer.java | 51 ++++++++++++++++++--
2 files changed, 53 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/efdde916/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index 27e1443..1d97843 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -289,8 +289,8 @@
{
"itemId": 5,
"name": "MASK_DATE_DAY",
- "label": "Date: show only month and year",
- "description": "Date: show only month and year",
+ "label": "Date: mask day",
+ "description": "Date: mask day",
"transformer": "org.apache.ranger.authorization.hive.udf.MaskTransformer",
"dataMaskOptions": {
"initParam": "day=1; month=-1; year=-1"
@@ -299,8 +299,8 @@
{
"itemId": 6,
"name": "MASK_DATE_MONTH",
- "label": "Date: show only day and year",
- "description": "Date: show only day and year",
+ "label": "Date: mask month",
+ "description": "Date: mask month",
"transformer": "org.apache.ranger.authorization.hive.udf.MaskTransformer",
"dataMaskOptions": {
"initParam": "day=-1; month=0; year=-1"
@@ -309,8 +309,8 @@
{
"itemId": 7,
"name": "MASK_DATE_YEAR",
- "label": "Date: show only day and month",
- "description": "Date: show only day and month",
+ "label": "Date: mask year",
+ "description": "Date: mask year",
"transformer": "org.apache.ranger.authorization.hive.udf.MaskTransformer",
"dataMaskOptions": {
"initParam": "day=-1; month=-1; year=0"
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/efdde916/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index abd1081..ea0a6c1 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -471,15 +471,58 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
}
@Override
- public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(QueryContext queryContext, List<HivePrivilegeObject> list) throws SemanticException {
- List<HivePrivilegeObject> ret = list;
+ public List<HivePrivilegeObject> applyRowFilterAndColumnMasking(QueryContext queryContext, List<HivePrivilegeObject> hiveObjs) throws SemanticException {
+ List<HivePrivilegeObject> ret = new ArrayList<HivePrivilegeObject>();
if(LOG.isDebugEnabled()) {
- LOG.debug("==> applyRowFilterAndColumnMasking(" + queryContext + ", " + list + ")");
+ LOG.debug("==> applyRowFilterAndColumnMasking(" + queryContext + ", objCount=" + hiveObjs.size() + ")");
+ }
+
+ if(CollectionUtils.isNotEmpty(hiveObjs)) {
+ for (HivePrivilegeObject hiveObj : hiveObjs) {
+ HivePrivilegeObjectType hiveObjType = hiveObj.getType();
+
+ if(hiveObjType == null) {
+ hiveObjType = HivePrivilegeObjectType.TABLE_OR_VIEW;
+ }
+
+ LOG.debug("applyRowFilterAndColumnMasking(hiveObjType=" + hiveObjType + ")");
+
+ if (hiveObjType == HivePrivilegeObjectType.DATABASE || hiveObjType == HivePrivilegeObjectType.TABLE_OR_VIEW) {
+ String database = hiveObj.getDbname();
+ String table = hiveObj.getObjectName();
+
+ String rowFilterExpr = getRowFilterExpression(database, table);
+
+ if (StringUtils.isNotBlank(rowFilterExpr)) {
+ LOG.debug("rowFilter(database=" + database + ", table=" + table + "): " + rowFilterExpr);
+
+ hiveObj.setRowFilterExpression(rowFilterExpr);
+ }
+
+ if (CollectionUtils.isNotEmpty(hiveObj.getColumns())) {
+ List<String> columnTransformers = new ArrayList<String>();
+
+ for (String column : hiveObj.getColumns()) {
+ String columnTransformer = getCellValueTransformer(database, table, column);
+
+ if(StringUtils.isNotEmpty(columnTransformer)) {
+ LOG.debug("columnTransformer(database=" + database + ", table=" + table + ", column=" + column + "): " + columnTransformer);
+ }
+
+ columnTransformers.add(columnTransformer);
+ }
+
+ hiveObj.setCellValueTransformers(columnTransformers);
+ }
+ }
+
+ ret.add(hiveObj);
+ }
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== applyRowFilterAndColumnMasking(" + queryContext + ", " + list + "): " + ret);
+ LOG.debug("<== applyRowFilterAndColumnMasking(" + queryContext + ", objCount=" + hiveObjs.size() + "): retCount=" + ret.size());
}
return ret;