You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by db...@apache.org on 2017/04/30 19:03:44 UTC

ambari git commit: AMBARI-20898. Hive View 2.0 shows Ranger authorizations even if Ranger Hive plugin is disabled. (dipayanb)

Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 535883b2c -> 6ce938366


AMBARI-20898. Hive View 2.0 shows Ranger authorizations even if Ranger Hive plugin is disabled. (dipayanb)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6ce93836
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6ce93836
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6ce93836

Branch: refs/heads/branch-2.5
Commit: 6ce93836697d80a70e93f127f817956d3fb1513f
Parents: 535883b
Author: Dipayan Bhowmick <di...@gmail.com>
Authored: Mon May 1 00:33:32 2017 +0530
Committer: Dipayan Bhowmick <di...@gmail.com>
Committed: Mon May 1 00:33:32 2017 +0530

----------------------------------------------------------------------
 .../resources/system/ranger/RangerService.java     | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/6ce93836/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
----------------------------------------------------------------------
diff --git a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
index 6c68b2f..a5222ce 100644
--- a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
+++ b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
@@ -46,7 +46,10 @@ import java.util.Map;
  */
 public class RangerService {
 
+  public static final String RANGER_HIVE_AUTHORIZER_FACTORY_CLASSNAME = "org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory";
   private static final String RANGER_CONFIG_URL = "/api/v1/clusters/%s/configurations/service_config_versions?service_name=RANGER&is_current=true";
+  public static final String HIVESERVER2_SITE = "hiveserver2-site";
+  public static final String AUTHORIZATION_MANAGER_KEY = "hive.security.authorization.manager";
 
   protected final Logger LOG = LoggerFactory.getLogger(getClass());
 
@@ -75,6 +78,12 @@ public class RangerService {
   }
 
   private List<Policy> getPoliciesFromAmbariCluster(String database, String table) {
+
+    if (!isHiveRangerPluginEnabled()) {
+      LOG.error("Ranger authorization is not enabled for Hive");
+      throw new RangerException("Ranger authorization is not enabled for Hive", "CONFIGURATION_ERROR", 500);
+    }
+
     String rangerUrl = null;
     try {
       rangerUrl = getRangerUrlFromAmbari();
@@ -274,6 +283,14 @@ public class RangerService {
   }
 
   /**
+   * Check if the ranger plugin is enable for hive
+   */
+  private boolean isHiveRangerPluginEnabled() {
+    String authManagerConf = context.getCluster().getConfigurationValue(HIVESERVER2_SITE, AUTHORIZATION_MANAGER_KEY);
+    return !StringUtils.isEmpty(authManagerConf) && authManagerConf.equals(RANGER_HIVE_AUTHORIZER_FACTORY_CLASSNAME);
+  }
+
+  /**
    * POJO class to store the policy information from Ranger
    */
   public static class Policy {