You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by db...@apache.org on 2017/04/30 19:03:44 UTC
ambari git commit: AMBARI-20898. Hive View 2.0 shows Ranger
authorizations even if Ranger Hive plugin is disabled. (dipayanb)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 535883b2c -> 6ce938366
AMBARI-20898. Hive View 2.0 shows Ranger authorizations even if Ranger Hive plugin is disabled. (dipayanb)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6ce93836
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6ce93836
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6ce93836
Branch: refs/heads/branch-2.5
Commit: 6ce93836697d80a70e93f127f817956d3fb1513f
Parents: 535883b
Author: Dipayan Bhowmick <di...@gmail.com>
Authored: Mon May 1 00:33:32 2017 +0530
Committer: Dipayan Bhowmick <di...@gmail.com>
Committed: Mon May 1 00:33:32 2017 +0530
----------------------------------------------------------------------
.../resources/system/ranger/RangerService.java | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/6ce93836/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
----------------------------------------------------------------------
diff --git a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
index 6c68b2f..a5222ce 100644
--- a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
+++ b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
@@ -46,7 +46,10 @@ import java.util.Map;
*/
public class RangerService {
+ public static final String RANGER_HIVE_AUTHORIZER_FACTORY_CLASSNAME = "org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory";
private static final String RANGER_CONFIG_URL = "/api/v1/clusters/%s/configurations/service_config_versions?service_name=RANGER&is_current=true";
+ public static final String HIVESERVER2_SITE = "hiveserver2-site";
+ public static final String AUTHORIZATION_MANAGER_KEY = "hive.security.authorization.manager";
protected final Logger LOG = LoggerFactory.getLogger(getClass());
@@ -75,6 +78,12 @@ public class RangerService {
}
private List<Policy> getPoliciesFromAmbariCluster(String database, String table) {
+
+ if (!isHiveRangerPluginEnabled()) {
+ LOG.error("Ranger authorization is not enabled for Hive");
+ throw new RangerException("Ranger authorization is not enabled for Hive", "CONFIGURATION_ERROR", 500);
+ }
+
String rangerUrl = null;
try {
rangerUrl = getRangerUrlFromAmbari();
@@ -274,6 +283,14 @@ public class RangerService {
}
/**
+ * Check if the ranger plugin is enable for hive
+ */
+ private boolean isHiveRangerPluginEnabled() {
+ String authManagerConf = context.getCluster().getConfigurationValue(HIVESERVER2_SITE, AUTHORIZATION_MANAGER_KEY);
+ return !StringUtils.isEmpty(authManagerConf) && authManagerConf.equals(RANGER_HIVE_AUTHORIZER_FACTORY_CLASSNAME);
+ }
+
+ /**
* POJO class to store the policy information from Ranger
*/
public static class Policy {