You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jo...@apache.org on 2017/05/03 16:47:12 UTC

[29/53] [abbrv] ambari git commit: AMBARI-20898. Hive View 2.0 shows Ranger authorizations even if Ranger Hive plugin is disabled. (dipayanb)

AMBARI-20898. Hive View 2.0 shows Ranger authorizations even if Ranger Hive plugin is disabled. (dipayanb)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9eddcc21
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9eddcc21
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9eddcc21

Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 9eddcc21dce8939ad5fa6e3507f88b3a912e89e4
Parents: d293ec1
Author: Dipayan Bhowmick <di...@gmail.com>
Authored: Mon May 1 00:33:32 2017 +0530
Committer: Dipayan Bhowmick <di...@gmail.com>
Committed: Mon May 1 00:34:05 2017 +0530

----------------------------------------------------------------------
 .../resources/system/ranger/RangerService.java     | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/9eddcc21/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
----------------------------------------------------------------------
diff --git a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
index 6c68b2f..a5222ce 100644
--- a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
+++ b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java
@@ -46,7 +46,10 @@ import java.util.Map;
  */
 public class RangerService {
 
+  public static final String RANGER_HIVE_AUTHORIZER_FACTORY_CLASSNAME = "org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory";
   private static final String RANGER_CONFIG_URL = "/api/v1/clusters/%s/configurations/service_config_versions?service_name=RANGER&is_current=true";
+  public static final String HIVESERVER2_SITE = "hiveserver2-site";
+  public static final String AUTHORIZATION_MANAGER_KEY = "hive.security.authorization.manager";
 
   protected final Logger LOG = LoggerFactory.getLogger(getClass());
 
@@ -75,6 +78,12 @@ public class RangerService {
   }
 
   private List<Policy> getPoliciesFromAmbariCluster(String database, String table) {
+
+    if (!isHiveRangerPluginEnabled()) {
+      LOG.error("Ranger authorization is not enabled for Hive");
+      throw new RangerException("Ranger authorization is not enabled for Hive", "CONFIGURATION_ERROR", 500);
+    }
+
     String rangerUrl = null;
     try {
       rangerUrl = getRangerUrlFromAmbari();
@@ -274,6 +283,14 @@ public class RangerService {
   }
 
   /**
+   * Check if the ranger plugin is enable for hive
+   */
+  private boolean isHiveRangerPluginEnabled() {
+    String authManagerConf = context.getCluster().getConfigurationValue(HIVESERVER2_SITE, AUTHORIZATION_MANAGER_KEY);
+    return !StringUtils.isEmpty(authManagerConf) && authManagerConf.equals(RANGER_HIVE_AUTHORIZER_FACTORY_CLASSNAME);
+  }
+
+  /**
    * POJO class to store the policy information from Ranger
    */
   public static class Policy {