You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2021/08/12 06:31:30 UTC
[ranger] branch ranger-2.2 updated: RANGER-3353:Show roles is not listing all roles

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.2 by this push:
     new c874248  RANGER-3353:Show roles is not listing all roles
c874248 is described below

commit c8742481f7ce581b3050b2dfb0b02cdca662da3e
Author: Ramesh Mani <rm...@cloudera.com>
AuthorDate: Wed Jul 28 23:58:10 2021 -0700

    RANGER-3353:Show roles is not listing all roles
    
    Signed-off-by: Ramesh Mani <rm...@cloudera.com>
---
 .../hive/authorizer/RangerHiveAuthorizer.java         | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index efe1ff7..7d3a63a 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -343,7 +343,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 		if (LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerHiveAuthorizer.getAllRoles()");
 		}
-		List<String>           ret          = null;
+		List<String>           ret          = new ArrayList<>();
 		RangerHiveAuditHandler auditHandler = new RangerHiveAuditHandler();
 		List<String> 		   userNames    = null;
 		boolean	               result       = false;
@@ -360,13 +360,20 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 
 		try {
 			if (!hivePlugin.isServiceAdmin(currentUserName)) {
-				throw new HiveAccessControlException("RangerHiveAuthorizer.getPrincipalGrantInfoForRole(): User information not available...");
+				throw new HiveAccessControlException("RangerHiveAuthorizer.getAllRoles(): User not authorized to run show roles...");
 			}
 
-			Set<String> groups = Sets.newHashSet(ugi.getGroupNames());
-			userNames          = Arrays.asList(currentUserName);
-			Set<String> roles  = hivePlugin.getRolesFromUserAndGroups(currentUserName, groups);
-			ret = new ArrayList<>(roles);
+			userNames = Arrays.asList(currentUserName);
+
+			RangerRoles rangerRoles = hivePlugin.getRangerRoles();
+			if (rangerRoles != null) {
+				Set<RangerRole> roles = rangerRoles.getRangerRoles();
+				if (CollectionUtils.isNotEmpty(roles)) {
+					for (RangerRole rangerRole : roles) {
+						ret.add(rangerRole.getName());
+					}
+				}
+			}
 			result = true;
 
 		} catch(Exception excp) {