You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2021/08/12 06:31:30 UTC
[ranger] branch ranger-2.2 updated: RANGER-3353:Show roles is not
listing all roles
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new c874248 RANGER-3353:Show roles is not listing all roles
c874248 is described below
commit c8742481f7ce581b3050b2dfb0b02cdca662da3e
Author: Ramesh Mani <rm...@cloudera.com>
AuthorDate: Wed Jul 28 23:58:10 2021 -0700
RANGER-3353:Show roles is not listing all roles
Signed-off-by: Ramesh Mani <rm...@cloudera.com>
---
.../hive/authorizer/RangerHiveAuthorizer.java | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index efe1ff7..7d3a63a 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -343,7 +343,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerHiveAuthorizer.getAllRoles()");
}
- List<String> ret = null;
+ List<String> ret = new ArrayList<>();
RangerHiveAuditHandler auditHandler = new RangerHiveAuditHandler();
List<String> userNames = null;
boolean result = false;
@@ -360,13 +360,20 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
try {
if (!hivePlugin.isServiceAdmin(currentUserName)) {
- throw new HiveAccessControlException("RangerHiveAuthorizer.getPrincipalGrantInfoForRole(): User information not available...");
+ throw new HiveAccessControlException("RangerHiveAuthorizer.getAllRoles(): User not authorized to run show roles...");
}
- Set<String> groups = Sets.newHashSet(ugi.getGroupNames());
- userNames = Arrays.asList(currentUserName);
- Set<String> roles = hivePlugin.getRolesFromUserAndGroups(currentUserName, groups);
- ret = new ArrayList<>(roles);
+ userNames = Arrays.asList(currentUserName);
+
+ RangerRoles rangerRoles = hivePlugin.getRangerRoles();
+ if (rangerRoles != null) {
+ Set<RangerRole> roles = rangerRoles.getRangerRoles();
+ if (CollectionUtils.isNotEmpty(roles)) {
+ for (RangerRole rangerRole : roles) {
+ ret.add(rangerRole.getName());
+ }
+ }
+ }
result = true;
} catch(Exception excp) {