You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2017/04/24 07:37:14 UTC
Review Request 58658: RANGER-1513:Add Support for S3 authorization in
Ranger Hive Plugin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1513
https://issues.apache.org/jira/browse/RANGER-1513
Repository: ranger
Description
-------
RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
Diffs
-----
agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef
hive-agent/src/test/resources/hive-policies.json 2b568dc
Diff: https://reviews.apache.org/r/58658/diff/1/
Testing
-------
Test in local VM
Thanks,
Ramesh Mani
Re: Review Request 58658: RANGER-1513:Add Support for S3
authorization in Ranger Hive Plugin
Posted by Ramesh Mani <rm...@hortonworks.com>.
> On April 30, 2017, 8:25 p.m., Madhan Neethiraj wrote:
> > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
> > Lines 1415 (patched)
> > <https://reviews.apache.org/r/58658/diff/2/?file=1703904#file1703904line1416>
> >
> > Would current URI access checks (for hdfs://, file://), that are performed by FileSystem, be done using Ranger Hive policies after this patch?
> >
> > If yes, new Ranger Hive policies would have to be added to allow URL access; else it might break existing deployments. Please review.
> >
> > One option to consider is to fallback on FileSystem access check when there is no Ranger Hive policy to grant the necessary access.
Currently URI check for hdfs://, file:// are not done by the Hive Policies, it is be done by the FileSystem access check. Only if its s3a://, s3n:// it will be done by Hive Policy.
- Ramesh
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/#review173456
-----------------------------------------------------------
On May 4, 2017, 5:10 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58658/
> -----------------------------------------------------------
>
> (Updated May 4, 2017, 5:10 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1513
> https://issues.apache.org/jira/browse/RANGER-1513
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef
> hive-agent/src/test/resources/hive-policies.json 2b568dc
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/58658/diff/3/
>
>
> Testing
> -------
>
> Test in local VM
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 58658: RANGER-1513:Add Support for S3
authorization in Ranger Hive Plugin
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/#review173456
-----------------------------------------------------------
agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
Line 143 (original), 162 (patched)
<https://reviews.apache.org/r/58658/#comment246436>
It might be good to add the new access-types, read/write, be added in impliedGrants of "all". Please review.
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
Lines 1415 (patched)
<https://reviews.apache.org/r/58658/#comment246435>
Would current URI access checks (for hdfs://, file://), that are performed by FileSystem, be done using Ranger Hive policies after this patch?
If yes, new Ranger Hive policies would have to be added to allow URL access; else it might break existing deployments. Please review.
One option to consider is to fallback on FileSystem access check when there is no Ranger Hive policy to grant the necessary access.
- Madhan Neethiraj
On April 30, 2017, 9:37 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58658/
> -----------------------------------------------------------
>
> (Updated April 30, 2017, 9:37 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1513
> https://issues.apache.org/jira/browse/RANGER-1513
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef
> hive-agent/src/test/resources/hive-policies.json 2b568dc
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java 7d6a23d
>
>
> Diff: https://reviews.apache.org/r/58658/diff/2/
>
>
> Testing
> -------
>
> Test in local VM
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 58658: RANGER-1513:Add Support for S3
authorization in Ranger Hive Plugin
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/#review174057
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On May 4, 2017, 5:10 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58658/
> -----------------------------------------------------------
>
> (Updated May 4, 2017, 5:10 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1513
> https://issues.apache.org/jira/browse/RANGER-1513
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef
> hive-agent/src/test/resources/hive-policies.json 2b568dc
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/58658/diff/3/
>
>
> Testing
> -------
>
> Test in local VM
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 58658: RANGER-1513:Add Support for S3
authorization in Ranger Hive Plugin
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/#review174059
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On May 4, 2017, 5:10 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58658/
> -----------------------------------------------------------
>
> (Updated May 4, 2017, 5:10 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1513
> https://issues.apache.org/jira/browse/RANGER-1513
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef
> hive-agent/src/test/resources/hive-policies.json 2b568dc
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/58658/diff/3/
>
>
> Testing
> -------
>
> Test in local VM
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 58658: RANGER-1513:Add Support for S3
authorization in Ranger Hive Plugin
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/
-----------------------------------------------------------
(Updated May 4, 2017, 5:10 p.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
Changes
-------
Fixed Review comments
Bugs: RANGER-1513
https://issues.apache.org/jira/browse/RANGER-1513
Repository: ranger
Description
-------
RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
Diffs (updated)
-----
agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef
hive-agent/src/test/resources/hive-policies.json 2b568dc
security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java PRE-CREATION
Diff: https://reviews.apache.org/r/58658/diff/3/
Changes: https://reviews.apache.org/r/58658/diff/2-3/
Testing
-------
Test in local VM
Thanks,
Ramesh Mani
Re: Review Request 58658: RANGER-1513:Add Support for S3
authorization in Ranger Hive Plugin
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/#review173474
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java
Line 35 (original), 35 (patched)
<https://reviews.apache.org/r/58658/#comment246471>
Should we not create a separate Java patch because this patch would have been already executed in an earlier version?
- Velmurugan Periasamy
On April 30, 2017, 9:37 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58658/
> -----------------------------------------------------------
>
> (Updated April 30, 2017, 9:37 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1513
> https://issues.apache.org/jira/browse/RANGER-1513
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef
> hive-agent/src/test/resources/hive-policies.json 2b568dc
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java 7d6a23d
>
>
> Diff: https://reviews.apache.org/r/58658/diff/2/
>
>
> Testing
> -------
>
> Test in local VM
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 58658: RANGER-1513:Add Support for S3
authorization in Ranger Hive Plugin
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/
-----------------------------------------------------------
(Updated April 30, 2017, 9:37 a.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
Changes
-------
upgrade scenario handling
Bugs: RANGER-1513
https://issues.apache.org/jira/browse/RANGER-1513
Repository: ranger
Description
-------
RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
Diffs (updated)
-----
agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java 09ecd1e
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 57b4eef
hive-agent/src/test/resources/hive-policies.json 2b568dc
security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java 7d6a23d
Diff: https://reviews.apache.org/r/58658/diff/2/
Changes: https://reviews.apache.org/r/58658/diff/1-2/
Testing
-------
Test in local VM
Thanks,
Ramesh Mani