You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2017/02/10 23:45:36 UTC
ranger git commit: RANGER-1320:Ranger Hive Plugin Exception message
correction
Repository: ranger
Updated Branches:
refs/heads/master e4122919c -> 239cc55e1
RANGER-1320:Ranger Hive Plugin Exception message correction
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/239cc55e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/239cc55e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/239cc55e
Branch: refs/heads/master
Commit: 239cc55e11b5fc46761d6cde49a5c908938fb111
Parents: e412291
Author: rmani <rm...@hortonworks.com>
Authored: Fri Feb 10 15:44:43 2017 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Fri Feb 10 15:45:27 2017 -0800
----------------------------------------------------------------------
.../hive/authorizer/RangerHiveAuthorizer.java | 26 +++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/239cc55e/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index d468aeb..cb94f19 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -406,9 +406,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
if(result != null && !result.getIsAllowed()) {
String path = resource.getAsString();
- if (hiveOpType == HiveOperationType.DESCTABLE) {
- path = path + "/*";
- }
+ path = buildPathForException(path,hiveOpType);
throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]",
user, request.getHiveAccessType().name(), path));
}
@@ -1022,6 +1020,28 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
return accessType;
}
+ private String buildPathForException(String path, HiveOperationType hiveOpType) {
+ String ret = path;
+ int endIndex = 0;
+ switch(hiveOpType) {
+ case DESCTABLE:
+ ret = path + "/*";
+ break;
+ case QUERY:
+ try {
+ endIndex = StringUtils.ordinalIndexOf(path, "/", 2);
+ ret = path.substring(0,endIndex) + "/*";
+ } catch( Exception e) {
+ //omit and return the path.Log error only in debug.
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerHiveAuthorizer.buildPathForException(): Error while creating exception message ", e);
+ }
+ }
+ break;
+ }
+ return ret;
+ }
+
private boolean isURIAccessAllowed(String userName, FsAction action, String uri, HiveConf conf) {
boolean ret = false;