You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/10/28 17:00:10 UTC
[34/50] [abbrv] incubator-ranger git commit: RANGER-675: fix the
incorrect column authorization via tag
RANGER-675: fix the incorrect column authorization via tag
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/54270d55
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/54270d55
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/54270d55
Branch: refs/heads/master
Commit: 54270d556f0341920f25d141c55746e8ec8bbea3
Parents: 89b7ba2
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Thu Oct 1 18:23:11 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Thu Oct 1 18:23:11 2015 -0700
----------------------------------------------------------------------
.../contextenricher/RangerTagEnricher.java | 14 ++---------
.../plugin/util/RangerAccessRequestUtil.java | 26 +++++++++++++++++++-
.../authorizer/RangerHiveAccessRequest.java | 3 ++-
3 files changed, 29 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/54270d55/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
index 6388c78..b5662bf 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
@@ -129,20 +129,10 @@ public class RangerTagEnricher extends RangerAbstractContextEnricher {
List<RangerTag> matchedTags = findMatchingTags(request.getResource(), serviceResourceMatchersCopy);
- if (CollectionUtils.isNotEmpty(matchedTags)) {
- RangerAccessRequestUtil.setRequestTagsInContext(request.getContext(), matchedTags);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("RangerTagEnricher.enrich(" + request + ") - " + matchedTags.size() + " tags found by enricher.");
- }
- } else {
- if (LOG.isDebugEnabled()) {
- LOG.debug("RangerTagEnricher.enrich(" + request + ") - no tags found by enricher.");
- }
- }
+ RangerAccessRequestUtil.setRequestTagsInContext(request.getContext(), matchedTags);
if (LOG.isDebugEnabled()) {
- LOG.debug("<== RangerTagEnricher.enrich(" + request + ")");
+ LOG.debug("<== RangerTagEnricher.enrich(" + request + "): tags count=" + (matchedTags == null ? 0 : matchedTags.size()));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/54270d55/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
index 92a87d0..0ce3721 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
@@ -19,9 +19,12 @@
package org.apache.ranger.plugin.util;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.model.RangerTag;
@@ -36,7 +39,11 @@ public class RangerAccessRequestUtil {
public static final String KEY_CONTEXT_REQUESTED_RESOURCES = "REQUESTED_RESOURCES";
public static void setRequestTagsInContext(Map<String, Object> context, List<RangerTag> tags) {
- context.put(KEY_CONTEXT_TAGS, tags);
+ if(CollectionUtils.isEmpty(tags)) {
+ context.remove(KEY_CONTEXT_TAGS);
+ } else {
+ context.put(KEY_CONTEXT_TAGS, tags);
+ }
}
public static List<RangerTag> getRequestTagsFromContext(Map<String, Object> context) {
@@ -101,4 +108,21 @@ public class RangerAccessRequestUtil {
return ret;
}
+
+ public static Map<String, Object> copyContext(Map<String, Object> context) {
+ final Map<String, Object> ret;
+
+ if(MapUtils.isEmpty(context)) {
+ ret = new HashMap<String, Object>();
+ } else {
+ ret = new HashMap<String, Object>(context);
+
+ ret.remove(KEY_CONTEXT_TAGS);
+ ret.remove(KEY_CONTEXT_TAG_OBJECT);
+ ret.remove(KEY_CONTEXT_RESOURCE);
+ // don't remove REQUESTED_RESOURCES
+ }
+
+ return ret;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/54270d55/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
index 9f99ea1..3140056 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
@@ -27,6 +27,7 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
+import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
public class RangerHiveAccessRequest extends RangerAccessRequestImpl {
@@ -101,7 +102,7 @@ public class RangerHiveAccessRequest extends RangerAccessRequestImpl {
ret.setRequestData(getRequestData());
ret.setClientType(getClientType());
ret.setSessionId(getSessionId());
- ret.setContext(getContext());
+ ret.setContext(RangerAccessRequestUtil.copyContext(getContext()));
ret.accessType = accessType;
return ret;