ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject git commit: ARGUS-17: workaround for the issue of revokePrivilege() API not receiving grantor name in the grantorPrinciple.
Date Thu, 28 Aug 2014 21:09:32 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master cb728432c -> 41842dff5


ARGUS-17: workaround for the issue of revokePrivilege() API not
receiving grantor name in the grantorPrinciple.

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/41842dff
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/41842dff
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/41842dff

Branch: refs/heads/master
Commit: 41842dff581c632eb69a344023b902cf1afb6973
Parents: cb72843
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Thu Aug 28 13:31:21 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Thu Aug 28 13:31:21 2014 -0700

----------------------------------------------------------------------
 .../hbase/XaSecureAuthorizationCoprocessor.java |  4 +--
 .../hive/authorizer/XaSecureHiveAuthorizer.java | 32 ++++++++++++--------
 2 files changed, 21 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/41842dff/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
index 2120b22..d090a0b 100644
--- a/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
+++ b/hbase-agent/src/main/java/com/xasecure/authorization/hbase/XaSecureAuthorizationCoprocessor.java
@@ -965,12 +965,12 @@ public class XaSecureAuthorizationCoprocessor extends XaSecureAuthorizationCopro
 
 	@Override
 	public void checkPermissions(RpcController controller, AccessControlProtos.CheckPermissionsRequest
request, RpcCallback<AccessControlProtos.CheckPermissionsResponse> done) {
-		LOG.warn("checkPermissions(): ");
+		LOG.debug("checkPermissions(): ");
 	}
 
 	@Override
 	public void getUserPermissions(RpcController controller, AccessControlProtos.GetUserPermissionsRequest
request, RpcCallback<AccessControlProtos.GetUserPermissionsResponse> done) {
-		LOG.warn("getUserPermissions(): ");
+		LOG.debug("getUserPermissions(): ");
 	}
 
 	@Override

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/41842dff/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
index 247d19e..34fafdd 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
@@ -76,8 +76,8 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 	public void grantPrivileges(List<HivePrincipal> hivePrincipals,
 								List<HivePrivilege> hivePrivileges,
 								HivePrivilegeObject hivePrivObject,
-								HivePrincipal grantorPrincipal,
-								boolean       grantOption)
+								HivePrincipal       grantorPrincipal,
+								boolean             grantOption)
 										throws HiveAuthzPluginException, HiveAccessControlException {
 		if(! UpdateXaPoliciesOnGrantRevoke) {
 			throw new HiveAuthzPluginException("GRANT/REVOKE not supported in Argus HiveAuthorizer.
Please use Argus Security Admin to setup access control.");
@@ -87,7 +87,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 		XaHiveObjectAccessInfo objAccessInfo = getObjectAccessInfo(HiveOperationType.GRANT_PRIVILEGE,
hivePrivObject, new XaHiveAccessContext(null, getHiveAuthzSessionContext()), true);
 
 		try {
-			GrantRevokeData grData = createGrantRevokeData(objAccessInfo, hivePrincipals, hivePrivileges,
grantorPrincipal, grantOption);
+			GrantRevokeData grData = createGrantRevokeData(objAccessInfo, hivePrincipals, hivePrivileges,
getGrantorUsername(grantorPrincipal), grantOption);
 
 			if(LOG.isDebugEnabled()) {
 				LOG.debug("grantPrivileges(): " + grData.toJson());
@@ -124,8 +124,8 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase
{
 	public void revokePrivileges(List<HivePrincipal> hivePrincipals,
 								 List<HivePrivilege> hivePrivileges,
 								 HivePrivilegeObject hivePrivObject,
-								 HivePrincipal grantorPrincipal,
-								 boolean       grantOption)
+								 HivePrincipal       grantorPrincipal,
+								 boolean             grantOption)
 										 throws HiveAuthzPluginException, HiveAccessControlException {
 		if(! UpdateXaPoliciesOnGrantRevoke) {
 			throw new HiveAuthzPluginException("GRANT/REVOKE not supported in Argus HiveAuthorizer.
Please use Argus Security Admin to setup access control.");
@@ -135,7 +135,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase
{
 		XaHiveObjectAccessInfo objAccessInfo = getObjectAccessInfo(HiveOperationType.REVOKE_PRIVILEGE,
hivePrivObject, new XaHiveAccessContext(null, getHiveAuthzSessionContext()), true);
 
 		try {
-			GrantRevokeData grData = createGrantRevokeData(objAccessInfo, hivePrincipals, hivePrivileges,
grantorPrincipal, grantOption);
+			GrantRevokeData grData = createGrantRevokeData(objAccessInfo, hivePrincipals, hivePrivileges,
getGrantorUsername(grantorPrincipal), grantOption);
 
 			if(LOG.isDebugEnabled()) {
 				LOG.debug("revokePrivileges(): " + grData.toJson());
@@ -590,11 +590,23 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase
{
 		throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not
have privilege for [%s] command",
 											 ugi.getShortUserName(), hiveOpType.name()));
 	}
+	
+	private String getGrantorUsername(HivePrincipal grantorPrincipal) {
+		String grantor = grantorPrincipal != null ? grantorPrincipal.getName() : null;
+
+		if(StringUtil.isEmpty(grantor)) {
+			UserGroupInformation ugi = this.getCurrentUserGroupInfo();
+
+			grantor = ugi != null ? ugi.getShortUserName() : null;
+		}
+
+		return grantor;
+	}
 
 	private GrantRevokeData createGrantRevokeData(XaHiveObjectAccessInfo objAccessInfo,
 												  List<HivePrincipal>    hivePrincipals,
 												  List<HivePrivilege>    hivePrivileges,
-												  HivePrincipal          grantorPrincipal,
+												  String                 grantor,
 												  boolean                grantOption)
 														  throws HiveAccessControlException {
 		if(objAccessInfo == null ||
@@ -657,12 +669,6 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase
{
 			}
 		}
 
-		String grantor = grantorPrincipal != null ? grantorPrincipal.getName() : null;
-
-		if(StringUtil.isEmpty(grantor)) {
-			LOG.warn("grantorPrincipal.getName() is null/empty!");
-		}
-
 		GrantRevokeData grData = new GrantRevokeData();
 
 		grData.setHiveData(grantor, repositoryName, database, table, columns, permMap);


Mime
View raw message