ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/2] git commit: ARGUS-136: updated Argus Hive Authorizer to be in sync with SQL Std authorizer for configuration white list.
Date Tue, 28 Oct 2014 17:02:38 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 5b4cf70bd -> a51988539


ARGUS-136: updated Argus Hive Authorizer to be in sync with SQL Std
authorizer for configuration white list.

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/7c32f509
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/7c32f509
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/7c32f509

Branch: refs/heads/master
Commit: 7c32f5093f920e14234fd0c365feec69b027df50
Parents: 5b4cf70
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Mon Oct 27 23:53:16 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Mon Oct 27 23:53:16 2014 -0700

----------------------------------------------------------------------
 .../authorizer/XaSecureHiveAuthorizerBase.java  | 21 ++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7c32f509/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
index f8ca40e..8a63035 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
@@ -24,17 +24,21 @@ import java.util.List;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.hive.conf.HiveConf;
+import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
 import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.DisallowTransformHook;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext.CLIENT_TYPE;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.SettableConfigUpdater;
 import org.apache.hadoop.security.UserGroupInformation;
 
 import com.xasecure.authorization.hive.XaHiveAccessContext;
@@ -97,10 +101,23 @@ public abstract class XaSecureHiveAuthorizerBase implements HiveAuthorizer
{
 	}
 
 	@Override
-	public void applyAuthorizationConfigPolicy(HiveConf conf) {
+	public void applyAuthorizationConfigPolicy(HiveConf hiveConf) throws HiveAuthzPluginException
{
 		LOG.debug("XaSecureHiveAuthorizerBase.applyAuthorizationConfigPolicy()");
 
-		// Nothing to do here for Argus Hive authorizer
+		// from SQLStdHiveAccessController.applyAuthorizationConfigPolicy()
+		if (mSessionContext != null && mSessionContext.getClientType() == CLIENT_TYPE.HIVESERVER2)
{
+			// Configure PREEXECHOOKS with DisallowTransformHook to disallow transform queries
+			String hooks = hiveConf.getVar(ConfVars.PREEXECHOOKS).trim();
+			if (hooks.isEmpty()) {
+				hooks = DisallowTransformHook.class.getName();
+			} else {
+				hooks = hooks + "," + DisallowTransformHook.class.getName();
+			}
+
+			hiveConf.setVar(ConfVars.PREEXECHOOKS, hooks);
+
+			SettableConfigUpdater.setHiveConfWhiteList(hiveConf);
+		}
 	}
 
 	/**


Mime
View raw message