ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [4/6] incubator-ranger git commit: RANGER-202: support authorization at namespace level
Date Fri, 05 Jun 2015 02:40:30 GMT
RANGER-202: support authorization at namespace level


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/89c524da
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/89c524da
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/89c524da

Branch: refs/heads/tag-policy
Commit: 89c524da9ea7b3360ffb460007df1570ca31d1b8
Parents: 3683ac0
Author: Madhan Neethiraj <madhan@apache.org>
Authored: Thu Jun 4 10:48:58 2015 -0700
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Thu Jun 4 10:48:58 2015 -0700

----------------------------------------------------------------------
 .../hbase/RangerAuthorizationCoprocessor.java   | 25 +++++++++++++-------
 1 file changed, 17 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/89c524da/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index fd93332..abf8a33 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -116,6 +116,7 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
 	private static final String GROUP_PREFIX = "@";
 		
 	private static final String WILDCARD = "*";
+	private static final String NAMESPACE_SEPARATOR = ":";
 	
     private static final TimeZone gmtTimeZone = TimeZone.getTimeZone("GMT+0");
 
@@ -1147,6 +1148,7 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
 		UserPermission      userPerm  = up == null ? null : ProtobufUtil.toUserPermission(up);
 		Permission.Action[] actions   = userPerm == null ? null : userPerm.getActions();
 		String              userName  = userPerm == null ? null : Bytes.toString(userPerm.getUser());
+		String              nameSpace = null;
 		String              tableName = null;
 		String              colFamily = null;
 		String              qualifier = null;
@@ -1175,19 +1177,22 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
 			break;
 
 			case Namespace:
-			default:
-				LOG.warn("grant(): ignoring type '" + perm.getType().name() + "'");
+				nameSpace = userPerm.getNamespace();
 			break;
 		}
 		
-		if(StringUtil.isEmpty(tableName) && StringUtil.isEmpty(colFamily) && StringUtil.isEmpty(qualifier))
{
-			throw new Exception("grant(): table/columnFamily/columnQualifier not specified");
+		if(StringUtil.isEmpty(nameSpace) && StringUtil.isEmpty(tableName) && StringUtil.isEmpty(colFamily)
&& StringUtil.isEmpty(qualifier)) {
+			throw new Exception("grant(): namespace/table/columnFamily/columnQualifier not specified");
 		}
 
 		tableName = StringUtil.isEmpty(tableName) ? WILDCARD : tableName;
 		colFamily = StringUtil.isEmpty(colFamily) ? WILDCARD : colFamily;
 		qualifier = StringUtil.isEmpty(qualifier) ? WILDCARD : qualifier;
 
+		if(! StringUtil.isEmpty(nameSpace)) {
+			tableName = nameSpace + NAMESPACE_SEPARATOR + tableName;
+		}
+
 		User   activeUser = getActiveUser();
 		String grantor    = activeUser != null ? activeUser.getShortName() : null;
 
@@ -1244,6 +1249,7 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
 
 		UserPermission      userPerm  = up == null ? null : ProtobufUtil.toUserPermission(up);
 		String              userName  = userPerm == null ? null : Bytes.toString(userPerm.getUser());
+		String              nameSpace = null;
 		String              tableName = null;
 		String              colFamily = null;
 		String              qualifier = null;
@@ -1268,12 +1274,11 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
 			break;
 
 			case Namespace:
-			default:
-				LOG.warn("revoke(): ignoring type '" + perm.getType().name() + "'");
+				nameSpace = userPerm.getNamespace();
 			break;
 		}
-		
-		if(StringUtil.isEmpty(tableName) && StringUtil.isEmpty(colFamily) && StringUtil.isEmpty(qualifier))
{
+
+		if(StringUtil.isEmpty(nameSpace) && StringUtil.isEmpty(tableName) && StringUtil.isEmpty(colFamily)
&& StringUtil.isEmpty(qualifier)) {
 			throw new Exception("revoke(): table/columnFamily/columnQualifier not specified");
 		}
 
@@ -1281,6 +1286,10 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
 		colFamily = StringUtil.isEmpty(colFamily) ? WILDCARD : colFamily;
 		qualifier = StringUtil.isEmpty(qualifier) ? WILDCARD : qualifier;
 
+		if(! StringUtil.isEmpty(nameSpace)) {
+			tableName = nameSpace + NAMESPACE_SEPARATOR + tableName;
+		}
+
 		User   activeUser = getActiveUser();
 		String grantor    = activeUser != null ? activeUser.getShortName() : null;
 


Mime
View raw message