ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rm...@apache.org
Subject ranger git commit: RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
Date Fri, 05 May 2017 23:30:24 GMT
Repository: ranger
Updated Branches:
  refs/heads/ranger-0.7 ca69b58ca -> 2fabba3f6


RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin

Signed-off-by: rmani <rmani@hortonworks.com>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/2fabba3f
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/2fabba3f
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/2fabba3f

Branch: refs/heads/ranger-0.7
Commit: 2fabba3f6af06b79c012841c886eb639a6307b40
Parents: ca69b58
Author: rmani <rmani@hortonworks.com>
Authored: Thu May 4 10:08:52 2017 -0700
Committer: rmani <rmani@hortonworks.com>
Committed: Fri May 5 16:13:00 2017 -0700

----------------------------------------------------------------------
 .../service-defs/ranger-servicedef-hive.json    |  35 +++-
 .../hive/authorizer/RangerHiveAuthorizer.java   |  79 +++++++--
 .../hive/authorizer/RangerHiveResource.java     |  28 ++--
 .../services/hive/HIVERangerAuthorizerTest.java |  16 ++
 .../src/test/resources/hive-policies.json       |  77 +++++++++
 .../PatchForHiveServiceDefUpdate_J10007.java    | 166 +++++++++++++++++++
 6 files changed, 374 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/2fabba3f/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
----------------------------------------------------------------------
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
index b254d20..5456e2b 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
@@ -81,6 +81,25 @@
 			"uiHint":"",
 			"label": "Hive Column",
 			"description": "Hive Column"
+		},
+
+		{
+			"itemId": 5,
+			"name": "url",
+			"type": "string",
+			"level": 10,
+			"parent": "",
+			"mandatory": true,
+			"lookupSupported": false,
+			"recursiveSupported": true,
+			"excludesSupported": false,
+			"matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+			"matcherOptions": { "wildCard":true, "ignoreCase":false },
+			"validationRegEx":"",
+			"validationMessage": "",
+			"uiHint":"",
+			"label": "URL",
+			"description": "URL"
 		}
 	],
 
@@ -140,8 +159,22 @@
 				"drop",
 				"alter",
 				"index",
-				"lock"
+				"lock",
+				"read",
+				"write"
 			]
+		},
+
+		{
+			"itemId": 9,
+			"name": "read",
+			"label": "Read"
+		},
+
+		{
+			"itemId": 10,
+			"name": "write",
+			"label": "Write"
 		}
 	],
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/2fabba3f/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 870131b..8f6311e 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -247,8 +247,9 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 						continue;
 					}
 
-					if(resource.getObjectType() == HiveObjectType.URI) {
-						String   path       = hiveObj.getObjectName();
+					String 	path         		= hiveObj.getObjectName();
+					HiveObjectType hiveObjType  = resource.getObjectType();
+					if(hiveObjType == HiveObjectType.URI && isPathInFSScheme(path)) {
 						FsAction permission = FsAction.READ;
 
 						if(!isURIAccessAllowed(user, permission, path, getHiveConf())) {
@@ -258,7 +259,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 						continue;
 					}
 
-					HiveAccessType accessType = getAccessType(hiveObj, hiveOpType, true);
+					HiveAccessType accessType = getAccessType(hiveObj, hiveOpType, hiveObjType, true);
 
 					if(accessType == HiveAccessType.NONE) {
 						continue;
@@ -291,8 +292,9 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 						continue;
 					}
 
-					if(resource.getObjectType() == HiveObjectType.URI) {
-						String   path       = hiveObj.getObjectName();
+					String   path       = hiveObj.getObjectName();
+					HiveObjectType hiveObjType  = resource.getObjectType();
+					if(hiveObjType == HiveObjectType.URI  && isPathInFSScheme(path)) {
 						FsAction permission = FsAction.WRITE;
 
 		                if(!isURIAccessAllowed(user, permission, path, getHiveConf())) {
@@ -302,7 +304,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 						continue;
 					}
 
-					HiveAccessType accessType = getAccessType(hiveObj, hiveOpType, false);
+					HiveAccessType accessType = getAccessType(hiveObj, hiveOpType, hiveObjType, false);
 
 					if(accessType == HiveAccessType.NONE) {
 						continue;
@@ -842,10 +844,22 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 
 		return objType;
 	}
-	
-	private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationType hiveOpType,
boolean isInput) {
+
+	private HiveAccessType getAccessType(HivePrivilegeObject hiveObj, HiveOperationType hiveOpType,
HiveObjectType hiveObjectType, boolean isInput) {
 		HiveAccessType           accessType       = HiveAccessType.NONE;
 		HivePrivObjectActionType objectActionType = hiveObj.getActionType();
+
+		// This is for S3 read operation
+		if (hiveObjectType == HiveObjectType.URI && isInput ) {
+			accessType = HiveAccessType.READ;
+			return accessType;
+		}
+		// This is for S3 write
+		if (hiveObjectType == HiveObjectType.URI && !isInput ) {
+			accessType = HiveAccessType.WRITE;
+			return accessType;
+		}
+
 		switch(objectActionType) {
 			case INSERT:
 			case INSERT_OVERWRITE:
@@ -1096,6 +1110,23 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase
{
         return ret;
     }
 
+	private boolean isPathInFSScheme(String uri) {
+		// This is to find if HIVE URI operation done is for hdfs,file scheme
+		// else it may be for s3 which needs another set of authorization calls.
+		boolean ret = false;
+		String[] fsScheme = hivePlugin.getFSScheme();
+		if (fsScheme != null) {
+			for (int i = 0; i < fsScheme.length; i++) {
+				if (!uri.isEmpty() && uri.startsWith(fsScheme[i])) {
+					ret = true;
+					break;
+				}
+			}
+		}
+		return ret;
+	}
+
+
 	private void handleDfsCommand(HiveOperationType         hiveOpType,
 								  List<HivePrivilegeObject> inputHObjs,
 								  String                    user,
@@ -1378,25 +1409,41 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase
{
 }
 
 enum HiveObjectType { NONE, DATABASE, TABLE, VIEW, PARTITION, INDEX, COLUMN, FUNCTION, URI
};
-enum HiveAccessType { NONE, CREATE, ALTER, DROP, INDEX, LOCK, SELECT, UPDATE, USE, ALL, ADMIN
};
+enum HiveAccessType { NONE, CREATE, ALTER, DROP, INDEX, LOCK, SELECT, UPDATE, USE, READ,
WRITE, ALL, ADMIN };
 
 class RangerHivePlugin extends RangerBasePlugin {
-	public static boolean UpdateXaPoliciesOnGrantRevoke             = RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE;
+	public static boolean UpdateXaPoliciesOnGrantRevoke = RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE;
 	public static boolean BlockUpdateIfRowfilterColumnMaskSpecified = RangerHadoopConstants.HIVE_BLOCK_UPDATE_IF_ROWFILTER_COLUMNMASK_SPECIFIED_DEFAULT_VALUE;
-	public static String DescribeShowTableAuth						= RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP_DEFAULT_VALUE;
+	public static String DescribeShowTableAuth = RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP_DEFAULT_VALUE;
+
+	private static String RANGER_PLUGIN_HIVE_ULRAUTH_FILESYSTEM_SCHEMES = "ranger.plugin.hive.urlauth.filesystem.schemes";
+	private static String RANGER_PLUGIN_HIVE_ULRAUTH_FILESYSTEM_SCHEMES_DEFAULT = "hdfs:,file:";
+	private static String FILESYSTEM_SCHEMES_SEPARATOR_CHAR = ",";
+	private String[] fsScheme = null;
 
 	public RangerHivePlugin(String appType) {
 		super("hive", appType);
 	}
-	
+
 	@Override
 	public void init() {
 		super.init();
 
-		RangerHivePlugin.UpdateXaPoliciesOnGrantRevoke             = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_PROP,
RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE);
+		RangerHivePlugin.UpdateXaPoliciesOnGrantRevoke = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_PROP,
RangerHadoopConstants.HIVE_UPDATE_RANGER_POLICIES_ON_GRANT_REVOKE_DEFAULT_VALUE);
 		RangerHivePlugin.BlockUpdateIfRowfilterColumnMaskSpecified = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.HIVE_BLOCK_UPDATE_IF_ROWFILTER_COLUMNMASK_SPECIFIED_PROP,
RangerHadoopConstants.HIVE_BLOCK_UPDATE_IF_ROWFILTER_COLUMNMASK_SPECIFIED_DEFAULT_VALUE);
-		RangerHivePlugin.DescribeShowTableAuth				   	   = RangerConfiguration.getInstance().get(RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP,RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP_DEFAULT_VALUE);
-	}
-}
+		RangerHivePlugin.DescribeShowTableAuth = RangerConfiguration.getInstance().get(RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP,
RangerHadoopConstants.HIVE_DESCRIBE_TABLE_SHOW_COLUMNS_AUTH_OPTION_PROP_DEFAULT_VALUE);
 
+		String fsSchemesString = RangerConfiguration.getInstance().get(RANGER_PLUGIN_HIVE_ULRAUTH_FILESYSTEM_SCHEMES,
RANGER_PLUGIN_HIVE_ULRAUTH_FILESYSTEM_SCHEMES_DEFAULT);
+		fsScheme = StringUtils.split(fsSchemesString, FILESYSTEM_SCHEMES_SEPARATOR_CHAR);
 
+		if (fsScheme != null) {
+			for (int i = 0; i < fsScheme.length; i++) {
+				fsScheme[i] = fsScheme[i].trim();
+			}
+		}
+	}
+
+	public String[] getFSScheme() {
+		return fsScheme;
+	}
+}

http://git-wip-us.apache.org/repos/asf/ranger/blob/2fabba3f/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
index 09ecd1e..3f1279f 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
@@ -29,32 +29,33 @@ public class RangerHiveResource extends RangerAccessResourceImpl {
 	public static final String KEY_TABLE    = "table";
 	public static final String KEY_UDF      = "udf";
 	public static final String KEY_COLUMN   = "column";
+	public static final String KEY_URL		= "url";
 
 	private HiveObjectType objectType = null;
 
-	public RangerHiveResource(HiveObjectType objectType, String database) {
-		this(objectType, database, null, null);
+	public RangerHiveResource(HiveObjectType objectType, String databaseorUrl) {
+		this(objectType, databaseorUrl, null, null);
 	}
 
-	public RangerHiveResource(HiveObjectType objectType, String database, String tableOrUdf)
{
-		this(objectType, database, tableOrUdf, null);
+	public RangerHiveResource(HiveObjectType objectType, String databaseorUrl, String tableOrUdf)
{
+		this(objectType, databaseorUrl, tableOrUdf, null);
 	}
 	
-	public RangerHiveResource(HiveObjectType objectType, String database, String tableOrUdf,
String column) {
+	public RangerHiveResource(HiveObjectType objectType, String databaseorUrl, String tableOrUdf,
String column) {
 		this.objectType = objectType;
 
 		switch(objectType) {
 			case DATABASE:
-				setValue(KEY_DATABASE, database);
+				setValue(KEY_DATABASE, databaseorUrl);
 			break;
 	
 			case FUNCTION:
-				setValue(KEY_DATABASE, database);
+				setValue(KEY_DATABASE, databaseorUrl);
 				setValue(KEY_UDF, tableOrUdf);
 			break;
 
 			case COLUMN:
-				setValue(KEY_DATABASE, database);
+				setValue(KEY_DATABASE, databaseorUrl);
 				setValue(KEY_TABLE, tableOrUdf);
 				setValue(KEY_COLUMN, column);
 			break;
@@ -63,12 +64,15 @@ public class RangerHiveResource extends RangerAccessResourceImpl {
 			case VIEW:
 			case INDEX:
 			case PARTITION:
-				setValue(KEY_DATABASE, database);
+				setValue(KEY_DATABASE, databaseorUrl);
 				setValue(KEY_TABLE, tableOrUdf);
 			break;
 
-			case NONE:
 			case URI:
+				setValue(KEY_URL,databaseorUrl);
+			break;
+
+			case NONE:
 			default:
 			break;
 		}
@@ -93,4 +97,8 @@ public class RangerHiveResource extends RangerAccessResourceImpl {
 	public String getColumn() {
 		return getValue(KEY_COLUMN);
 	}
+
+	public String getUrl() {
+		return getValue(KEY_URL);
+	}
 }

http://git-wip-us.apache.org/repos/asf/ranger/blob/2fabba3f/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
index 35f7f0b..a7e6d89 100644
--- a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
+++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
@@ -666,6 +666,22 @@ public class HIVERangerAuthorizerTest {
                 connection.close();
         }
 
+        // S3 location URI authorization (by the policy - user bob)
+        @Test
+        public void testS3URIAuthorization() throws Exception {
+                String url = "jdbc:hive2://localhost:" + port + "/rangerauthz";
+                Connection connection = DriverManager.getConnection(url, "bob", "bob");
+                Statement statement = connection.createStatement();
+            try {
+                statement.executeQuery("create table if not exists words (word STRING, count
INT) row format delimited fields terminated by '\t' stored as textfile LOCATION 's3a://test/data'");
+                Assert.fail("Failure expected on an unauthorized call");
+            } catch ( SQLException sqe) {
+                //expected we don't get any resultset here
+            }
+            statement.close();
+            connection.close();
+        }
+
         @Test
         public void testGrantrevoke() throws Exception {
                 String initialUrl = "jdbc:hive2://localhost:" + port;

http://git-wip-us.apache.org/repos/asf/ranger/blob/2fabba3f/hive-agent/src/test/resources/hive-policies.json
----------------------------------------------------------------------
diff --git a/hive-agent/src/test/resources/hive-policies.json b/hive-agent/src/test/resources/hive-policies.json
index dd71424..7b65d69 100644
--- a/hive-agent/src/test/resources/hive-policies.json
+++ b/hive-agent/src/test/resources/hive-policies.json
@@ -539,6 +539,53 @@
       "id": 14,
       "isEnabled": true,
       "version": 1
+    },
+    {
+      "service": "cl1_hive",
+      "name": " Test URI s3a://test/data read/write ",
+      "policyType": 0,
+      "isAuditEnabled": true,
+      "resources": {
+        "uri": {
+          "values": [
+            "s3a://test/data"
+          ],
+          "isExcludes": false,
+          "isRecursive": false
+        }
+      },
+      "policyItems": [
+        {
+          "accesses": [
+            {
+              "type": "create",
+              "isAllowed": true
+            },
+            {
+              "type": "read",
+              "isAllowed": true
+            },
+            {
+              "type": "write",
+              "isAllowed": true
+            }
+          ],
+          "users": [
+            "bob"
+          ],
+          "groups": [],
+          "conditions": [],
+          "delegateAdmin": true
+        }
+      ],
+      "denyPolicyItems": [],
+      "allowExceptions": [],
+      "denyExceptions": [],
+      "dataMaskPolicyItems": [],
+      "rowFilterPolicyItems": [],
+      "id": 9,
+      "isEnabled": true,
+      "version": 2
     }
   ],
   "serviceDef": {
@@ -682,6 +729,24 @@
         "uiHint": "",
         "label": "Hive Column",
         "description": "Hive Column"
+      },
+      {
+        "itemId": 5,
+        "name": "url",
+        "type": "string",
+        "level": 10,
+        "parent": "",
+        "mandatory": true,
+        "lookupSupported": false,
+        "recursiveSupported": true,
+        "excludesSupported": false,
+        "matcher": "org.apache.ranger.plugin.resourcematcher.RangerPathResourceMatcher",
+        "matcherOptions": { "wildCard":true, "ignoreCase":false },
+        "validationRegEx":"",
+        "validationMessage": "",
+        "uiHint":"",
+        "label": "URL",
+        "description": "URL"
       }
     ],
     "accessTypes": [
@@ -740,6 +805,18 @@
           "index",
           "lock"
         ]
+      },
+      {
+        "itemId": 9,
+        "name": "read",
+        "label": "Read",
+        "impliedGrants": []
+      },
+      {
+        "itemId": 10,
+        "name": "write",
+        "label": "Write",
+        "impliedGrants": []
       }
     ],
     "policyConditions": [],

http://git-wip-us.apache.org/repos/asf/ranger/blob/2fabba3f/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java
new file mode 100644
index 0000000..a886945
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java
@@ -0,0 +1,166 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.RangerBizUtil;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.JSONUtil;
+import org.apache.ranger.common.RangerValidatorFactory;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
+import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.service.RangerPolicyService;
+import org.apache.ranger.service.XPermMapService;
+import org.apache.ranger.service.XPolicyService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+@Component
+public class PatchForHiveServiceDefUpdate_J10007 extends BaseLoader {
+	private static final Logger logger = Logger.getLogger(PatchForHiveServiceDefUpdate_J10007.class);
+	public static final String SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME  = "hive";
+	public static final String URL_RESOURCE_NAME ="url";
+
+	@Autowired
+	RangerDaoManager daoMgr;
+
+	@Autowired
+	ServiceDBStore svcDBStore;
+
+	@Autowired
+	JSONUtil jsonUtil;
+
+	@Autowired
+	RangerPolicyService policyService;
+
+	@Autowired
+	StringUtil stringUtil;
+
+	@Autowired
+	XPolicyService xPolService;
+
+	@Autowired
+	XPermMapService xPermMapService;
+	
+	@Autowired
+	RangerBizUtil bizUtil;
+
+	@Autowired
+	RangerValidatorFactory validatorFactory;
+
+	@Autowired
+	ServiceDBStore svcStore;
+
+	public static void main(String[] args) {
+		logger.info("main()");
+		try {
+			PatchForHiveServiceDefUpdate_J10007 loader = (PatchForHiveServiceDefUpdate_J10007) CLIUtil.getBean(PatchForHiveServiceDefUpdate_J10007.class);
+			loader.init();
+			while (loader.isMoreToProcess()) {
+				loader.load();
+			}
+			logger.info("Load complete. Exiting!!!");
+			System.exit(0);
+		} catch (Exception e) {
+			logger.error("Error loading", e);
+			System.exit(1);
+		}
+	}
+	
+	@Override
+	public void init() throws Exception {
+		// Do Nothing
+	}
+
+	@Override
+	public void execLoad() {
+		logger.info("==> PatchForHiveServiceDefUpdate.execLoad()");
+		try {
+			updateHiveServiceDef();
+		} catch (Exception e) {
+			logger.error("Error whille updateHiveServiceDef()data.", e);
+		}
+		logger.info("<== PatchForHiveServiceDefUpdate.execLoad()");
+	}
+
+	@Override
+	public void printStats() {
+		logger.info("PatchForHiveServiceDefUpdate data ");
+	}
+
+	private void updateHiveServiceDef(){
+		RangerServiceDef ret  					= null;
+		RangerServiceDef embeddedHiveServiceDef = null;
+		RangerServiceDef dbHiveServiceDef 		= null;
+		List<RangerServiceDef.RangerResourceDef> 	embeddedHiveResourceDefs  = null;
+		List<RangerServiceDef.RangerAccessTypeDef> 	embeddedHiveAccessTypes   = null;
+
+		try{
+			embeddedHiveServiceDef=EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
+			if(embeddedHiveServiceDef!=null){
+
+				dbHiveServiceDef=svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
+				
+				if(dbHiveServiceDef!=null){
+					embeddedHiveResourceDefs = embeddedHiveServiceDef.getResources();
+					embeddedHiveAccessTypes  = embeddedHiveServiceDef.getAccessTypes();
+
+					if (checkURLresourcePresent(embeddedHiveResourceDefs)) {
+						// This is to check if URL def is added to the resource definition, if so update the
resource def and accessType def
+						if (embeddedHiveResourceDefs != null) {
+							dbHiveServiceDef.setResources(embeddedHiveResourceDefs);
+						}
+						if (embeddedHiveAccessTypes != null) {
+							dbHiveServiceDef.setAccessTypes(embeddedHiveAccessTypes);
+						}
+					}
+
+					RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore);
+					validator.validate(dbHiveServiceDef, Action.UPDATE);
+
+					ret = svcStore.updateServiceDef(dbHiveServiceDef);
+					if(ret==null){
+						logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def");
+						System.exit(1);
+					}
+				}
+			}
+			}catch(Exception e)
+			{
+				logger.error("Error while updating "+SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME+"service-def",
e);
+			}
+	}
+
+	private boolean checkURLresourcePresent(List<RangerServiceDef.RangerResourceDef> resourceDefs)
{
+		boolean ret = false;
+		for(RangerServiceDef.RangerResourceDef resourceDef : resourceDefs) {
+			if ( URL_RESOURCE_NAME.equals(resourceDef.getName()) ) {
+				ret = true ;
+				break;
+			}
+		}
+		return ret;
+	}
+}
\ No newline at end of file


Mime
View raw message