Repository: ambari Updated Branches: refs/heads/branch-2.5 535883b2c -> 6ce938366
AMBARI-20898. Hive View 2.0 shows Ranger authorizations even if Ranger Hive plugin is disabled. (dipayanb) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6ce93836 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6ce93836 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6ce93836 Branch: refs/heads/branch-2.5 Commit: 6ce93836697d80a70e93f127f817956d3fb1513f Parents: 535883b Author: Dipayan Bhowmick <dipayan.bhowm...@gmail.com> Authored: Mon May 1 00:33:32 2017 +0530 Committer: Dipayan Bhowmick <dipayan.bhowm...@gmail.com> Committed: Mon May 1 00:33:32 2017 +0530 ---------------------------------------------------------------------- .../resources/system/ranger/RangerService.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/6ce93836/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java ---------------------------------------------------------------------- diff --git a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java index 6c68b2f..a5222ce 100644 --- a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java +++ b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/resources/system/ranger/RangerService.java @@ -46,7 +46,10 @@ import java.util.Map; */ public class RangerService { + public static final String RANGER_HIVE_AUTHORIZER_FACTORY_CLASSNAME = "org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory"; private static final String RANGER_CONFIG_URL = "/api/v1/clusters/%s/configurations/service_config_versions?service_name=RANGER&is_current=true"; + public static final String HIVESERVER2_SITE = "hiveserver2-site"; + public static final String AUTHORIZATION_MANAGER_KEY = "hive.security.authorization.manager"; protected final Logger LOG = LoggerFactory.getLogger(getClass()); @@ -75,6 +78,12 @@ public class RangerService { } private List<Policy> getPoliciesFromAmbariCluster(String database, String table) { + + if (!isHiveRangerPluginEnabled()) { + LOG.error("Ranger authorization is not enabled for Hive"); + throw new RangerException("Ranger authorization is not enabled for Hive", "CONFIGURATION_ERROR", 500); + } + String rangerUrl = null; try { rangerUrl = getRangerUrlFromAmbari(); @@ -274,6 +283,14 @@ public class RangerService { } /** + * Check if the ranger plugin is enable for hive + */ + private boolean isHiveRangerPluginEnabled() { + String authManagerConf = context.getCluster().getConfigurationValue(HIVESERVER2_SITE, AUTHORIZATION_MANAGER_KEY); + return !StringUtils.isEmpty(authManagerConf) && authManagerConf.equals(RANGER_HIVE_AUTHORIZER_FACTORY_CLASSNAME); + } + + /** * POJO class to store the policy information from Ranger */ public static class Policy {