Repository: ranger Updated Branches: refs/heads/master 0736d98e2 -> 0878d19e9
RANGER-1669:We need to support the original functionality of hive:show grant user username Signed-off-by: peng.jianhua <peng.jian...@zte.com.cn> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/0878d19e Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/0878d19e Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/0878d19e Branch: refs/heads/master Commit: 0878d19e9fc39c13c136411ee4df6c6fa33c7b43 Parents: 0736d98 Author: peng.jianhua <peng.jian...@zte.com.cn> Authored: Thu Aug 10 20:22:48 2017 +0800 Committer: peng.jianhua <peng.jian...@zte.com.cn> Committed: Thu Aug 10 23:12:27 2017 -0400 ---------------------------------------------------------------------- .../hive/authorizer/RangerHiveAuthorizer.java | 81 +++++++++++--------- .../services/hive/HIVERangerAuthorizerTest.java | 9 +++ 2 files changed, 54 insertions(+), 36 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/0878d19e/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index 6872e50..1c7a9d0 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -1457,51 +1457,60 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException { try { + LOG.debug("RangerHiveAuthorizer.showPrivileges()"); IMetaStoreClient mClient = getMetastoreClientFactory() .getHiveMetastoreClient(); List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>(); - String principalName = principal == null ? null : principal - .getName(); - PrincipalType principalType = principal == null ? null - : AuthorizationUtils.getThriftPrincipalType(principal - .getType()); + String principalName = null; + PrincipalType principalType = null; + if (principal != null) { + principalName = principal.getName(); + principalType = AuthorizationUtils + .getThriftPrincipalType(principal.getType()); + } List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges( principalName, principalType, this.getThriftHiveObjectRef(privObj)); - - for (HiveObjectPrivilege msObjPriv : msObjPrivs) { - HivePrincipal resPrincipal = new HivePrincipal( - msObjPriv.getPrincipalName(), - AuthorizationUtils.getHivePrincipalType(msObjPriv - .getPrincipalType())); - - PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo(); - HivePrivilege resPrivilege = new HivePrivilege( - msGrantInfo.getPrivilege(), null); - - HiveObjectRef msObjRef = msObjPriv.getHiveObject(); - org.apache.hadoop.hive.metastore.api.HiveObjectType objectType = msObjRef - .getObjectType(); - if (!isSupportedObjectType(msObjRef.getObjectType())) { - continue; + if (msObjPrivs != null) { + for (HiveObjectPrivilege msObjPriv : msObjPrivs) { + HiveObjectRef msObjRef = msObjPriv.getHiveObject(); + org.apache.hadoop.hive.metastore.api.HiveObjectType objectType = msObjRef + .getObjectType(); + if (!isSupportedObjectType(objectType)) { + continue; + } + HivePrincipal resPrincipal = new HivePrincipal( + msObjPriv.getPrincipalName(), + AuthorizationUtils.getHivePrincipalType(msObjPriv + .getPrincipalType())); + + PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo(); + HivePrivilege resPrivilege = new HivePrivilege( + msGrantInfo.getPrivilege(), null); + + HivePrivilegeObject resPrivObj = new HivePrivilegeObject( + getPluginPrivilegeObjType(objectType), + msObjRef.getDbName(), msObjRef.getObjectName(), + msObjRef.getPartValues(), msObjRef.getColumnName()); + + HivePrincipal grantorPrincipal = new HivePrincipal( + msGrantInfo.getGrantor(), + AuthorizationUtils.getHivePrincipalType(msGrantInfo + .getGrantorType())); + + HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo( + resPrincipal, resPrivilege, resPrivObj, + grantorPrincipal, msGrantInfo.isGrantOption(), + msGrantInfo.getCreateTime()); + resPrivInfos.add(resPrivInfo); } - HivePrivilegeObject resPrivObj = new HivePrivilegeObject( - getPluginPrivilegeObjType(objectType), - msObjRef.getDbName(), msObjRef.getObjectName(), - msObjRef.getPartValues(), msObjRef.getColumnName()); - - HivePrincipal grantorPrincipal = new HivePrincipal( - msGrantInfo.getGrantor(), - AuthorizationUtils.getHivePrincipalType(msGrantInfo - .getGrantorType())); - - HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo( - resPrincipal, resPrivilege, resPrivObj, - grantorPrincipal, msGrantInfo.isGrantOption(), - msGrantInfo.getCreateTime()); - resPrivInfos.add(resPrivInfo); + + } else { + throw new HiveAccessControlException( + "RangerHiveAuthorizer.showPrivileges():User has to specify" + + " a user name or role in the show grant. "); } return resPrivInfos; http://git-wip-us.apache.org/repos/asf/ranger/blob/0878d19e/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java index 011d2c3..c6f0b8f 100644 --- a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java +++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java @@ -900,4 +900,13 @@ public class HIVERangerAuthorizerTest { connection.close(); } + @Test + public void testShowPrivileges() throws Exception { + String initialUrl = "jdbc:hive2://localhost:" + port; + Connection connection = DriverManager.getConnection(initialUrl, "admin", "admin"); + Statement statement = connection.createStatement(); + Assert.assertTrue(statement.execute("show grant user admin")); + statement.close(); + } + }