This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 00dd3fcd88aa6e10bf1f2e3a68c76a85c7218de2 Author: Ramesh Mani <rm...@apache.org> AuthorDate: Wed Dec 8 10:42:37 2021 -0800 RANGER-3298: Add coarse URI check for Hive Agent -PMD fix Signed-off-by: pradeep <prad...@apache.org> --- .../ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index ad857e4..951e550 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -66,7 +66,6 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs; import org.apache.hadoop.hive.ql.session.SessionState; import org.apache.hadoop.ipc.Server; import org.apache.hadoop.security.UserGroupInformation; -import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants; import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.plugin.model.RangerPolicy; @@ -862,7 +861,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { } if (shouldCheckAccess) { - if (!isURIAccessAllowed(user, permission, path, fs, RangerHivePlugin.URIPermissionCoarseCheck)) { + if (!isURIAccessAllowed(user, permission, path, fs)) { throw new HiveAccessControlException( String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", user, permission.name(), path)); @@ -960,7 +959,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { } if (shouldCheckAccess) { - if (!isURIAccessAllowed(user, permission, path, fs, RangerHivePlugin.URIPermissionCoarseCheck)) { + if (!isURIAccessAllowed(user, permission, path, fs)) { throw new HiveAccessControlException( String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]", user, permission.name(), path)); @@ -2099,7 +2098,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { } private boolean isURIAccessAllowed(String userName, FsAction action, Path filePath, FileSystem fs) { - return isURIAccessAllowed(userName, action, filePath, fs, false); + return isURIAccessAllowed(userName, action, filePath, fs, RangerHivePlugin.URIPermissionCoarseCheck); } private boolean isURIAccessAllowed(String userName, FsAction action, Path filePath, FileSystem fs, boolean coarseCheck) {