[ranger] 01/02: RANGER-3298: Add coarse URI check for Hive Agent -PMD fix

Wed, 08 Dec 2021 20:24:32 -0800 

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 00dd3fcd88aa6e10bf1f2e3a68c76a85c7218de2
Author: Ramesh Mani <rm...@apache.org>
AuthorDate: Wed Dec 8 10:42:37 2021 -0800

    RANGER-3298: Add coarse URI check for Hive Agent -PMD fix
    
    Signed-off-by: pradeep <prad...@apache.org>
---
 .../ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index ad857e4..951e550 100644
--- 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -66,7 +66,6 @@ import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveResourceACLs;
 import org.apache.hadoop.hive.ql.session.SessionState;
 import org.apache.hadoop.ipc.Server;
 import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
 import org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants;
 import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.plugin.model.RangerPolicy;
@@ -862,7 +861,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
             }
 
             if (shouldCheckAccess) {
-              if (!isURIAccessAllowed(user, permission, path, fs, 
RangerHivePlugin.URIPermissionCoarseCheck)) {
+              if (!isURIAccessAllowed(user, permission, path, fs)) {
                 throw new HiveAccessControlException(
                     String.format("Permission denied: user [%s] does not have 
[%s] privilege on [%s]", user,
                         permission.name(), path));
@@ -960,7 +959,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
             }
 
             if (shouldCheckAccess) {
-              if (!isURIAccessAllowed(user, permission, path, fs, 
RangerHivePlugin.URIPermissionCoarseCheck)) {
+              if (!isURIAccessAllowed(user, permission, path, fs)) {
                 throw new HiveAccessControlException(
                     String.format("Permission denied: user [%s] does not have 
[%s] privilege on [%s]", user,
                         permission.name(), path));
@@ -2099,7 +2098,7 @@ public class RangerHiveAuthorizer extends 
RangerHiveAuthorizerBase {
        }
 
   private boolean isURIAccessAllowed(String userName, FsAction action, Path 
filePath, FileSystem fs) {
-               return isURIAccessAllowed(userName, action, filePath, fs, 
false);
+               return isURIAccessAllowed(userName, action, filePath, fs, 
RangerHivePlugin.URIPermissionCoarseCheck);
        }
 
        private boolean isURIAccessAllowed(String userName, FsAction action, 
Path filePath, FileSystem fs, boolean coarseCheck) {

Reply via email to