[ranger] branch ranger-2.2 updated: RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 2
This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.2 by this push: new 7fb90c3 RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 2 7fb90c3 is described below commit 7fb90c3941dbb5c381d9be967888b681c6b04fcb Author: Abhay Kulkarni AuthorDate: Wed Sep 8 09:35:48 2021 -0700 RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 2 --- .../main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java| 2 ++ 1 file changed, 2 insertions(+) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java index 3ad74e5..99c48d0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java @@ -147,6 +147,8 @@ public class RangerBasePlugin { public RangerAuthContext getCurrentRangerAuthContext() { return currentAuthContext; } + public List getChainedPlugins() { return chainedPlugins; } + // For backward compatibility public RangerAuthContext createRangerAuthContext() { return currentAuthContext; }
[ranger] branch master updated: RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 2
This is an automated email from the ASF dual-hosted git repository. abhay pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 3b0a9c8 RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 2 3b0a9c8 is described below commit 3b0a9c8f5273ce7c6d12170b86e7a83a9fdba225 Author: Abhay Kulkarni AuthorDate: Wed Sep 8 09:35:48 2021 -0700 RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 2 --- .../main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java| 2 ++ 1 file changed, 2 insertions(+) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java index 3ad74e5..99c48d0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java @@ -147,6 +147,8 @@ public class RangerBasePlugin { public RangerAuthContext getCurrentRangerAuthContext() { return currentAuthContext; } + public List getChainedPlugins() { return chainedPlugins; } + // For backward compatibility public RangerAuthContext createRangerAuthContext() { return currentAuthContext; }
[ranger] branch ranger-2.2 updated: RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session
This is an automated email from the ASF dual-hosted git repository. rmani pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.2 by this push: new a3a553d RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session a3a553d is described below commit a3a553d753af2eff846f1f6fd23eb4f6352cbd75 Author: Ramesh Mani AuthorDate: Tue Aug 17 21:58:03 2021 -0700 RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session Signed-off-by: Ramesh Mani --- .../hive/authorizer/RangerHiveAuthorizer.java | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index 8621f73..7558034 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -127,6 +127,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { private String currentUserName; private Set currentRoles; private String adminRole; + private boolean isCurrentRoleSet = false; public RangerHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory, HiveConf hiveConf, @@ -310,12 +311,14 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { if (ROLE_NONE.equalsIgnoreCase(roleName)) { // for set role NONE, clear all roles for current session. currentRoles.clear(); + isCurrentRoleSet = true; return; } if (ROLE_ALL.equalsIgnoreCase(roleName)) { // for set role ALL, reset roles to default roles. currentRoles.clear(); currentRoles.addAll(getCurrentRoleNamesFromRanger()); + isCurrentRoleSet = true; return; } for (String role : getCurrentRoleNamesFromRanger()) { @@ -323,6 +326,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { if (role.equalsIgnoreCase(roleName)) { currentRoles.clear(); currentRoles.add(role); + isCurrentRoleSet = true; return; } } @@ -330,6 +334,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { if (ROLE_ADMIN.equalsIgnoreCase(roleName) && null != this.adminRole) { currentRoles.clear(); currentRoles.add(adminRole); + isCurrentRoleSet = true; return; } LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles); @@ -3011,7 +3016,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { private Set getCurrentRoles() { // from SQLStdHiveAccessController.getCurrentRoles() - initUserRoles(); + getCurrentRoleForCurrentUser(); return currentRoles; } @@ -3037,6 +3042,21 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles); } + private void getCurrentRoleForCurrentUser() { + if (isCurrentRoleSet) { + // current session has a role set, so no need to fetch roles. + return; + } + String newUserName = getHiveAuthenticator().getUserName(); + this.currentUserName = newUserName; + try { + currentRoles = getCurrentRoleNamesFromRanger(); + } catch (HiveAuthzPluginException e) { + LOG.error("Error while fetching roles from ranger for user : " + currentUserName, e); + } + LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles); + } + private Set getCurrentRolesForUser(String user, Set groups) { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerHiveAuthorizer.getCurrentRolesForUser()"); @@ -3044,9 +3064,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
[ranger] branch master updated: RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session
This is an automated email from the ASF dual-hosted git repository. rmani pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 92fdf20 RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session 92fdf20 is described below commit 92fdf206d80576deaa2e08702a9138255995a326 Author: Ramesh Mani AuthorDate: Tue Aug 17 21:58:03 2021 -0700 RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session Signed-off-by: Ramesh Mani --- .../hive/authorizer/RangerHiveAuthorizer.java | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index 8621f73..7558034 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -127,6 +127,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { private String currentUserName; private Set currentRoles; private String adminRole; + private boolean isCurrentRoleSet = false; public RangerHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory, HiveConf hiveConf, @@ -310,12 +311,14 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { if (ROLE_NONE.equalsIgnoreCase(roleName)) { // for set role NONE, clear all roles for current session. currentRoles.clear(); + isCurrentRoleSet = true; return; } if (ROLE_ALL.equalsIgnoreCase(roleName)) { // for set role ALL, reset roles to default roles. currentRoles.clear(); currentRoles.addAll(getCurrentRoleNamesFromRanger()); + isCurrentRoleSet = true; return; } for (String role : getCurrentRoleNamesFromRanger()) { @@ -323,6 +326,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { if (role.equalsIgnoreCase(roleName)) { currentRoles.clear(); currentRoles.add(role); + isCurrentRoleSet = true; return; } } @@ -330,6 +334,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { if (ROLE_ADMIN.equalsIgnoreCase(roleName) && null != this.adminRole) { currentRoles.clear(); currentRoles.add(adminRole); + isCurrentRoleSet = true; return; } LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles); @@ -3011,7 +3016,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { private Set getCurrentRoles() { // from SQLStdHiveAccessController.getCurrentRoles() - initUserRoles(); + getCurrentRoleForCurrentUser(); return currentRoles; } @@ -3037,6 +3042,21 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles); } + private void getCurrentRoleForCurrentUser() { + if (isCurrentRoleSet) { + // current session has a role set, so no need to fetch roles. + return; + } + String newUserName = getHiveAuthenticator().getUserName(); + this.currentUserName = newUserName; + try { + currentRoles = getCurrentRoleNamesFromRanger(); + } catch (HiveAuthzPluginException e) { + LOG.error("Error while fetching roles from ranger for user : " + currentUserName, e); + } + LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles); + } + private Set getCurrentRolesForUser(String user, Set groups) { if (LOG.isDebugEnabled()) { LOG.debug("==> RangerHiveAuthorizer.getCurrentRolesForUser()"); @@ -3044,9 +3064,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
[ranger] branch ranger-2.2 updated: RANGER-3358 : Upgrade Tomcat to 8.5.69
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.2 by this push: new d9baa1e RANGER-3358 : Upgrade Tomcat to 8.5.69 d9baa1e is described below commit d9baa1ee110c9240f0dd2728c7016e2ba1cce02f Author: mateenmansoori AuthorDate: Mon Aug 16 14:51:38 2021 +0530 RANGER-3358 : Upgrade Tomcat to 8.5.69 Signed-off-by: pradeep --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c5058ff..e84aba2 100644 --- a/pom.xml +++ b/pom.xml @@ -190,7 +190,7 @@ 1.99.7 1.2.0 1.19 -8.5.63 +8.5.69 6.9.4 2.3 3.4.14
[ranger] branch master updated: RANGER-3358 : Upgrade Tomcat to 8.5.69
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new e6ef861 RANGER-3358 : Upgrade Tomcat to 8.5.69 e6ef861 is described below commit e6ef861cac99c19ac583a175be801c077e166685 Author: mateenmansoori AuthorDate: Mon Aug 16 14:51:38 2021 +0530 RANGER-3358 : Upgrade Tomcat to 8.5.69 Signed-off-by: pradeep --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8d81988..c99ce5d 100644 --- a/pom.xml +++ b/pom.xml @@ -191,7 +191,7 @@ 1.99.7 1.2.0 1.19 -8.5.63 +8.5.69 6.9.4 2.3 3.4.14