[ranger] branch ranger-2.2 updated: RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 2
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new 7fb90c3 RANGER-3397: Update ACL computation to (optionally) expand
Ranger Roles to users and groups and include chained-plugins in ACL computation
- Part 2
7fb90c3 is described below
commit 7fb90c3941dbb5c381d9be967888b681c6b04fcb
Author: Abhay Kulkarni
AuthorDate: Wed Sep 8 09:35:48 2021 -0700
RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to
users and groups and include chained-plugins in ACL computation - Part 2
---
.../main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java| 2 ++
1 file changed, 2 insertions(+)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 3ad74e5..99c48d0 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -147,6 +147,8 @@ public class RangerBasePlugin {
public RangerAuthContext getCurrentRangerAuthContext() { return
currentAuthContext; }
+ public List getChainedPlugins() { return
chainedPlugins; }
+
// For backward compatibility
public RangerAuthContext createRangerAuthContext() { return
currentAuthContext; }
[ranger] branch master updated: RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to users and groups and include chained-plugins in ACL computation - Part 2
This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3b0a9c8 RANGER-3397: Update ACL computation to (optionally) expand
Ranger Roles to users and groups and include chained-plugins in ACL computation
- Part 2
3b0a9c8 is described below
commit 3b0a9c8f5273ce7c6d12170b86e7a83a9fdba225
Author: Abhay Kulkarni
AuthorDate: Wed Sep 8 09:35:48 2021 -0700
RANGER-3397: Update ACL computation to (optionally) expand Ranger Roles to
users and groups and include chained-plugins in ACL computation - Part 2
---
.../main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java| 2 ++
1 file changed, 2 insertions(+)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 3ad74e5..99c48d0 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -147,6 +147,8 @@ public class RangerBasePlugin {
public RangerAuthContext getCurrentRangerAuthContext() { return
currentAuthContext; }
+ public List getChainedPlugins() { return
chainedPlugins; }
+
// For backward compatibility
public RangerAuthContext createRangerAuthContext() { return
currentAuthContext; }
[ranger] branch ranger-2.2 updated: RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new a3a553d RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES
not fetching the role set in current hive beeline session
a3a553d is described below
commit a3a553d753af2eff846f1f6fd23eb4f6352cbd75
Author: Ramesh Mani
AuthorDate: Tue Aug 17 21:58:03 2021 -0700
RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching
the role set in current hive beeline session
Signed-off-by: Ramesh Mani
---
.../hive/authorizer/RangerHiveAuthorizer.java | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 8621f73..7558034 100644
---
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -127,6 +127,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
private String currentUserName;
private Set currentRoles;
private String adminRole;
+ private boolean isCurrentRoleSet = false;
public RangerHiveAuthorizer(HiveMetastoreClientFactory
metastoreClientFactory,
HiveConf
hiveConf,
@@ -310,12 +311,14 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
if (ROLE_NONE.equalsIgnoreCase(roleName)) {
// for set role NONE, clear all roles for current
session.
currentRoles.clear();
+ isCurrentRoleSet = true;
return;
}
if (ROLE_ALL.equalsIgnoreCase(roleName)) {
// for set role ALL, reset roles to default roles.
currentRoles.clear();
currentRoles.addAll(getCurrentRoleNamesFromRanger());
+ isCurrentRoleSet = true;
return;
}
for (String role : getCurrentRoleNamesFromRanger()) {
@@ -323,6 +326,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
if (role.equalsIgnoreCase(roleName)) {
currentRoles.clear();
currentRoles.add(role);
+ isCurrentRoleSet = true;
return;
}
}
@@ -330,6 +334,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
if (ROLE_ADMIN.equalsIgnoreCase(roleName) && null !=
this.adminRole) {
currentRoles.clear();
currentRoles.add(adminRole);
+ isCurrentRoleSet = true;
return;
}
LOG.info("Current user : " + currentUserName + ", Current Roles
: " + currentRoles);
@@ -3011,7 +3016,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
private Set getCurrentRoles() {
// from SQLStdHiveAccessController.getCurrentRoles()
- initUserRoles();
+ getCurrentRoleForCurrentUser();
return currentRoles;
}
@@ -3037,6 +3042,21 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
LOG.info("Current user : " + currentUserName + ", Current Roles
: " + currentRoles);
}
+ private void getCurrentRoleForCurrentUser() {
+ if (isCurrentRoleSet) {
+ // current session has a role set, so no need to fetch
roles.
+ return;
+ }
+ String newUserName = getHiveAuthenticator().getUserName();
+ this.currentUserName = newUserName;
+ try {
+ currentRoles = getCurrentRoleNamesFromRanger();
+ } catch (HiveAuthzPluginException e) {
+ LOG.error("Error while fetching roles from ranger for
user : " + currentUserName, e);
+ }
+ LOG.info("Current user : " + currentUserName + ", Current Roles
: " + currentRoles);
+ }
+
private Set getCurrentRolesForUser(String user, Set
groups) {
if (LOG.isDebugEnabled()) {
LOG.debug("==>
RangerHiveAuthorizer.getCurrentRolesForUser()");
@@ -3044,9 +3064,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
[ranger] branch master updated: RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching the role set in current hive beeline session
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 92fdf20 RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES
not fetching the role set in current hive beeline session
92fdf20 is described below
commit 92fdf206d80576deaa2e08702a9138255995a326
Author: Ramesh Mani
AuthorDate: Tue Aug 17 21:58:03 2021 -0700
RANGER-3350: Ranger HivePluginAuthorizer SHOW CURRENT ROLES not fetching
the role set in current hive beeline session
Signed-off-by: Ramesh Mani
---
.../hive/authorizer/RangerHiveAuthorizer.java | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 8621f73..7558034 100644
---
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -127,6 +127,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
private String currentUserName;
private Set currentRoles;
private String adminRole;
+ private boolean isCurrentRoleSet = false;
public RangerHiveAuthorizer(HiveMetastoreClientFactory
metastoreClientFactory,
HiveConf
hiveConf,
@@ -310,12 +311,14 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
if (ROLE_NONE.equalsIgnoreCase(roleName)) {
// for set role NONE, clear all roles for current
session.
currentRoles.clear();
+ isCurrentRoleSet = true;
return;
}
if (ROLE_ALL.equalsIgnoreCase(roleName)) {
// for set role ALL, reset roles to default roles.
currentRoles.clear();
currentRoles.addAll(getCurrentRoleNamesFromRanger());
+ isCurrentRoleSet = true;
return;
}
for (String role : getCurrentRoleNamesFromRanger()) {
@@ -323,6 +326,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
if (role.equalsIgnoreCase(roleName)) {
currentRoles.clear();
currentRoles.add(role);
+ isCurrentRoleSet = true;
return;
}
}
@@ -330,6 +334,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
if (ROLE_ADMIN.equalsIgnoreCase(roleName) && null !=
this.adminRole) {
currentRoles.clear();
currentRoles.add(adminRole);
+ isCurrentRoleSet = true;
return;
}
LOG.info("Current user : " + currentUserName + ", Current Roles
: " + currentRoles);
@@ -3011,7 +3016,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
private Set getCurrentRoles() {
// from SQLStdHiveAccessController.getCurrentRoles()
- initUserRoles();
+ getCurrentRoleForCurrentUser();
return currentRoles;
}
@@ -3037,6 +3042,21 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
LOG.info("Current user : " + currentUserName + ", Current Roles
: " + currentRoles);
}
+ private void getCurrentRoleForCurrentUser() {
+ if (isCurrentRoleSet) {
+ // current session has a role set, so no need to fetch
roles.
+ return;
+ }
+ String newUserName = getHiveAuthenticator().getUserName();
+ this.currentUserName = newUserName;
+ try {
+ currentRoles = getCurrentRoleNamesFromRanger();
+ } catch (HiveAuthzPluginException e) {
+ LOG.error("Error while fetching roles from ranger for
user : " + currentUserName, e);
+ }
+ LOG.info("Current user : " + currentUserName + ", Current Roles
: " + currentRoles);
+ }
+
private Set getCurrentRolesForUser(String user, Set
groups) {
if (LOG.isDebugEnabled()) {
LOG.debug("==>
RangerHiveAuthorizer.getCurrentRolesForUser()");
@@ -3044,9 +3064,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
[ranger] branch ranger-2.2 updated: RANGER-3358 : Upgrade Tomcat to 8.5.69
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.2 by this push: new d9baa1e RANGER-3358 : Upgrade Tomcat to 8.5.69 d9baa1e is described below commit d9baa1ee110c9240f0dd2728c7016e2ba1cce02f Author: mateenmansoori AuthorDate: Mon Aug 16 14:51:38 2021 +0530 RANGER-3358 : Upgrade Tomcat to 8.5.69 Signed-off-by: pradeep --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c5058ff..e84aba2 100644 --- a/pom.xml +++ b/pom.xml @@ -190,7 +190,7 @@ 1.99.7 1.2.0 1.19 -8.5.63 +8.5.69 6.9.4 2.3 3.4.14
[ranger] branch master updated: RANGER-3358 : Upgrade Tomcat to 8.5.69
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new e6ef861 RANGER-3358 : Upgrade Tomcat to 8.5.69 e6ef861 is described below commit e6ef861cac99c19ac583a175be801c077e166685 Author: mateenmansoori AuthorDate: Mon Aug 16 14:51:38 2021 +0530 RANGER-3358 : Upgrade Tomcat to 8.5.69 Signed-off-by: pradeep --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8d81988..c99ce5d 100644 --- a/pom.xml +++ b/pom.xml @@ -191,7 +191,7 @@ 1.99.7 1.2.0 1.19 -8.5.63 +8.5.69 6.9.4 2.3 3.4.14
