ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ramesh Mani <rm...@hortonworks.com>
Subject Re: Review Request 58658: RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
Date Thu, 04 May 2017 17:11:50 GMT


> On April 30, 2017, 8:25 p.m., Madhan Neethiraj wrote:
> > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
> > Lines 1415 (patched)
> > <https://reviews.apache.org/r/58658/diff/2/?file=1703904#file1703904line1416>
> >
> >     Would current URI access checks (for hdfs://, file://), that are performed by
FileSystem, be done using Ranger Hive policies after this patch?
> >     
> >     If yes, new Ranger Hive policies would have to be added to allow URL access;
else it might break existing deployments. Please review.
> >     
> >     One option to consider is to fallback on FileSystem access check when there
is no Ranger Hive policy to grant the necessary access.

Currently URI check for hdfs://, file:// are not done by the Hive Policies, it is be done
by the FileSystem access check. Only if its s3a://, s3n:// it will be done by Hive Policy.


- Ramesh


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/#review173456
-----------------------------------------------------------


On May 4, 2017, 5:10 p.m., Ramesh Mani wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58658/
> -----------------------------------------------------------
> 
> (Updated May 4, 2017, 5:10 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1513
>     https://issues.apache.org/jira/browse/RANGER-1513
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b254d20 
>   hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
2baa97b 
>   hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
09ecd1e 
>   hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
57b4eef 
>   hive-agent/src/test/resources/hive-policies.json 2b568dc 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java
PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/58658/diff/3/
> 
> 
> Testing
> -------
> 
> Test in local VM
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message