[GitHub] [doris] Yulei-Yang commented on a diff in pull request #17424: [Improvement](auth)(step-2) add ranger authorizer for hms catalog

Sun, 05 Mar 2023 00:08:16 -0800 


Yulei-Yang commented on code in PR #17424:
URL: https://github.com/apache/doris/pull/17424#discussion_r1125617536


##########
fe/fe-core/src/main/java/org/apache/doris/catalog/authorizer/RangerHiveAccessController.java:
##########
@@ -33,33 +34,49 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
 
 public class RangerHiveAccessController implements CatalogAccessController {
     public static final String CLIENT_TYPE_DORIS = "doris";
     private static final Logger LOG = 
LogManager.getLogger(RangerHiveAccessController.class);
+    private static ScheduledThreadPoolExecutor logFlushTimer = 
ThreadPoolManager.newDaemonScheduledThreadPool(1,
+            "ranger-hive-audit-log-flusher-timer", true);
     private RangerHivePlugin hivePlugin;
     private RangerHiveAuditHandler auditHandler;
 
     public RangerHiveAccessController(Map<String, String> properties) {
         String serviceName = properties.get("ranger.service.name");
         hivePlugin = new RangerHivePlugin(serviceName);
         auditHandler = new RangerHiveAuditHandler(hivePlugin.getConfig());
+        //start a timed log flusher
+        logFlushTimer.scheduleAtFixedRate(new 
RangerHiveAuditLogFlusher(auditHandler), 10, 20L, TimeUnit.SECONDS);
     }
 
     private RangerAccessRequestImpl createRequest(UserIdentity currentUser, 
HiveAccessType accessType) {
         RangerAccessRequestImpl request = new RangerAccessRequestImpl();
-        request.setUser(currentUser.getQualifiedUser());
-        request.setUserRoles(currentUser.getRoles());
+        // currentUser.getQualifiedUser() is as of form: 
default_cluster:user1, only use `user1`
+        String[] userArray = currentUser.getQualifiedUser().split(":");
+        request.setUser(userArray[1]);
+        request.setClusterName(userArray[0]);
+        Set<String> roles = new HashSet<>();
+        for (String role : currentUser.getRoles()) {
+            // some roles are as of form: default_role_rbac_test@%, only use 
`default_role_rbac_test`
+            roles.add(role.split("@")[0]);

Review Comment:
   fixed



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org

Reply via email to