(ranger) branch ranger-2.5 updated: RANGER-4835:RangerHiveAuthorizer audit enhancement for metadata operations like show table and databases

Mon, 01 Jul 2024 13:32:38 -0700 

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch ranger-2.5
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.5 by this push:
     new 1942172cf RANGER-4835:RangerHiveAuthorizer audit enhancement for 
metadata operations like show table and databases
1942172cf is described below

commit 1942172cf278e0142e87040637068b3c91064fe9
Author: Ramesh Mani <[email protected]>
AuthorDate: Sat Jun 29 10:28:12 2024 -0700

    RANGER-4835:RangerHiveAuthorizer audit enhancement for metadata operations 
like show table and databases
---
 .../hive/authorizer/RangerHiveAccessRequest.java             | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
index deb467f7f..13695b17f 100644
--- 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
+++ 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java
@@ -25,10 +25,13 @@ import java.util.Set;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
 import 
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
+import org.apache.ranger.audit.utils.StringUtil;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
 import org.apache.ranger.plugin.util.RangerAccessRequestUtil;
 
+import static 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuditHandler.ACTION_TYPE_METADATA_OPERATION;
+
 public class RangerHiveAccessRequest extends RangerAccessRequestImpl {
        private HiveAccessType accessType = HiveAccessType.NONE;
 
@@ -56,6 +59,15 @@ public class RangerHiveAccessRequest extends 
RangerAccessRequestImpl {
                        this.setRequestData(context.getCommandString());
                        
this.setForwardedAddresses(context.getForwardedAddresses());
                        this.setRemoteIPAddress(context.getIpAddress());
+                       String requestData = context.getCommandString();
+                       if (StringUtil.isEmpty(requestData) && 
ACTION_TYPE_METADATA_OPERATION.equals(hiveOpTypeName)) {
+                               String resourceType = 
resource.getObjectType().name();
+                               if (resourceType.equalsIgnoreCase("DATABASE")) {
+                                       this.setRequestData("show databases");
+                               } else if 
(resourceType.equalsIgnoreCase("TABLE")) {
+                                       this.setRequestData("show tables / 
views");
+                               }
+                       }
                }
 
                if(sessionContext != null) {

Reply via email to