From d702461c9ec50fc0146a8076616382ed0314288c Mon Sep 17 00:00:00 2001 From: Sam An Date: Mon, 27 Apr 2020 11:30:14 -0700 Subject: [PATCH] HIVE-23299: Ranger authorization of managed location --- .../plugin/metastore/events/CreateDatabaseEvent.java | 4 ++++ .../java/org/apache/hadoop/hive/metastore/HiveMetaStore.java | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateDatabaseEvent.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateDatabaseEvent.java index 017b6c2ba5..7065e7af01 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateDatabaseEvent.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/metastore/events/CreateDatabaseEvent.java @@ -65,11 +65,15 @@ public HiveMetaStoreAuthzInfo getAuthzContext() { PreCreateDatabaseEvent event = (PreCreateDatabaseEvent) preEventContext; Database database = event.getDatabase(); String uri = (database != null) ? database.getLocationUri(): ""; + String managedUri = (database != null) ? database.getManagedLocationUri(): ""; if (database != null) { ret.add(getHivePrivilegeObject(database)); if (StringUtils.isNotEmpty(uri)) { ret.add(getHivePrivilegeObjectDfsUri(uri)); + if (managedUri != null ) { + ret.add(getHivePrivilegeObjectDfsUri(managedUri)); + } } COMMAND_STR = buildCommandString(COMMAND_STR, database); diff --git a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java index 32494ae257..53762b169b 100644 --- a/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java +++ b/standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java @@ -1410,7 +1410,11 @@ private void create_database_core(RawStore ms, final Database db) throw new InvalidObjectException("No such catalog " + db.getCatalogName()); } Path dbPath = wh.determineDatabasePath(cat, db); + Path dbMgdPath = wh.getDatabaseManagedPath(db); db.setLocationUri(dbPath.toString()); + if (db.getManagedLocationUri() != null ){ + db.setManagedLocationUri(dbMgdPath.toString()); + } if (db.getOwnerName() == null){ try { db.setOwnerName(SecurityUtils.getUGI().getShortUserName()); -- 2.23.0