Example 1 with MPrivilege
use of org.apache.sqoop.model.MPrivilege in project ranger by apache.
the class RangerSqoopAccessRequest method checkPrivileges.
@Override
public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerSqoopAuthorizer.checkPrivileges( principal=" + principal + ", privileges=" + privileges + ")");
}
if (CollectionUtils.isEmpty(privileges)) {
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerSqoopAuthorizer.checkPrivileges() return because privileges is empty.");
}
return;
}
RangerSqoopPlugin plugin = sqoopPlugin;
String clusterName = sqoopPlugin.getClusterName();
if (plugin != null) {
for (MPrivilege privilege : privileges) {
RangerSqoopAccessRequest request = new RangerSqoopAccessRequest(principal, privilege, clusterName, clientIPAddress);
RangerAccessResult result = plugin.isAccessAllowed(request);
if (result != null && !result.getIsAllowed()) {
throw new SqoopException(SecurityError.AUTH_0014, "principal=" + principal + " does not have privileges for : " + privilege);
}
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerSqoopAuthorizer.checkPrivileges() success without exception.");
}
}
Also used :
MPrivilege(org.apache.sqoop.model.MPrivilege)
RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult)
SqoopException(org.apache.sqoop.common.SqoopException)
Aggregations
RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)1
SqoopException (org.apache.sqoop.common.SqoopException)1
MPrivilege (org.apache.sqoop.model.MPrivilege)1
