Examples with PrivilegeBag org.apache.hadoop.hive.metastore.api.PrivilegeBag used on opensource projects

Search in sources :

Example 1 with PrivilegeBag

use of org.apache.hadoop.hive.metastore.api.PrivilegeBag in project hive by apache.

the class TestHBaseStoreIntegration method listDbGrants.

@Test
public void listDbGrants() throws Exception {
    String[] dbNames = new String[] { "ldbg_db1", "ldbg_db2" };
    try {
        Database db = new Database(dbNames[0], "no description", "file:///tmp", emptyParameters);
        store.createDatabase(db);
        db = new Database(dbNames[1], "no description", "file:///tmp", emptyParameters);
        store.createDatabase(db);
        String[] roleNames = new String[] { "ldbg_role1", "ldbg_role2" };
        String[] userNames = new String[] { "frodo", "sam" };
        store.addRole(roleNames[0], "me");
        store.addRole(roleNames[1], "me");
        int now = (int) (System.currentTimeMillis() / 1000);
        Role role1 = store.getRole(roleNames[0]);
        Role role2 = store.getRole(roleNames[1]);
        store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
        store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
        store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
        List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
        HiveObjectRef hiveObjRef = new HiveObjectRef(HiveObjectType.DATABASE, dbNames[0], null, null, null);
        PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
        HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
        privileges.add(hop);
        grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
        hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
        privileges.add(hop);
        PrivilegeBag pBag = new PrivilegeBag(privileges);
        store.grantPrivileges(pBag);
        List<HiveObjectPrivilege> hops = store.listPrincipalDBGrants(roleNames[0], PrincipalType.ROLE, dbNames[0]);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrants(userNames[0], PrincipalType.USER, dbNames[0]);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrants(roleNames[1], PrincipalType.ROLE, dbNames[0]);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrants(userNames[1], PrincipalType.USER, dbNames[0]);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrants(roleNames[0], PrincipalType.ROLE, dbNames[1]);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrants(userNames[0], PrincipalType.USER, dbNames[1]);
        Assert.assertEquals(0, hops.size());
        hops = store.listDBGrantsAll(dbNames[0]);
        Assert.assertEquals(2, hops.size());
        boolean sawUser = false, sawRole = false;
        for (HiveObjectPrivilege h : hops) {
            if (h.getPrincipalName().equals(userNames[0])) {
                Assert.assertEquals(PrincipalType.USER, h.getPrincipalType());
                Assert.assertEquals(HiveObjectType.DATABASE, h.getHiveObject().getObjectType());
                Assert.assertEquals("read", h.getGrantInfo().getPrivilege());
                sawUser = true;
            } else if (h.getPrincipalName().equals(roleNames[0])) {
                Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType());
                Assert.assertEquals(HiveObjectType.DATABASE, h.getHiveObject().getObjectType());
                Assert.assertEquals("write", h.getGrantInfo().getPrivilege());
                sawRole = true;
            }
        }
        Assert.assertTrue(sawUser && sawRole);
        hops = store.listPrincipalDBGrantsAll(roleNames[0], PrincipalType.ROLE);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrantsAll(userNames[0], PrincipalType.USER);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrantsAll(roleNames[1], PrincipalType.ROLE);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrantsAll(userNames[1], PrincipalType.USER);
        Assert.assertEquals(0, hops.size());
    } finally {
        store.dropDatabase(dbNames[0]);
        store.dropDatabase(dbNames[1]);
    }
}
Also used : Role(org.apache.hadoop.hive.metastore.api.Role) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) Database(org.apache.hadoop.hive.metastore.api.Database) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Example 2 with PrivilegeBag

use of org.apache.hadoop.hive.metastore.api.PrivilegeBag in project hive by apache.

the class TestHBaseStoreIntegration method listTableGrants.

@Test
public void listTableGrants() throws Exception {
    String dbName = "ltg_db";
    String[] tableNames = new String[] { "ltg_t1", "ltg_t2" };
    try {
        Database db = new Database(dbName, "no description", "file:///tmp", emptyParameters);
        store.createDatabase(db);
        int startTime = (int) (System.currentTimeMillis() / 1000);
        List<FieldSchema> cols = new ArrayList<FieldSchema>();
        cols.add(new FieldSchema("col1", "int", "nocomment"));
        SerDeInfo serde = new SerDeInfo("serde", "seriallib", null);
        StorageDescriptor sd = new StorageDescriptor(cols, "file:/tmp", "input", "output", false, 0, serde, null, null, emptyParameters);
        Table table = new Table(tableNames[0], dbName, "me", startTime, startTime, 0, sd, null, emptyParameters, null, null, null);
        store.createTable(table);
        table = new Table(tableNames[1], dbName, "me", startTime, startTime, 0, sd, null, emptyParameters, null, null, null);
        store.createTable(table);
        String[] roleNames = new String[] { "ltg_role1", "ltg_role2" };
        String[] userNames = new String[] { "gandalf", "radagast" };
        store.addRole(roleNames[0], "me");
        store.addRole(roleNames[1], "me");
        int now = (int) (System.currentTimeMillis() / 1000);
        Role role1 = store.getRole(roleNames[0]);
        Role role2 = store.getRole(roleNames[1]);
        store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
        store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
        store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
        List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
        HiveObjectRef hiveObjRef = new HiveObjectRef(HiveObjectType.TABLE, dbName, tableNames[0], null, null);
        PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
        HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
        privileges.add(hop);
        grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
        hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
        privileges.add(hop);
        PrivilegeBag pBag = new PrivilegeBag(privileges);
        store.grantPrivileges(pBag);
        List<HiveObjectPrivilege> hops = store.listAllTableGrants(roleNames[0], PrincipalType.ROLE, dbName, tableNames[0]);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.TABLE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listAllTableGrants(userNames[0], PrincipalType.USER, dbName, tableNames[0]);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.TABLE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listAllTableGrants(roleNames[1], PrincipalType.ROLE, dbName, tableNames[0]);
        Assert.assertEquals(0, hops.size());
        hops = store.listAllTableGrants(userNames[1], PrincipalType.USER, dbName, tableNames[0]);
        Assert.assertEquals(0, hops.size());
        hops = store.listAllTableGrants(roleNames[0], PrincipalType.ROLE, dbName, tableNames[1]);
        Assert.assertEquals(0, hops.size());
        hops = store.listAllTableGrants(userNames[0], PrincipalType.USER, dbName, tableNames[1]);
        Assert.assertEquals(0, hops.size());
        hops = store.listTableGrantsAll(dbName, tableNames[0]);
        Assert.assertEquals(2, hops.size());
        boolean sawUser = false, sawRole = false;
        for (HiveObjectPrivilege h : hops) {
            if (h.getPrincipalName().equals(userNames[0])) {
                Assert.assertEquals(PrincipalType.USER, h.getPrincipalType());
                Assert.assertEquals(HiveObjectType.TABLE, h.getHiveObject().getObjectType());
                Assert.assertEquals("read", h.getGrantInfo().getPrivilege());
                sawUser = true;
            } else if (h.getPrincipalName().equals(roleNames[0])) {
                Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType());
                Assert.assertEquals(HiveObjectType.TABLE, h.getHiveObject().getObjectType());
                Assert.assertEquals("write", h.getGrantInfo().getPrivilege());
                sawRole = true;
            }
        }
        Assert.assertTrue(sawUser && sawRole);
        hops = store.listPrincipalTableGrantsAll(roleNames[0], PrincipalType.ROLE);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.TABLE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalTableGrantsAll(userNames[0], PrincipalType.USER);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.TABLE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrantsAll(roleNames[1], PrincipalType.ROLE);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrantsAll(userNames[1], PrincipalType.USER);
        Assert.assertEquals(0, hops.size());
    } finally {
        store.dropTable(dbName, tableNames[0]);
        store.dropTable(dbName, tableNames[1]);
        store.dropDatabase(dbName);
    }
}
Also used : PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) Table(org.apache.hadoop.hive.metastore.api.Table) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) FieldSchema(org.apache.hadoop.hive.metastore.api.FieldSchema) SerDeInfo(org.apache.hadoop.hive.metastore.api.SerDeInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) StorageDescriptor(org.apache.hadoop.hive.metastore.api.StorageDescriptor) Role(org.apache.hadoop.hive.metastore.api.Role) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) Database(org.apache.hadoop.hive.metastore.api.Database) Test(org.junit.Test)

Example 3 with PrivilegeBag

use of org.apache.hadoop.hive.metastore.api.PrivilegeBag in project hive by apache.

the class SQLStdHiveAccessController method revokePrivileges.

@Override
public void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException {
    hivePrivileges = expandAndValidatePrivileges(hivePrivileges);
    IMetaStoreClient metastoreClient = metastoreClientFactory.getHiveMetastoreClient();
    // authorize the revoke, and get the set of privileges to be revoked
    List<HiveObjectPrivilege> revokePrivs = RevokePrivAuthUtils.authorizeAndGetRevokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantOption, metastoreClient, authenticator.getUserName());
    try {
        // unfortunately, the metastore api revokes all privileges that match on
        // principal, privilege object type it does not filter on the grator
        // username.
        // So this will revoke privileges that are granted by other users.This is
        // not SQL compliant behavior. Need to change/add a metastore api
        // that has desired behavior.
        metastoreClient.revoke_privileges(new PrivilegeBag(revokePrivs), grantOption);
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error revoking privileges", e);
    }
}
Also used : HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException)

Example 4 with PrivilegeBag

use of org.apache.hadoop.hive.metastore.api.PrivilegeBag in project hive by apache.

the class SQLStdHiveAccessController method grantPrivileges.

@Override
public void grantPrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException {
    hivePrivileges = expandAndValidatePrivileges(hivePrivileges);
    IMetaStoreClient metastoreClient = metastoreClientFactory.getHiveMetastoreClient();
    // authorize the grant
    GrantPrivAuthUtils.authorize(hivePrincipals, hivePrivileges, hivePrivObject, grantOption, metastoreClient, authenticator.getUserName(), getCurrentRoleNames(), isUserAdmin());
    // grant
    PrivilegeBag privBag = SQLAuthorizationUtils.getThriftPrivilegesBag(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption);
    try {
        metastoreClient.grant_privileges(privBag);
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error granting privileges", e);
    }
}
Also used : PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException)

Example 5 with PrivilegeBag

use of org.apache.hadoop.hive.metastore.api.PrivilegeBag in project hive by apache.

the class HiveV1Authorizer method revokePrivileges.

@Override
public void revokePrivileges(List<HivePrincipal> principals, List<HivePrivilege> privileges, HivePrivilegeObject privObject, HivePrincipal grantor, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException {
    try {
        PrivilegeBag privBag = toPrivilegeBag(privileges, privObject, grantor, grantOption);
        grantOrRevokePrivs(principals, privBag, false, grantOption);
    } catch (Exception e) {
        throw new HiveAuthzPluginException(e);
    }
}
Also used : PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) SemanticException(org.apache.hadoop.hive.ql.parse.SemanticException) HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)

Aggregations

PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)13 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)8 ArrayList (java.util.ArrayList)7 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)7 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)7 Test (org.junit.Test)6 Role (org.apache.hadoop.hive.metastore.api.Role)5 Database (org.apache.hadoop.hive.metastore.api.Database)4 HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)3 HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)3 IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)2 FieldSchema (org.apache.hadoop.hive.metastore.api.FieldSchema)2 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)2 Partition (org.apache.hadoop.hive.metastore.api.Partition)2 StorageDescriptor (org.apache.hadoop.hive.metastore.api.StorageDescriptor)2 Table (org.apache.hadoop.hive.metastore.api.Table)2 SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)2 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)2 TException (org.apache.thrift.TException)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial