Search in sources :

Example 1 with RolePrincipalGrant

use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.

the class HBaseStore method listRolesWithGrants.

@Override
public List<RolePrincipalGrant> listRolesWithGrants(String principalName, PrincipalType principalType) {
    boolean commit = false;
    openTransaction();
    try {
        List<Role> roles = listRoles(principalName, principalType);
        List<RolePrincipalGrant> rpgs = new ArrayList<RolePrincipalGrant>(roles.size());
        for (Role role : roles) {
            HbaseMetastoreProto.RoleGrantInfoList grants = getHBase().getRolePrincipals(role.getRoleName());
            if (grants != null) {
                for (HbaseMetastoreProto.RoleGrantInfo grant : grants.getGrantInfoList()) {
                    if (grant.getPrincipalType() == HBaseUtils.convertPrincipalTypes(principalType) && grant.getPrincipalName().equals(principalName)) {
                        rpgs.add(new RolePrincipalGrant(role.getRoleName(), principalName, principalType, grant.getGrantOption(), (int) grant.getAddTime(), grant.getGrantor(), HBaseUtils.convertPrincipalTypes(grant.getGrantorType())));
                    }
                }
            }
        }
        commit = true;
        return rpgs;
    } catch (Exception e) {
        throw new RuntimeException(e);
    } finally {
        commitOrRoleBack(commit);
    }
}
Also used : Role(org.apache.hadoop.hive.metastore.api.Role) RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant) ArrayList(java.util.ArrayList) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) InvalidInputException(org.apache.hadoop.hive.metastore.api.InvalidInputException) InvalidPartitionException(org.apache.hadoop.hive.metastore.api.InvalidPartitionException) UnknownDBException(org.apache.hadoop.hive.metastore.api.UnknownDBException) UnknownTableException(org.apache.hadoop.hive.metastore.api.UnknownTableException) TException(org.apache.thrift.TException) UnknownPartitionException(org.apache.hadoop.hive.metastore.api.UnknownPartitionException) IOException(java.io.IOException) InvalidObjectException(org.apache.hadoop.hive.metastore.api.InvalidObjectException) NoSuchObjectException(org.apache.hadoop.hive.metastore.api.NoSuchObjectException)

Example 2 with RolePrincipalGrant

use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project presto by prestodb.

the class ThriftHiveMetastoreClient method revokeRole.

@Override
public void revokeRole(String role, String granteeName, PrincipalType granteeType, boolean grantOption) throws TException {
    List<RolePrincipalGrant> grants = listRoleGrants(granteeName, granteeType);
    RolePrincipalGrant currentGrant = null;
    for (RolePrincipalGrant grant : grants) {
        if (grant.getRoleName().equals(role)) {
            currentGrant = grant;
            break;
        }
    }
    if (currentGrant == null) {
        return;
    }
    if (!currentGrant.isGrantOption() && grantOption) {
        return;
    }
    removeGrant(role, granteeName, granteeType, grantOption);
}
Also used : RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)

Example 3 with RolePrincipalGrant

use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.

the class SQLStdHiveAccessController method getHiveRoleGrants.

public static List<HiveRoleGrant> getHiveRoleGrants(IMetaStoreClient client, String roleName) throws Exception {
    GetPrincipalsInRoleRequest request = new GetPrincipalsInRoleRequest(roleName);
    GetPrincipalsInRoleResponse princGrantInfo = client.get_principals_in_role(request);
    List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>();
    for (RolePrincipalGrant thriftRoleGrant : princGrantInfo.getPrincipalGrants()) {
        hiveRoleGrants.add(new HiveRoleGrant(thriftRoleGrant));
    }
    return hiveRoleGrants;
}
Also used : RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant) HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant) ArrayList(java.util.ArrayList) GetPrincipalsInRoleResponse(org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleResponse) GetPrincipalsInRoleRequest(org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleRequest)

Example 4 with RolePrincipalGrant

use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.

the class SQLStdHiveAccessController method getAllRoleAncestors.

/**
 * Add role names of parentRoles and its parents to processedRolesMap
 *
 * @param processedRolesMap
 * @param roleGrants
 * @throws TException
 * @throws HiveAuthzPluginException
 * @throws MetaException
 */
private void getAllRoleAncestors(Map<String, HiveRoleGrant> processedRolesMap, List<RolePrincipalGrant> roleGrants) throws MetaException, HiveAuthzPluginException, TException {
    for (RolePrincipalGrant parentRoleGrant : roleGrants) {
        String parentRoleName = parentRoleGrant.getRoleName();
        if (processedRolesMap.get(parentRoleName) == null) {
            // unprocessed role: get its parents, add it to processed, and call this
            // function recursively
            List<RolePrincipalGrant> nextParentRoles = getRoleGrants(parentRoleName, PrincipalType.ROLE);
            processedRolesMap.put(parentRoleName, new HiveRoleGrant(parentRoleGrant));
            getAllRoleAncestors(processedRolesMap, nextParentRoles);
        }
    }
}
Also used : RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant) HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)

Example 5 with RolePrincipalGrant

use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.

the class SQLStdHiveAccessController method getRoleGrantInfoForPrincipal.

@Override
public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException {
    try {
        // first authorize the call
        if (!isUserAdmin()) {
            ensureShowGrantAllowed(principal);
        }
        List<RolePrincipalGrant> roleGrants = getRoleGrants(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()));
        List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(roleGrants.size());
        for (RolePrincipalGrant roleGrant : roleGrants) {
            hiveRoleGrants.add(new HiveRoleGrant(roleGrant));
        }
        return hiveRoleGrants;
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error getting role grant information for user " + principal.getName(), e);
    }
}
Also used : RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant) HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant) ArrayList(java.util.ArrayList) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException)

Aggregations

RolePrincipalGrant (org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)13 ArrayList (java.util.ArrayList)8 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)4 HiveRoleGrant (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)4 TException (org.apache.thrift.TException)4 IOException (java.io.IOException)2 InvalidInputException (org.apache.hadoop.hive.metastore.api.InvalidInputException)2 InvalidObjectException (org.apache.hadoop.hive.metastore.api.InvalidObjectException)2 InvalidPartitionException (org.apache.hadoop.hive.metastore.api.InvalidPartitionException)2 NoSuchObjectException (org.apache.hadoop.hive.metastore.api.NoSuchObjectException)2 Role (org.apache.hadoop.hive.metastore.api.Role)2 UnknownDBException (org.apache.hadoop.hive.metastore.api.UnknownDBException)2 UnknownPartitionException (org.apache.hadoop.hive.metastore.api.UnknownPartitionException)2 UnknownTableException (org.apache.hadoop.hive.metastore.api.UnknownTableException)2 MRoleMap (org.apache.hadoop.hive.metastore.model.MRoleMap)2 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)2 HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)2 HashMap (java.util.HashMap)1 GetPrincipalsInRoleRequest (org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleRequest)1 GetPrincipalsInRoleResponse (org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleResponse)1