use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.
the class HBaseStore method listRolesWithGrants.
@Override
public List<RolePrincipalGrant> listRolesWithGrants(String principalName, PrincipalType principalType) {
boolean commit = false;
openTransaction();
try {
List<Role> roles = listRoles(principalName, principalType);
List<RolePrincipalGrant> rpgs = new ArrayList<RolePrincipalGrant>(roles.size());
for (Role role : roles) {
HbaseMetastoreProto.RoleGrantInfoList grants = getHBase().getRolePrincipals(role.getRoleName());
if (grants != null) {
for (HbaseMetastoreProto.RoleGrantInfo grant : grants.getGrantInfoList()) {
if (grant.getPrincipalType() == HBaseUtils.convertPrincipalTypes(principalType) && grant.getPrincipalName().equals(principalName)) {
rpgs.add(new RolePrincipalGrant(role.getRoleName(), principalName, principalType, grant.getGrantOption(), (int) grant.getAddTime(), grant.getGrantor(), HBaseUtils.convertPrincipalTypes(grant.getGrantorType())));
}
}
}
}
commit = true;
return rpgs;
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
commitOrRoleBack(commit);
}
}
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project presto by prestodb.
the class ThriftHiveMetastoreClient method revokeRole.
@Override
public void revokeRole(String role, String granteeName, PrincipalType granteeType, boolean grantOption) throws TException {
List<RolePrincipalGrant> grants = listRoleGrants(granteeName, granteeType);
RolePrincipalGrant currentGrant = null;
for (RolePrincipalGrant grant : grants) {
if (grant.getRoleName().equals(role)) {
currentGrant = grant;
break;
}
}
if (currentGrant == null) {
return;
}
if (!currentGrant.isGrantOption() && grantOption) {
return;
}
removeGrant(role, granteeName, granteeType, grantOption);
}
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.
the class SQLStdHiveAccessController method getHiveRoleGrants.
public static List<HiveRoleGrant> getHiveRoleGrants(IMetaStoreClient client, String roleName) throws Exception {
GetPrincipalsInRoleRequest request = new GetPrincipalsInRoleRequest(roleName);
GetPrincipalsInRoleResponse princGrantInfo = client.get_principals_in_role(request);
List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>();
for (RolePrincipalGrant thriftRoleGrant : princGrantInfo.getPrincipalGrants()) {
hiveRoleGrants.add(new HiveRoleGrant(thriftRoleGrant));
}
return hiveRoleGrants;
}
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.
the class SQLStdHiveAccessController method getAllRoleAncestors.
/**
* Add role names of parentRoles and its parents to processedRolesMap
*
* @param processedRolesMap
* @param roleGrants
* @throws TException
* @throws HiveAuthzPluginException
* @throws MetaException
*/
private void getAllRoleAncestors(Map<String, HiveRoleGrant> processedRolesMap, List<RolePrincipalGrant> roleGrants) throws MetaException, HiveAuthzPluginException, TException {
for (RolePrincipalGrant parentRoleGrant : roleGrants) {
String parentRoleName = parentRoleGrant.getRoleName();
if (processedRolesMap.get(parentRoleName) == null) {
// unprocessed role: get its parents, add it to processed, and call this
// function recursively
List<RolePrincipalGrant> nextParentRoles = getRoleGrants(parentRoleName, PrincipalType.ROLE);
processedRolesMap.put(parentRoleName, new HiveRoleGrant(parentRoleGrant));
getAllRoleAncestors(processedRolesMap, nextParentRoles);
}
}
}
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.
the class SQLStdHiveAccessController method getRoleGrantInfoForPrincipal.
@Override
public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException {
try {
// first authorize the call
if (!isUserAdmin()) {
ensureShowGrantAllowed(principal);
}
List<RolePrincipalGrant> roleGrants = getRoleGrants(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()));
List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(roleGrants.size());
for (RolePrincipalGrant roleGrant : roleGrants) {
hiveRoleGrants.add(new HiveRoleGrant(roleGrant));
}
return hiveRoleGrants;
} catch (Exception e) {
throw SQLAuthorizationUtils.getPluginException("Error getting role grant information for user " + principal.getName(), e);
}
}
Aggregations