Examples with HiveAccessControlException org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException used on opensource projects

Search in sources :

Example 1 with HiveAccessControlException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException in project hive by apache.

the class SQLStdHiveAccessController method grantRole.

@Override
public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException {
    if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) {
        throw new HiveAccessControlException("Current user : " + currentUserName + " is not" + " allowed to grant role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG);
    }
    for (HivePrincipal hivePrincipal : hivePrincipals) {
        for (String roleName : roleNames) {
            try {
                IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
                mClient.grant_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantorPrinc.getName(), AuthorizationUtils.getThriftPrincipalType(grantorPrinc.getType()), grantOption);
            } catch (MetaException e) {
                throw SQLAuthorizationUtils.getPluginException("Error granting role", e);
            } catch (Exception e) {
                String msg = "Error granting roles for " + hivePrincipal.getName() + " to role " + roleName;
                throw SQLAuthorizationUtils.getPluginException(msg, e);
            }
        }
    }
}
Also used : HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException) MetaException(org.apache.hadoop.hive.metastore.api.MetaException)

Example 2 with HiveAccessControlException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException in project hive by apache.

the class SQLStdHiveAccessController method revokePrivileges.

@Override
public void revokePrivileges(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException, HiveAccessControlException {
    hivePrivileges = expandAndValidatePrivileges(hivePrivileges);
    IMetaStoreClient metastoreClient = metastoreClientFactory.getHiveMetastoreClient();
    // authorize the revoke, and get the set of privileges to be revoked
    List<HiveObjectPrivilege> revokePrivs = RevokePrivAuthUtils.authorizeAndGetRevokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantOption, metastoreClient, authenticator.getUserName());
    try {
        // unfortunately, the metastore api revokes all privileges that match on
        // principal, privilege object type it does not filter on the grator
        // username.
        // So this will revoke privileges that are granted by other users.This is
        // not SQL compliant behavior. Need to change/add a metastore api
        // that has desired behavior.
        metastoreClient.revoke_privileges(new PrivilegeBag(revokePrivs), grantOption);
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error revoking privileges", e);
    }
}
Also used : HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException)

Example 3 with HiveAccessControlException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException in project hive by apache.

the class SQLStdHiveAccessController method setCurrentRole.

@Override
public void setCurrentRole(String roleName) throws HiveAccessControlException, HiveAuthzPluginException {
    initUserRoles();
    if (NONE.equalsIgnoreCase(roleName)) {
        // for set role NONE, clear all roles for current session.
        currentRoles.clear();
        return;
    }
    if (ALL.equalsIgnoreCase(roleName)) {
        // for set role ALL, reset roles to default roles.
        currentRoles.clear();
        currentRoles.addAll(getRolesFromMS());
        return;
    }
    for (HiveRoleGrant role : getRolesFromMS()) {
        // set to one of the roles user belongs to.
        if (role.getRoleName().equalsIgnoreCase(roleName)) {
            currentRoles.clear();
            currentRoles.add(role);
            return;
        }
    }
    // set to ADMIN role, if user belongs there.
    if (HiveMetaStore.ADMIN.equalsIgnoreCase(roleName) && null != this.adminRole) {
        currentRoles.clear();
        currentRoles.add(adminRole);
        return;
    }
    LOG.info("Current user : " + currentUserName + ", Current Roles : " + currentRoles);
    // If we are here it means, user is requesting a role he doesn't belong to.
    throw new HiveAccessControlException(currentUserName + " doesn't belong to role " + roleName);
}
Also used : HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)

Example 4 with HiveAccessControlException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException in project hive by apache.

the class SQLStdHiveAccessController method createRole.

@Override
public void createRole(String roleName, HivePrincipal adminGrantor) throws HiveAuthzPluginException, HiveAccessControlException {
    // only user belonging to admin role can create new roles.
    if (!isUserAdmin()) {
        throw new HiveAccessControlException("Current user : " + currentUserName + " is not" + " allowed to add roles. " + ADMIN_ONLY_MSG);
    }
    if (RESERVED_ROLE_NAMES.contains(roleName.trim().toUpperCase())) {
        throw new HiveAuthzPluginException("Role name cannot be one of the reserved roles: " + RESERVED_ROLE_NAMES);
    }
    try {
        String grantorName = adminGrantor == null ? null : adminGrantor.getName();
        metastoreClientFactory.getHiveMetastoreClient().create_role(new Role(roleName, 0, grantorName));
    } catch (TException e) {
        throw SQLAuthorizationUtils.getPluginException("Error create role", e);
    }
}
Also used : Role(org.apache.hadoop.hive.metastore.api.Role) TException(org.apache.thrift.TException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)

Example 5 with HiveAccessControlException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException in project hive by apache.

the class SQLStdHiveAccessController method revokeRole.

@Override
public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException {
    if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) {
        throw new HiveAccessControlException("Current user : " + currentUserName + " is not" + " allowed to revoke role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG);
    }
    for (HivePrincipal hivePrincipal : hivePrincipals) {
        for (String roleName : roleNames) {
            try {
                IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
                mClient.revoke_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantOption);
            } catch (Exception e) {
                String msg = "Error revoking roles for " + hivePrincipal.getName() + " to role " + roleName;
                throw SQLAuthorizationUtils.getPluginException(msg, e);
            }
        }
    }
}
Also used : HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException)

Aggregations

HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)12 HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)11 TException (org.apache.thrift.TException)8 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)7 IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)5 HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)4 ArrayList (java.util.ArrayList)3 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)3 PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)2 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)2 HiveAuthzContext (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext)2 HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)2 HiveRoleGrant (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)2 Connection (java.sql.Connection)1 DatabaseMetaData (java.sql.DatabaseMetaData)1 SQLException (java.sql.SQLException)1 HashMap (java.util.HashMap)1 DrillRuntimeException (org.apache.drill.common.exceptions.DrillRuntimeException)1 UserException (org.apache.drill.common.exceptions.UserException)1 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial