Examples with HiveAuthzPluginException org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException used on opensource projects

Search in sources :

Example 11 with HiveAuthzPluginException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException in project hive by apache.

the class SQLStdHiveAccessController method getRoleGrantInfoForPrincipal.

@Override
public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException {
    try {
        // first authorize the call
        if (!isUserAdmin()) {
            ensureShowGrantAllowed(principal);
        }
        List<RolePrincipalGrant> roleGrants = getRoleGrants(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()));
        List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(roleGrants.size());
        for (RolePrincipalGrant roleGrant : roleGrants) {
            hiveRoleGrants.add(new HiveRoleGrant(roleGrant));
        }
        return hiveRoleGrants;
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error getting role grant information for user " + principal.getName(), e);
    }
}
Also used : RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant) HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant) ArrayList(java.util.ArrayList) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException)

Example 12 with HiveAuthzPluginException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException in project hive by apache.

the class RevokePrivAuthUtils method authorizeAndGetRevokePrivileges.

public static List<HiveObjectPrivilege> authorizeAndGetRevokePrivileges(List<HivePrincipal> principals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, boolean grantOption, IMetaStoreClient mClient, String userName) throws HiveAuthzPluginException, HiveAccessControlException {
    List<HiveObjectPrivilege> matchingPrivs = new ArrayList<HiveObjectPrivilege>();
    StringBuilder errMsg = new StringBuilder();
    for (HivePrincipal principal : principals) {
        // get metastore/thrift privilege object for this principal and object, not looking at
        // privileges obtained indirectly via roles
        List<HiveObjectPrivilege> msObjPrivs;
        try {
            msObjPrivs = mClient.list_privileges(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivObject));
        } catch (MetaException e) {
            throw new HiveAuthzPluginException(e);
        } catch (TException e) {
            throw new HiveAuthzPluginException(e);
        }
        // the resulting privileges need to be filtered on privilege type and
        // username
        // create a Map to capture object privileges corresponding to privilege
        // type
        Map<String, HiveObjectPrivilege> priv2privObj = new HashMap<String, HiveObjectPrivilege>();
        for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
            PrivilegeGrantInfo grantInfo = msObjPriv.getGrantInfo();
            // check if the grantor matches current user
            if (grantInfo.getGrantor() != null && grantInfo.getGrantor().equals(userName) && grantInfo.getGrantorType() == PrincipalType.USER) {
                // add to the map
                priv2privObj.put(grantInfo.getPrivilege(), msObjPriv);
            }
        // else skip this one
        }
        // find the privileges that we are looking for
        for (HivePrivilege hivePrivilege : hivePrivileges) {
            HiveObjectPrivilege matchedPriv = priv2privObj.get(hivePrivilege.getName());
            if (matchedPriv != null) {
                matchingPrivs.add(matchedPriv);
            } else {
                errMsg.append("Cannot find privilege ").append(hivePrivilege).append(" for ").append(principal).append(" on ").append(hivePrivObject).append(" granted by ").append(userName).append(System.getProperty("line.separator"));
            }
        }
    }
    if (errMsg.length() != 0) {
        throw new HiveAccessControlException(errMsg.toString());
    }
    return matchingPrivs;
}
Also used : TException(org.apache.thrift.TException) HashMap(java.util.HashMap) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) ArrayList(java.util.ArrayList) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) MetaException(org.apache.hadoop.hive.metastore.api.MetaException)

Example 13 with HiveAuthzPluginException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException in project hive by apache.

the class MetadataOperation method authorizeMetaGets.

protected void authorizeMetaGets(HiveOperationType opType, List<HivePrivilegeObject> inpObjs, String cmdString) throws HiveSQLException {
    SessionState ss = SessionState.get();
    HiveAuthzContext.Builder ctxBuilder = new HiveAuthzContext.Builder();
    ctxBuilder.setUserIpAddress(ss.getUserIpAddress());
    ctxBuilder.setForwardedAddresses(ss.getForwardedAddresses());
    ctxBuilder.setCommandString(cmdString);
    try {
        ss.getAuthorizerV2().checkPrivileges(opType, inpObjs, null, ctxBuilder.build());
    } catch (HiveAuthzPluginException | HiveAccessControlException e) {
        throw new HiveSQLException(e.getMessage(), e);
    }
}
Also used : SessionState(org.apache.hadoop.hive.ql.session.SessionState) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveSQLException(org.apache.hive.service.cli.HiveSQLException) HiveAuthzContext(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)

Example 14 with HiveAuthzPluginException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException in project hive by apache.

the class GenericUDFCurrentAuthorizer method initialize.

@Override
public ObjectInspector initialize(ObjectInspector[] arguments) throws UDFArgumentException {
    if (arguments.length != 0) {
        throw new UDFArgumentLengthException("The function CurrentAuthorizer does not take any arguments, but found " + arguments.length);
    }
    if (authorizer == null) {
        HiveConf hiveConf = SessionState.getSessionConf();
        HiveAuthorizer hiveAuthorizer = SessionState.get().getAuthorizerV2();
        try {
            if (hiveAuthorizer.getHivePolicyProvider() != null) {
                authorizer = new Text(hiveAuthorizer.getHivePolicyProvider().getClass().getSimpleName());
            }
        } catch (HiveAuthzPluginException e) {
            LOG.warn("Error getting HivePolicyProvider", e);
        }
        if (authorizer == null) {
            // If authorizer is not set, check for metastore authorizer (eg. StorageBasedAuthorizationProvider)
            if (MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS) != null && !MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS).isEmpty() && HiveConf.getVar(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER) != null) {
                List<HiveMetastoreAuthorizationProvider> authorizerProviders;
                try {
                    authorizerProviders = HiveUtils.getMetaStoreAuthorizeProviderManagers(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER, SessionState.get().getAuthenticator());
                    for (HiveMetastoreAuthorizationProvider authProvider : authorizerProviders) {
                        if (authProvider.getHivePolicyProvider() != null) {
                            authorizer = new Text(authProvider.getHivePolicyProvider().getClass().getSimpleName());
                            break;
                        }
                    }
                } catch (HiveAuthzPluginException e) {
                    LOG.warn("Error getting HivePolicyProvider", e);
                } catch (HiveException e) {
                    LOG.warn("Error instantiating hive.security.metastore.authorization.manager", e);
                }
            }
        }
    }
    return PrimitiveObjectInspectorFactory.writableStringObjectInspector;
}
Also used : HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer) HiveMetastoreAuthorizationProvider(org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider) HiveException(org.apache.hadoop.hive.ql.metadata.HiveException) UDFArgumentLengthException(org.apache.hadoop.hive.ql.exec.UDFArgumentLengthException) HiveConf(org.apache.hadoop.hive.conf.HiveConf) Text(org.apache.hadoop.io.Text) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)

Example 15 with HiveAuthzPluginException

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException in project hive by apache.

the class DummyHiveAuthorizer method checkPrivileges.

@Override
public void checkPrivileges(HiveOperationType hiveOpType, List<HivePrivilegeObject> inputHObjs, List<HivePrivilegeObject> outputHObjs, HiveAuthzContext context) throws HiveAuthzPluginException, HiveAccessControlException {
    String user = null;
    String errorMessage = "";
    try {
        user = UserGroupInformation.getLoginUser().getShortUserName();
    } catch (Exception e) {
        throw new HiveAuthzPluginException("Unable to get UserGroupInformation");
    }
    if (!isOperationAllowed(user)) {
        errorMessage = "Operation type " + hiveOpType + " not allowed for user:" + user;
        throw new HiveAuthzPluginException(errorMessage);
    }
}
Also used : HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)

Aggregations

HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)18 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)15 TException (org.apache.thrift.TException)10 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)9 IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)6 HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)6 HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)6 ArrayList (java.util.ArrayList)5 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)5 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)4 HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)4 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)3 PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)3 SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)3 HashMap (java.util.HashMap)2 HiveConf (org.apache.hadoop.hive.conf.HiveConf)2 PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)2 RolePrincipalGrant (org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)2 UDFArgumentLengthException (org.apache.hadoop.hive.ql.exec.UDFArgumentLengthException)2 HiveMetastoreAuthorizationProvider (org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial