Search in sources :

Example 1 with HivePrincipal

use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.

the class ThriftMetastoreUtil method listApplicableTablePrivileges.

public static Stream<HivePrivilegeInfo> listApplicableTablePrivileges(SemiTransactionalHiveMetastore metastore, String databaseName, String tableName, String user) {
    HivePrincipal userPrincipal = new HivePrincipal(USER, user);
    Stream<HivePrincipal> principals = Stream.concat(Stream.of(userPrincipal), listApplicableRoles(metastore, userPrincipal).map(role -> new HivePrincipal(ROLE, role)));
    return listTablePrivileges(metastore, databaseName, tableName, principals);
}
Also used : NUMBER_OF_TRUE_VALUES(io.prestosql.spi.statistics.ColumnStatisticType.NUMBER_OF_TRUE_VALUES) Arrays(java.util.Arrays) StorageFormat(io.prestosql.plugin.hive.metastore.StorageFormat) RoleGrant(io.prestosql.spi.security.RoleGrant) SerDeInfo(org.apache.hadoop.hive.metastore.api.SerDeInfo) BigDecimal(java.math.BigDecimal) BooleanColumnStatsData(org.apache.hadoop.hive.metastore.api.BooleanColumnStatsData) Math.round(java.lang.Math.round) Map(java.util.Map) RowType(io.prestosql.spi.type.RowType) DoubleColumnStatsData(org.apache.hadoop.hive.metastore.api.DoubleColumnStatsData) BigInteger(java.math.BigInteger) ENGLISH(java.util.Locale.ENGLISH) Chars.isCharType(io.prestosql.spi.type.Chars.isCharType) HiveErrorCode(io.prestosql.plugin.hive.HiveErrorCode) Longs(com.google.common.primitives.Longs) DecimalColumnStatsData(org.apache.hadoop.hive.metastore.api.DecimalColumnStatsData) ColumnStatisticsData.decimalStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.decimalStats) MAX_VALUE(io.prestosql.spi.statistics.ColumnStatisticType.MAX_VALUE) Set(java.util.Set) TIMESTAMP(io.prestosql.spi.type.TimestampType.TIMESTAMP) Stream(java.util.stream.Stream) Table(io.prestosql.plugin.hive.metastore.Table) Date(org.apache.hadoop.hive.metastore.api.Date) Database(io.prestosql.plugin.hive.metastore.Database) Partition(io.prestosql.plugin.hive.metastore.Partition) MIN_VALUE(io.prestosql.spi.statistics.ColumnStatisticType.MIN_VALUE) MapType(io.prestosql.spi.type.MapType) OptionalLong(java.util.OptionalLong) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) AVRO(io.prestosql.plugin.hive.HiveStorageFormat.AVRO) DOUBLE(io.prestosql.spi.type.DoubleType.DOUBLE) SemiTransactionalHiveMetastore(io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore) LongColumnStatsData(org.apache.hadoop.hive.metastore.api.LongColumnStatsData) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) Nullable(javax.annotation.Nullable) ColumnStatisticsData.binaryStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.binaryStats) AbstractIterator(com.google.common.collect.AbstractIterator) USER(io.prestosql.spi.security.PrincipalType.USER) MAX_VALUE_SIZE_IN_BYTES(io.prestosql.spi.statistics.ColumnStatisticType.MAX_VALUE_SIZE_IN_BYTES) PrincipalPrivileges(io.prestosql.plugin.hive.metastore.PrincipalPrivileges) HiveColumnStatistics(io.prestosql.plugin.hive.metastore.HiveColumnStatistics) StringColumnStatsData(org.apache.hadoop.hive.metastore.api.StringColumnStatsData) VARBINARY(io.prestosql.spi.type.VarbinaryType.VARBINARY) Strings.emptyToNull(com.google.common.base.Strings.emptyToNull) ColumnStatisticsData.longStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.longStats) DateColumnStatsData(org.apache.hadoop.hive.metastore.api.DateColumnStatsData) ArrayDeque(java.util.ArrayDeque) ColumnStatisticsData.stringStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.stringStats) PrestoPrincipal(io.prestosql.spi.security.PrestoPrincipal) PrincipalType(io.prestosql.spi.security.PrincipalType) HiveBasicStatistics(io.prestosql.plugin.hive.HiveBasicStatistics) Varchars.isVarcharType(io.prestosql.spi.type.Varchars.isVarcharType) ColumnStatisticsData.booleanStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.booleanStats) DecimalType(io.prestosql.spi.type.DecimalType) RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant) ByteBuffer(java.nio.ByteBuffer) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) Locale(java.util.Locale) ColumnStatisticsData.doubleStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.doubleStats) BOOLEAN(io.prestosql.spi.type.BooleanType.BOOLEAN) Type(io.prestosql.spi.type.Type) PrimitiveTypeInfo(org.apache.hadoop.hive.serde2.typeinfo.PrimitiveTypeInfo) StorageDescriptor(org.apache.hadoop.hive.metastore.api.StorageDescriptor) BIGINT(io.prestosql.spi.type.BigintType.BIGINT) PrestoException(io.prestosql.spi.PrestoException) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableMap(com.google.common.collect.ImmutableMap) Predicate(java.util.function.Predicate) ArrayType(io.prestosql.spi.type.ArrayType) ColumnStatisticsObj(org.apache.hadoop.hive.metastore.api.ColumnStatisticsObj) Collection(java.util.Collection) Decimal(org.apache.hadoop.hive.metastore.api.Decimal) Order(org.apache.hadoop.hive.metastore.api.Order) SelectedRole(io.prestosql.spi.security.SelectedRole) TINYINT(io.prestosql.spi.type.TinyintType.TINYINT) Streams(com.google.common.collect.Streams) HiveType(io.prestosql.plugin.hive.HiveType) String.format(java.lang.String.format) NUMBER_OF_DISTINCT_VALUES(io.prestosql.spi.statistics.ColumnStatisticType.NUMBER_OF_DISTINCT_VALUES) List(java.util.List) LocalDate(java.time.LocalDate) Optional(java.util.Optional) Queue(java.util.Queue) HiveBucketProperty(io.prestosql.plugin.hive.HiveBucketProperty) Strings.nullToEmpty(com.google.common.base.Strings.nullToEmpty) OptionalDouble(java.util.OptionalDouble) AVRO_SCHEMA_URL_KEY(io.prestosql.plugin.hive.HiveMetadata.AVRO_SCHEMA_URL_KEY) Shorts(com.google.common.primitives.Shorts) INTEGER(io.prestosql.spi.type.IntegerType.INTEGER) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) Function(java.util.function.Function) ColumnStatisticType(io.prestosql.spi.statistics.ColumnStatisticType) HashSet(java.util.HashSet) ROLE(io.prestosql.spi.security.PrincipalType.ROLE) ColumnStatisticsData.dateStats(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData.dateStats) BinaryColumnStatsData(org.apache.hadoop.hive.metastore.api.BinaryColumnStatsData) HivePrivilegeInfo(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo) Objects.requireNonNull(java.util.Objects.requireNonNull) DATE(io.prestosql.spi.type.DateType.DATE) REAL(io.prestosql.spi.type.RealType.REAL) TOTAL_SIZE_IN_BYTES(io.prestosql.spi.statistics.ColumnStatisticType.TOTAL_SIZE_IN_BYTES) NUMBER_OF_NON_NULL_VALUES(io.prestosql.spi.statistics.ColumnStatisticType.NUMBER_OF_NON_NULL_VALUES) CSV(io.prestosql.plugin.hive.HiveStorageFormat.CSV) PartitionWithStatistics(io.prestosql.plugin.hive.metastore.PartitionWithStatistics) ConnectorIdentity(io.prestosql.spi.security.ConnectorIdentity) PRIMITIVE(org.apache.hadoop.hive.serde2.objectinspector.ObjectInspector.Category.PRIMITIVE) TypeInfo(org.apache.hadoop.hive.serde2.typeinfo.TypeInfo) FieldSchema(org.apache.hadoop.hive.metastore.api.FieldSchema) Storage(io.prestosql.plugin.hive.metastore.Storage) Collectors.toList(java.util.stream.Collectors.toList) SMALLINT(io.prestosql.spi.type.SmallintType.SMALLINT) Column(io.prestosql.plugin.hive.metastore.Column) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)

Example 2 with HivePrincipal

use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.

the class ThriftHiveMetastore method grantTablePrivileges.

@Override
public void grantTablePrivileges(String databaseName, String tableName, HivePrincipal sourceGrantee, Set<HivePrivilegeInfo> privileges) {
    Set<PrivilegeGrantInfo> requestedPrivileges = privileges.stream().map(ThriftMetastoreUtil::toMetastoreApiPrivilegeGrantInfo).collect(Collectors.toSet());
    checkArgument(!containsAllPrivilege(requestedPrivileges), "\"ALL\" not supported in PrivilegeGrantInfo.privilege");
    HivePrincipal grantee = ThriftMetastoreUtil.applyRoleNameCaseSensitive(sourceGrantee, isRoleNameCaseSensitive);
    try {
        retry().stopOnIllegalExceptions().run("grantTablePrivileges", stats.getGrantTablePrivileges().wrap(() -> {
            try (ThriftMetastoreClient metastoreClient = clientProvider.createMetastoreClient()) {
                Set<HivePrivilegeInfo> existingPrivileges = listTablePrivileges(databaseName, tableName, grantee);
                Set<PrivilegeGrantInfo> privilegesToGrant = new HashSet<>(requestedPrivileges);
                Iterator<PrivilegeGrantInfo> iterator = privilegesToGrant.iterator();
                while (iterator.hasNext()) {
                    HivePrivilegeInfo requestedPrivilege = getOnlyElement(ThriftMetastoreUtil.parsePrivilege(iterator.next(), Optional.empty()));
                    for (HivePrivilegeInfo existingPrivilege : existingPrivileges) {
                        if ((requestedPrivilege.isContainedIn(existingPrivilege))) {
                            iterator.remove();
                        } else if (existingPrivilege.isContainedIn(requestedPrivilege)) {
                            throw new PrestoException(NOT_SUPPORTED, format("Granting %s WITH GRANT OPTION is not supported while %s possesses %s", requestedPrivilege.getHivePrivilege().name(), grantee, requestedPrivilege.getHivePrivilege().name()));
                        }
                    }
                }
                if (privilegesToGrant.isEmpty()) {
                    return null;
                }
                metastoreClient.grantPrivileges(buildPrivilegeBag(databaseName, tableName, grantee, privilegesToGrant));
            }
            return null;
        }));
    } catch (TException e) {
        throw new PrestoException(HiveErrorCode.HIVE_METASTORE_ERROR, e);
    } catch (Exception e) {
        throw propagate(e);
    }
}
Also used : TException(org.apache.thrift.TException) HivePrivilegeInfo(io.prestosql.plugin.hive.metastore.HivePrivilegeInfo) Set(java.util.Set) Collectors.toSet(java.util.stream.Collectors.toSet) ImmutableSet(com.google.common.collect.ImmutableSet) HashSet(java.util.HashSet) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) Iterator(java.util.Iterator) PrestoException(io.prestosql.spi.PrestoException) HiveViewNotSupportedException(io.prestosql.plugin.hive.HiveViewNotSupportedException) TableAlreadyExistsException(io.prestosql.spi.connector.TableAlreadyExistsException) NoSuchTxnException(org.apache.hadoop.hive.metastore.api.NoSuchTxnException) AlreadyExistsException(org.apache.hadoop.hive.metastore.api.AlreadyExistsException) SchemaAlreadyExistsException(io.prestosql.spi.connector.SchemaAlreadyExistsException) TableNotFoundException(io.prestosql.spi.connector.TableNotFoundException) InvalidInputException(org.apache.hadoop.hive.metastore.api.InvalidInputException) InvalidOperationException(org.apache.hadoop.hive.metastore.api.InvalidOperationException) TxnAbortedException(org.apache.hadoop.hive.metastore.api.TxnAbortedException) ConfigValSecurityException(org.apache.hadoop.hive.metastore.api.ConfigValSecurityException) UnknownDBException(org.apache.hadoop.hive.metastore.api.UnknownDBException) TException(org.apache.thrift.TException) IOException(java.io.IOException) PartitionNotFoundException(io.prestosql.plugin.hive.PartitionNotFoundException) NoSuchObjectException(org.apache.hadoop.hive.metastore.api.NoSuchObjectException) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) PrestoException(io.prestosql.spi.PrestoException) NoSuchLockException(org.apache.hadoop.hive.metastore.api.NoSuchLockException) UnknownTableException(org.apache.hadoop.hive.metastore.api.UnknownTableException) SchemaNotFoundException(io.prestosql.spi.connector.SchemaNotFoundException) InvalidObjectException(org.apache.hadoop.hive.metastore.api.InvalidObjectException)

Example 3 with HivePrincipal

use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.

the class SqlStandardAccessControl method hasAdminOptionForRoles.

private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Set<String> roles) {
    if (isAdmin(transaction, identity)) {
        return true;
    }
    SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction));
    Set<String> rolesWithGrantOption = listApplicableRoles(new HivePrincipal(USER, identity.getUser()), metastore::listRoleGrants).filter(RoleGrant::isGrantable).map(RoleGrant::getRoleName).collect(toSet());
    return rolesWithGrantOption.containsAll(roles);
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) SemiTransactionalHiveMetastore(io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) HiveTransactionHandle(io.prestosql.plugin.hive.HiveTransactionHandle)

Example 4 with HivePrincipal

use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.

the class FileHiveMetastore method removeNonExistingRoles.

private static Set<RoleGrant> removeNonExistingRoles(Set<RoleGrant> grants, Set<String> existingRoles) {
    ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
    for (RoleGrant grant : grants) {
        if (!existingRoles.contains(grant.getRoleName())) {
            continue;
        }
        HivePrincipal grantee = HivePrincipal.from(grant.getGrantee());
        if (grantee.getType() == ROLE && !existingRoles.contains(grantee.getName())) {
            continue;
        }
        result.add(grant);
    }
    return result.build();
}
Also used : RoleGrant(io.prestosql.spi.security.RoleGrant) ImmutableSet(com.google.common.collect.ImmutableSet) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal)

Example 5 with HivePrincipal

use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.

the class FileHiveMetastore method createTable.

@Override
public synchronized void createTable(HiveIdentity identity, Table table, PrincipalPrivileges principalPrivileges) {
    verifyTableNotExists(table.getDatabaseName(), table.getTableName());
    Path tableMetadataDirectory = getTableMetadataDirectory(table);
    // validate table location
    if (table.getTableType().equals(VIRTUAL_VIEW.name())) {
        checkArgument(table.getStorage().getLocation().isEmpty(), "Storage location for view must be empty");
    } else if (table.getTableType().equals(MANAGED_TABLE.name())) {
        if (!tableMetadataDirectory.equals(new Path(table.getStorage().getLocation()))) {
            throw new PrestoException(HiveErrorCode.HIVE_METASTORE_ERROR, "Table directory must be " + tableMetadataDirectory);
        }
    } else if (table.getTableType().equals(EXTERNAL_TABLE.name())) {
        try {
            Path externalLocation = new Path(table.getStorage().getLocation());
            FileSystem externalFileSystem = hdfsEnvironment.getFileSystem(hdfsContext, externalLocation);
            if (!externalFileSystem.isDirectory(externalLocation)) {
                throw new PrestoException(HiveErrorCode.HIVE_METASTORE_ERROR, "External table location does not exist");
            }
            if (isChildDirectory(catalogDirectory, externalLocation)) {
                throw new PrestoException(HiveErrorCode.HIVE_METASTORE_ERROR, "External table location can not be inside the system metadata directory");
            }
        } catch (IOException e) {
            throw new PrestoException(HiveErrorCode.HIVE_METASTORE_ERROR, "Could not validate external location", e);
        }
    } else {
        throw new PrestoException(NOT_SUPPORTED, "Table type not supported: " + table.getTableType());
    }
    writeSchemaFile("table", tableMetadataDirectory, tableCodec, new TableMetadata(table), false);
    for (Entry<String, Collection<HivePrivilegeInfo>> entry : principalPrivileges.getUserPrivileges().asMap().entrySet()) {
        setTablePrivileges(new HivePrincipal(USER, entry.getKey()), table.getDatabaseName(), table.getTableName(), entry.getValue());
    }
    for (Entry<String, Collection<HivePrivilegeInfo>> entry : principalPrivileges.getRolePrivileges().asMap().entrySet()) {
        setTablePrivileges(new HivePrincipal(ROLE, entry.getKey()), table.getDatabaseName(), table.getTableName(), entry.getValue());
    }
}
Also used : Path(org.apache.hadoop.fs.Path) HivePrincipal(io.prestosql.plugin.hive.metastore.HivePrincipal) FileSystem(org.apache.hadoop.fs.FileSystem) Collection(java.util.Collection) PrestoException(io.prestosql.spi.PrestoException) IOException(java.io.IOException)

Aggregations

HivePrincipal (io.prestosql.plugin.hive.metastore.HivePrincipal)30 RoleGrant (io.prestosql.spi.security.RoleGrant)18 PrestoException (io.prestosql.spi.PrestoException)16 ImmutableSet (com.google.common.collect.ImmutableSet)14 HivePrivilegeInfo (io.prestosql.plugin.hive.metastore.HivePrivilegeInfo)12 HashSet (java.util.HashSet)12 Set (java.util.Set)12 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)10 SemiTransactionalHiveMetastore (io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore)10 Collection (java.util.Collection)8 Collectors.toSet (java.util.stream.Collectors.toSet)8 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)8 USER (io.prestosql.spi.security.PrincipalType.USER)6 SelectedRole (io.prestosql.spi.security.SelectedRole)6 List (java.util.List)6 ENGLISH (java.util.Locale.ENGLISH)6 Objects.requireNonNull (java.util.Objects.requireNonNull)6 Optional (java.util.Optional)6 ImmutableList (com.google.common.collect.ImmutableList)5 SchemaTableName (io.prestosql.spi.connector.SchemaTableName)5