use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.
the class ThriftMetastoreUtil method listEnabledRoles.
public static Stream<String> listEnabledRoles(ConnectorIdentity identity, Function<HivePrincipal, Set<RoleGrant>> listRoleGrants) {
Optional<SelectedRole> role = identity.getRole();
if (role.isPresent() && role.get().getType() == SelectedRole.Type.NONE) {
return Stream.of(PUBLIC_ROLE_NAME);
}
HivePrincipal principal;
if (!role.isPresent() || role.get().getType() == SelectedRole.Type.ALL) {
principal = new HivePrincipal(USER, identity.getUser());
} else {
principal = new HivePrincipal(ROLE, role.get().getRole().get());
}
Stream<String> roles = Stream.of(PUBLIC_ROLE_NAME);
if (principal.getType() == ROLE) {
roles = Stream.concat(roles, Stream.of(principal.getName()));
}
return Stream.concat(roles, listApplicableRoles(principal, listRoleGrants).map(RoleGrant::getRoleName).filter(Predicate.isEqual(ADMIN_ROLE_NAME).negate()));
}
use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.
the class ThriftHiveMetastore method revokeTablePrivileges.
@Override
public void revokeTablePrivileges(String databaseName, String tableName, HivePrincipal sourceGrantee, Set<HivePrivilegeInfo> privileges) {
Set<PrivilegeGrantInfo> requestedPrivileges = privileges.stream().map(ThriftMetastoreUtil::toMetastoreApiPrivilegeGrantInfo).collect(Collectors.toSet());
checkArgument(!containsAllPrivilege(requestedPrivileges), "\"ALL\" not supported in PrivilegeGrantInfo.privilege");
HivePrincipal grantee = ThriftMetastoreUtil.applyRoleNameCaseSensitive(sourceGrantee, isRoleNameCaseSensitive);
try {
retry().stopOnIllegalExceptions().run("revokeTablePrivileges", stats.getRevokeTablePrivileges().wrap(() -> {
try (ThriftMetastoreClient metastoreClient = clientProvider.createMetastoreClient()) {
Set<HivePrivilegeInfo.HivePrivilege> existingHivePrivileges = listTablePrivileges(databaseName, tableName, grantee).stream().map(HivePrivilegeInfo::getHivePrivilege).collect(toSet());
Set<PrivilegeGrantInfo> privilegesToRevoke = requestedPrivileges.stream().filter(privilegeGrantInfo -> existingHivePrivileges.contains(getOnlyElement(ThriftMetastoreUtil.parsePrivilege(privilegeGrantInfo, Optional.empty())).getHivePrivilege())).collect(toSet());
if (privilegesToRevoke.isEmpty()) {
return null;
}
metastoreClient.revokePrivileges(buildPrivilegeBag(databaseName, tableName, grantee, privilegesToRevoke));
}
return null;
}));
} catch (TException e) {
throw new PrestoException(HiveErrorCode.HIVE_METASTORE_ERROR, e);
} catch (Exception e) {
throw propagate(e);
}
}
use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.
the class SqlStandardAccessControlMetadata method revokeTablePrivileges.
@Override
public void revokeTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) {
String schemaName = schemaTableName.getSchemaName();
String tableName = schemaTableName.getTableName();
Set<HivePrivilegeInfo> hivePrivilegeInfos = privileges.stream().map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new HivePrincipal(USER, session.getUser()), new HivePrincipal(USER, session.getUser()))).collect(toSet());
metastore.revokeTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos);
}
use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.
the class SqlStandardAccessControlMetadata method grantTablePrivileges.
@Override
public void grantTablePrivileges(ConnectorSession session, SchemaTableName schemaTableName, Set<Privilege> privileges, HivePrincipal grantee, boolean grantOption) {
String schemaName = schemaTableName.getSchemaName();
String tableName = schemaTableName.getTableName();
Set<HivePrivilegeInfo> hivePrivilegeInfos = privileges.stream().map(privilege -> new HivePrivilegeInfo(toHivePrivilege(privilege), grantOption, new HivePrincipal(USER, session.getUser()), new HivePrincipal(USER, session.getUser()))).collect(toSet());
metastore.grantTablePrivileges(schemaName, tableName, grantee, hivePrivilegeInfos);
}
use of io.prestosql.plugin.hive.metastore.HivePrincipal in project hetu-core by openlookeng.
the class SqlStandardAccessControlMetadata method listTablePrivileges.
@Override
public List<GrantInfo> listTablePrivileges(ConnectorSession session, List<SchemaTableName> tableNames) {
Set<HivePrincipal> principals = listEnabledPrincipals(metastore, session.getIdentity()).collect(toImmutableSet());
boolean isAdminRoleSet = hasAdminRole(principals);
ImmutableList.Builder<GrantInfo> result = ImmutableList.builder();
for (SchemaTableName tableName : tableNames) {
if (isAdminRoleSet) {
result.addAll(buildGrants(tableName, null));
} else {
for (HivePrincipal grantee : principals) {
result.addAll(buildGrants(tableName, grantee));
}
}
}
return result.build();
}
Aggregations