Examples with HivePrincipal - io.trino.plugin.hive.metastore.HivePrincipal

Example 16 with HivePrincipal

use of io.trino.plugin.hive.metastore.HivePrincipal in project trino by trinodb.

the class SqlStandardAccessControlMetadata method listTablePrivileges.

@Override
public List<GrantInfo> listTablePrivileges(ConnectorSession session, List<SchemaTableName> tableNames) {
    Set<HivePrincipal> principals = ThriftMetastoreUtil.listEnabledPrincipals(session.getIdentity(), metastore::listRoleGrants).collect(toImmutableSet());
    boolean isAdminRoleSet = hasAdminRole(principals);
    ImmutableList.Builder<GrantInfo> result = ImmutableList.builder();
    for (SchemaTableName tableName : tableNames) {
        try {
            result.addAll(buildGrants(principals, isAdminRoleSet, tableName));
        } catch (TableNotFoundException e) {
        // table disappeared during listing operation
        } catch (HiveViewNotSupportedException e) {
        // table is an unsupported hive view but shouldn't fail listTablePrivileges.
        }
    }
    return result.build();
}

Also used : TableNotFoundException(io.trino.spi.connector.TableNotFoundException) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) ImmutableList(com.google.common.collect.ImmutableList) GrantInfo(io.trino.spi.security.GrantInfo) SchemaTableName(io.trino.spi.connector.SchemaTableName) HiveViewNotSupportedException(io.trino.plugin.hive.HiveViewNotSupportedException)

Example 17 with HivePrincipal

use of io.trino.plugin.hive.metastore.HivePrincipal in project trino by trinodb.

the class FileHiveMetastore method replaceTable.

@Override
public synchronized void replaceTable(String databaseName, String tableName, Table newTable, PrincipalPrivileges principalPrivileges) {
    Table table = getRequiredTable(databaseName, tableName);
    if (!table.getDatabaseName().equals(databaseName) || !table.getTableName().equals(tableName)) {
        throw new TrinoException(HIVE_METASTORE_ERROR, "Replacement table must have same name");
    }
    Path tableMetadataDirectory = getTableMetadataDirectory(table);
    writeSchemaFile(TABLE, tableMetadataDirectory, tableCodec, new TableMetadata(currentVersion, newTable), true);
    // replace existing permissions
    deleteTablePrivileges(table);
    for (Entry<String, Collection<HivePrivilegeInfo>> entry : principalPrivileges.getUserPrivileges().asMap().entrySet()) {
        setTablePrivileges(new HivePrincipal(USER, entry.getKey()), table.getDatabaseName(), table.getTableName(), entry.getValue());
    }
    for (Entry<String, Collection<HivePrivilegeInfo>> entry : principalPrivileges.getRolePrivileges().asMap().entrySet()) {
        setTablePrivileges(new HivePrincipal(ROLE, entry.getKey()), table.getDatabaseName(), table.getTableName(), entry.getValue());
    }
}

Also used : Path(org.apache.hadoop.fs.Path) Table(io.trino.plugin.hive.metastore.Table) HiveUtil.isIcebergTable(io.trino.plugin.hive.util.HiveUtil.isIcebergTable) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal) TrinoException(io.trino.spi.TrinoException) Collection(java.util.Collection)

Example 18 with HivePrincipal

use of io.trino.plugin.hive.metastore.HivePrincipal in project trino by trinodb.

the class FileHiveMetastore method removeNonExistingRoles.

private static Set<RoleGrant> removeNonExistingRoles(Set<RoleGrant> grants, Set<String> existingRoles) {
    ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
    for (RoleGrant grant : grants) {
        if (!existingRoles.contains(grant.getRoleName())) {
            continue;
        }
        HivePrincipal grantee = HivePrincipal.from(grant.getGrantee());
        if (grantee.getType() == ROLE && !existingRoles.contains(grantee.getName())) {
            continue;
        }
        result.add(grant);
    }
    return result.build();
}

Also used : RoleGrant(io.trino.spi.security.RoleGrant) ImmutableSet.toImmutableSet(com.google.common.collect.ImmutableSet.toImmutableSet) ImmutableSet(com.google.common.collect.ImmutableSet) HivePrincipal(io.trino.plugin.hive.metastore.HivePrincipal)

Aggregations

HivePrincipal (io.trino.plugin.hive.metastore.HivePrincipal)18 RoleGrant (io.trino.spi.security.RoleGrant)9 ImmutableSet (com.google.common.collect.ImmutableSet)7 ImmutableSet.toImmutableSet (com.google.common.collect.ImmutableSet.toImmutableSet)7 HivePrivilegeInfo (io.trino.plugin.hive.metastore.HivePrivilegeInfo)7 TrinoException (io.trino.spi.TrinoException)6 Database (io.trino.plugin.hive.metastore.Database)4 OWNERSHIP (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.OWNERSHIP)4 Table (io.trino.plugin.hive.metastore.Table)4 SchemaTableName (io.trino.spi.connector.SchemaTableName)4 HashSet (java.util.HashSet)4 HivePrivilege (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege)3 DELETE (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.DELETE)3 INSERT (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.INSERT)3 SELECT (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.SELECT)3 UPDATE (io.trino.plugin.hive.metastore.HivePrivilegeInfo.HivePrivilege.UPDATE)3 HiveUtil.isIcebergTable (io.trino.plugin.hive.util.HiveUtil.isIcebergTable)3 NOT_SUPPORTED (io.trino.spi.StandardErrorCode.NOT_SUPPORTED)3 ConnectorIdentity (io.trino.spi.security.ConnectorIdentity)3 ROLE (io.trino.spi.security.PrincipalType.ROLE)3