use of io.trino.plugin.hive.metastore.HivePrivilegeInfo in project trino by trinodb.
the class FileHiveMetastore method listTablePrivileges.
@Override
public synchronized Set<HivePrivilegeInfo> listTablePrivileges(String databaseName, String tableName, Optional<String> tableOwner, Optional<HivePrincipal> principal) {
Table table = getRequiredTable(databaseName, tableName);
Path permissionsDirectory = getPermissionsDirectory(table);
if (principal.isEmpty()) {
Builder<HivePrivilegeInfo> privileges = ImmutableSet.<HivePrivilegeInfo>builder().addAll(readAllPermissions(permissionsDirectory));
tableOwner.ifPresent(owner -> privileges.add(new HivePrivilegeInfo(OWNERSHIP, true, new HivePrincipal(USER, owner), new HivePrincipal(USER, owner))));
return privileges.build();
}
ImmutableSet.Builder<HivePrivilegeInfo> result = ImmutableSet.builder();
if (principal.get().getType() == USER && table.getOwner().orElseThrow().equals(principal.get().getName())) {
result.add(new HivePrivilegeInfo(OWNERSHIP, true, principal.get(), principal.get()));
}
result.addAll(readPermissionsFile(getPermissionsPath(permissionsDirectory, principal.get())));
return result.build();
}
use of io.trino.plugin.hive.metastore.HivePrivilegeInfo in project trino by trinodb.
the class FileHiveMetastore method setTablePrivileges.
private synchronized void setTablePrivileges(HivePrincipal grantee, String databaseName, String tableName, Collection<HivePrivilegeInfo> privileges) {
requireNonNull(grantee, "grantee is null");
requireNonNull(databaseName, "databaseName is null");
requireNonNull(tableName, "tableName is null");
requireNonNull(privileges, "privileges is null");
try {
Table table = getRequiredTable(databaseName, tableName);
Path permissionsDirectory = getPermissionsDirectory(table);
boolean created = metadataFileSystem.mkdirs(permissionsDirectory);
if (!created && !metadataFileSystem.isDirectory(permissionsDirectory)) {
throw new TrinoException(HIVE_METASTORE_ERROR, "Could not create permissions directory");
}
Path permissionFilePath = getPermissionsPath(permissionsDirectory, grantee);
List<PermissionMetadata> permissions = privileges.stream().map(hivePrivilegeInfo -> new PermissionMetadata(hivePrivilegeInfo.getHivePrivilege(), hivePrivilegeInfo.isGrantOption(), grantee)).collect(toList());
writeFile("permissions", permissionFilePath, permissionsCodec, permissions, true);
} catch (IOException e) {
throw new TrinoException(HIVE_METASTORE_ERROR, e);
}
}
use of io.trino.plugin.hive.metastore.HivePrivilegeInfo in project trino by trinodb.
the class ThriftMetastoreUtil method parsePrivilege.
public static Set<HivePrivilegeInfo> parsePrivilege(PrivilegeGrantInfo userGrant, Optional<HivePrincipal> grantee) {
boolean grantOption = userGrant.isGrantOption();
String name = userGrant.getPrivilege().toUpperCase(ENGLISH);
HivePrincipal grantor = new HivePrincipal(fromMetastoreApiPrincipalType(userGrant.getGrantorType()), userGrant.getGrantor());
switch(name) {
case "ALL":
return Arrays.stream(HivePrivilegeInfo.HivePrivilege.values()).map(hivePrivilege -> new HivePrivilegeInfo(hivePrivilege, grantOption, grantor, grantee.orElse(grantor))).collect(toImmutableSet());
case "SELECT":
return ImmutableSet.of(new HivePrivilegeInfo(SELECT, grantOption, grantor, grantee.orElse(grantor)));
case "INSERT":
return ImmutableSet.of(new HivePrivilegeInfo(INSERT, grantOption, grantor, grantee.orElse(grantor)));
case "UPDATE":
return ImmutableSet.of(new HivePrivilegeInfo(UPDATE, grantOption, grantor, grantee.orElse(grantor)));
case "DELETE":
return ImmutableSet.of(new HivePrivilegeInfo(DELETE, grantOption, grantor, grantee.orElse(grantor)));
case "OWNERSHIP":
return ImmutableSet.of(new HivePrivilegeInfo(OWNERSHIP, grantOption, grantor, grantee.orElse(grantor)));
default:
throw new IllegalArgumentException("Unsupported privilege name: " + name);
}
}
use of io.trino.plugin.hive.metastore.HivePrivilegeInfo in project trino by trinodb.
the class ThriftHiveMetastore method grantTablePrivileges.
@Override
public void grantTablePrivileges(String databaseName, String tableName, String tableOwner, HivePrincipal grantee, HivePrincipal grantor, Set<HivePrivilege> privileges, boolean grantOption) {
Set<PrivilegeGrantInfo> requestedPrivileges = privileges.stream().map(privilege -> new HivePrivilegeInfo(privilege, grantOption, grantor, grantee)).map(ThriftMetastoreUtil::toMetastoreApiPrivilegeGrantInfo).collect(toImmutableSet());
checkArgument(!containsAllPrivilege(requestedPrivileges), "\"ALL\" not supported in PrivilegeGrantInfo.privilege");
try {
retry().stopOnIllegalExceptions().run("grantTablePrivileges", stats.getGrantTablePrivileges().wrap(() -> {
try (ThriftMetastoreClient metastoreClient = createMetastoreClient()) {
Set<HivePrivilegeInfo> existingPrivileges = listTablePrivileges(databaseName, tableName, Optional.of(tableOwner), Optional.of(grantee));
Set<PrivilegeGrantInfo> privilegesToGrant = new HashSet<>(requestedPrivileges);
Iterator<PrivilegeGrantInfo> iterator = privilegesToGrant.iterator();
while (iterator.hasNext()) {
HivePrivilegeInfo requestedPrivilege = getOnlyElement(parsePrivilege(iterator.next(), Optional.empty()));
for (HivePrivilegeInfo existingPrivilege : existingPrivileges) {
if ((requestedPrivilege.isContainedIn(existingPrivilege))) {
iterator.remove();
} else if (existingPrivilege.isContainedIn(requestedPrivilege)) {
throw new TrinoException(NOT_SUPPORTED, format("Granting %s WITH GRANT OPTION is not supported while %s possesses %s", requestedPrivilege.getHivePrivilege().name(), grantee, requestedPrivilege.getHivePrivilege().name()));
}
}
}
if (privilegesToGrant.isEmpty()) {
return null;
}
metastoreClient.grantPrivileges(buildPrivilegeBag(databaseName, tableName, grantee, privilegesToGrant));
}
return null;
}));
} catch (TException e) {
throw new TrinoException(HIVE_METASTORE_ERROR, e);
} catch (Exception e) {
throw propagate(e);
}
}
use of io.trino.plugin.hive.metastore.HivePrivilegeInfo in project trino by trinodb.
the class ThriftHiveMetastore method revokeTablePrivileges.
@Override
public void revokeTablePrivileges(String databaseName, String tableName, String tableOwner, HivePrincipal grantee, HivePrincipal grantor, Set<HivePrivilege> privileges, boolean grantOption) {
Set<PrivilegeGrantInfo> requestedPrivileges = privileges.stream().map(privilege -> new HivePrivilegeInfo(privilege, grantOption, grantor, grantee)).map(ThriftMetastoreUtil::toMetastoreApiPrivilegeGrantInfo).collect(toImmutableSet());
checkArgument(!containsAllPrivilege(requestedPrivileges), "\"ALL\" not supported in PrivilegeGrantInfo.privilege");
try {
retry().stopOnIllegalExceptions().run("revokeTablePrivileges", stats.getRevokeTablePrivileges().wrap(() -> {
try (ThriftMetastoreClient metastoreClient = createMetastoreClient()) {
Set<HivePrivilege> existingHivePrivileges = listTablePrivileges(databaseName, tableName, Optional.of(tableOwner), Optional.of(grantee)).stream().map(HivePrivilegeInfo::getHivePrivilege).collect(toImmutableSet());
Set<PrivilegeGrantInfo> privilegesToRevoke = requestedPrivileges.stream().filter(privilegeGrantInfo -> existingHivePrivileges.contains(getOnlyElement(parsePrivilege(privilegeGrantInfo, Optional.empty())).getHivePrivilege())).collect(toImmutableSet());
if (privilegesToRevoke.isEmpty()) {
return null;
}
metastoreClient.revokePrivileges(buildPrivilegeBag(databaseName, tableName, grantee, privilegesToRevoke), grantOption);
}
return null;
}));
} catch (TException e) {
throw new TrinoException(HIVE_METASTORE_ERROR, e);
} catch (Exception e) {
throw propagate(e);
}
}
Aggregations