use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.
the class HBaseStore method listPrincipalTableGrantsAll.
@Override
public List<HiveObjectPrivilege> listPrincipalTableGrantsAll(String principalName, PrincipalType principalType) {
List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
boolean commit = false;
openTransaction();
try {
List<Table> tables = getHBase().scanTables(null, null);
for (Table table : tables) {
List<PrivilegeGrantInfo> grants;
PrincipalPrivilegeSet pps = table.getPrivileges();
if (pps == null)
continue;
Map<String, List<PrivilegeGrantInfo>> map;
switch(principalType) {
case USER:
map = pps.getUserPrivileges();
break;
case ROLE:
map = pps.getRolePrivileges();
break;
default:
throw new RuntimeException("Unknown or unsupported principal type " + principalType.toString());
}
if (map == null)
continue;
grants = map.get(principalName);
if (grants == null || grants.size() == 0)
continue;
for (PrivilegeGrantInfo pgi : grants) {
privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, table.getDbName(), table.getTableName(), null, null), principalName, principalType, pgi));
}
}
commit = true;
return privileges;
} catch (IOException e) {
throw new RuntimeException(e);
} finally {
commitOrRoleBack(commit);
}
}
use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.
the class HBaseStore method revokePrivileges.
@Override
public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) throws InvalidObjectException, MetaException, NoSuchObjectException {
boolean commit = false;
openTransaction();
try {
for (HiveObjectPrivilege priv : privileges.getPrivileges()) {
PrivilegeInfo privilegeInfo = findPrivilegeToGrantOrRevoke(priv);
for (int i = 0; i < privilegeInfo.grants.size(); i++) {
if (privilegeInfo.grants.get(i).getPrivilege().equals(priv.getGrantInfo().getPrivilege())) {
if (grantOption)
privilegeInfo.grants.get(i).setGrantOption(false);
else
privilegeInfo.grants.remove(i);
break;
}
}
writeBackGrantOrRevoke(priv, privilegeInfo);
}
commit = true;
return true;
} finally {
commitOrRoleBack(commit);
}
}
use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.
the class HBaseStore method listAllTableGrants.
@Override
public List<HiveObjectPrivilege> listAllTableGrants(String principalName, PrincipalType principalType, String dbName, String tableName) {
List<PrivilegeGrantInfo> grants;
List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
boolean commit = false;
openTransaction();
try {
Table table = getHBase().getTable(dbName, tableName);
if (table == null)
return privileges;
PrincipalPrivilegeSet pps = table.getPrivileges();
if (pps == null)
return privileges;
Map<String, List<PrivilegeGrantInfo>> map;
switch(principalType) {
case USER:
map = pps.getUserPrivileges();
break;
case ROLE:
map = pps.getRolePrivileges();
break;
default:
throw new RuntimeException("Unknown or unsupported principal type " + principalType.toString());
}
if (map == null)
return privileges;
grants = map.get(principalName);
if (grants == null || grants.size() == 0)
return privileges;
for (PrivilegeGrantInfo pgi : grants) {
privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, tableName, null, null), principalName, principalType, pgi));
}
commit = true;
return privileges;
} catch (IOException e) {
throw new RuntimeException(e);
} finally {
commitOrRoleBack(commit);
}
}
use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.
the class HBaseStore method listGlobalGrantsAll.
@Override
public List<HiveObjectPrivilege> listGlobalGrantsAll() {
List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
boolean commit = false;
openTransaction();
try {
PrincipalPrivilegeSet pps = getHBase().getGlobalPrivs();
if (pps != null) {
for (Map.Entry<String, List<PrivilegeGrantInfo>> e : pps.getUserPrivileges().entrySet()) {
for (PrivilegeGrantInfo pgi : e.getValue()) {
privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null), e.getKey(), PrincipalType.USER, pgi));
}
}
for (Map.Entry<String, List<PrivilegeGrantInfo>> e : pps.getRolePrivileges().entrySet()) {
for (PrivilegeGrantInfo pgi : e.getValue()) {
privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null), e.getKey(), PrincipalType.ROLE, pgi));
}
}
}
commit = true;
return privileges;
} catch (IOException e) {
throw new RuntimeException(e);
} finally {
commitOrRoleBack(commit);
}
}
use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.
the class TestHBaseStoreIntegration method listDbGrants.
@Test
public void listDbGrants() throws Exception {
String[] dbNames = new String[] { "ldbg_db1", "ldbg_db2" };
try {
Database db = new Database(dbNames[0], "no description", "file:///tmp", emptyParameters);
store.createDatabase(db);
db = new Database(dbNames[1], "no description", "file:///tmp", emptyParameters);
store.createDatabase(db);
String[] roleNames = new String[] { "ldbg_role1", "ldbg_role2" };
String[] userNames = new String[] { "frodo", "sam" };
store.addRole(roleNames[0], "me");
store.addRole(roleNames[1], "me");
int now = (int) (System.currentTimeMillis() / 1000);
Role role1 = store.getRole(roleNames[0]);
Role role2 = store.getRole(roleNames[1]);
store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
HiveObjectRef hiveObjRef = new HiveObjectRef(HiveObjectType.DATABASE, dbNames[0], null, null, null);
PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
privileges.add(hop);
grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
privileges.add(hop);
PrivilegeBag pBag = new PrivilegeBag(privileges);
store.grantPrivileges(pBag);
List<HiveObjectPrivilege> hops = store.listPrincipalDBGrants(roleNames[0], PrincipalType.ROLE, dbNames[0]);
Assert.assertEquals(1, hops.size());
Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
hops = store.listPrincipalDBGrants(userNames[0], PrincipalType.USER, dbNames[0]);
Assert.assertEquals(1, hops.size());
Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
hops = store.listPrincipalDBGrants(roleNames[1], PrincipalType.ROLE, dbNames[0]);
Assert.assertEquals(0, hops.size());
hops = store.listPrincipalDBGrants(userNames[1], PrincipalType.USER, dbNames[0]);
Assert.assertEquals(0, hops.size());
hops = store.listPrincipalDBGrants(roleNames[0], PrincipalType.ROLE, dbNames[1]);
Assert.assertEquals(0, hops.size());
hops = store.listPrincipalDBGrants(userNames[0], PrincipalType.USER, dbNames[1]);
Assert.assertEquals(0, hops.size());
hops = store.listDBGrantsAll(dbNames[0]);
Assert.assertEquals(2, hops.size());
boolean sawUser = false, sawRole = false;
for (HiveObjectPrivilege h : hops) {
if (h.getPrincipalName().equals(userNames[0])) {
Assert.assertEquals(PrincipalType.USER, h.getPrincipalType());
Assert.assertEquals(HiveObjectType.DATABASE, h.getHiveObject().getObjectType());
Assert.assertEquals("read", h.getGrantInfo().getPrivilege());
sawUser = true;
} else if (h.getPrincipalName().equals(roleNames[0])) {
Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType());
Assert.assertEquals(HiveObjectType.DATABASE, h.getHiveObject().getObjectType());
Assert.assertEquals("write", h.getGrantInfo().getPrivilege());
sawRole = true;
}
}
Assert.assertTrue(sawUser && sawRole);
hops = store.listPrincipalDBGrantsAll(roleNames[0], PrincipalType.ROLE);
Assert.assertEquals(1, hops.size());
Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
hops = store.listPrincipalDBGrantsAll(userNames[0], PrincipalType.USER);
Assert.assertEquals(1, hops.size());
Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
hops = store.listPrincipalDBGrantsAll(roleNames[1], PrincipalType.ROLE);
Assert.assertEquals(0, hops.size());
hops = store.listPrincipalDBGrantsAll(userNames[1], PrincipalType.USER);
Assert.assertEquals(0, hops.size());
} finally {
store.dropDatabase(dbNames[0]);
store.dropDatabase(dbNames[1]);
}
}
Aggregations