Search in sources :

Example 1 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class HBaseStore method listPrincipalTableGrantsAll.

@Override
public List<HiveObjectPrivilege> listPrincipalTableGrantsAll(String principalName, PrincipalType principalType) {
    List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
    boolean commit = false;
    openTransaction();
    try {
        List<Table> tables = getHBase().scanTables(null, null);
        for (Table table : tables) {
            List<PrivilegeGrantInfo> grants;
            PrincipalPrivilegeSet pps = table.getPrivileges();
            if (pps == null)
                continue;
            Map<String, List<PrivilegeGrantInfo>> map;
            switch(principalType) {
                case USER:
                    map = pps.getUserPrivileges();
                    break;
                case ROLE:
                    map = pps.getRolePrivileges();
                    break;
                default:
                    throw new RuntimeException("Unknown or unsupported principal type " + principalType.toString());
            }
            if (map == null)
                continue;
            grants = map.get(principalName);
            if (grants == null || grants.size() == 0)
                continue;
            for (PrivilegeGrantInfo pgi : grants) {
                privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, table.getDbName(), table.getTableName(), null, null), principalName, principalType, pgi));
            }
        }
        commit = true;
        return privileges;
    } catch (IOException e) {
        throw new RuntimeException(e);
    } finally {
        commitOrRoleBack(commit);
    }
}
Also used : Table(org.apache.hadoop.hive.metastore.api.Table) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) IOException(java.io.IOException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) List(java.util.List) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList)

Example 2 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class HBaseStore method revokePrivileges.

@Override
public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) throws InvalidObjectException, MetaException, NoSuchObjectException {
    boolean commit = false;
    openTransaction();
    try {
        for (HiveObjectPrivilege priv : privileges.getPrivileges()) {
            PrivilegeInfo privilegeInfo = findPrivilegeToGrantOrRevoke(priv);
            for (int i = 0; i < privilegeInfo.grants.size(); i++) {
                if (privilegeInfo.grants.get(i).getPrivilege().equals(priv.getGrantInfo().getPrivilege())) {
                    if (grantOption)
                        privilegeInfo.grants.get(i).setGrantOption(false);
                    else
                        privilegeInfo.grants.remove(i);
                    break;
                }
            }
            writeBackGrantOrRevoke(priv, privilegeInfo);
        }
        commit = true;
        return true;
    } finally {
        commitOrRoleBack(commit);
    }
}
Also used : HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)

Example 3 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class HBaseStore method listAllTableGrants.

@Override
public List<HiveObjectPrivilege> listAllTableGrants(String principalName, PrincipalType principalType, String dbName, String tableName) {
    List<PrivilegeGrantInfo> grants;
    List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
    boolean commit = false;
    openTransaction();
    try {
        Table table = getHBase().getTable(dbName, tableName);
        if (table == null)
            return privileges;
        PrincipalPrivilegeSet pps = table.getPrivileges();
        if (pps == null)
            return privileges;
        Map<String, List<PrivilegeGrantInfo>> map;
        switch(principalType) {
            case USER:
                map = pps.getUserPrivileges();
                break;
            case ROLE:
                map = pps.getRolePrivileges();
                break;
            default:
                throw new RuntimeException("Unknown or unsupported principal type " + principalType.toString());
        }
        if (map == null)
            return privileges;
        grants = map.get(principalName);
        if (grants == null || grants.size() == 0)
            return privileges;
        for (PrivilegeGrantInfo pgi : grants) {
            privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbName, tableName, null, null), principalName, principalType, pgi));
        }
        commit = true;
        return privileges;
    } catch (IOException e) {
        throw new RuntimeException(e);
    } finally {
        commitOrRoleBack(commit);
    }
}
Also used : Table(org.apache.hadoop.hive.metastore.api.Table) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) IOException(java.io.IOException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) List(java.util.List) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList)

Example 4 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class HBaseStore method listGlobalGrantsAll.

@Override
public List<HiveObjectPrivilege> listGlobalGrantsAll() {
    List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
    boolean commit = false;
    openTransaction();
    try {
        PrincipalPrivilegeSet pps = getHBase().getGlobalPrivs();
        if (pps != null) {
            for (Map.Entry<String, List<PrivilegeGrantInfo>> e : pps.getUserPrivileges().entrySet()) {
                for (PrivilegeGrantInfo pgi : e.getValue()) {
                    privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null), e.getKey(), PrincipalType.USER, pgi));
                }
            }
            for (Map.Entry<String, List<PrivilegeGrantInfo>> e : pps.getRolePrivileges().entrySet()) {
                for (PrivilegeGrantInfo pgi : e.getValue()) {
                    privileges.add(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null), e.getKey(), PrincipalType.ROLE, pgi));
                }
            }
        }
        commit = true;
        return privileges;
    } catch (IOException e) {
        throw new RuntimeException(e);
    } finally {
        commitOrRoleBack(commit);
    }
}
Also used : PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) IOException(java.io.IOException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) List(java.util.List) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) Map(java.util.Map) HashMap(java.util.HashMap)

Example 5 with HiveObjectPrivilege

use of org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege in project hive by apache.

the class TestHBaseStoreIntegration method listDbGrants.

@Test
public void listDbGrants() throws Exception {
    String[] dbNames = new String[] { "ldbg_db1", "ldbg_db2" };
    try {
        Database db = new Database(dbNames[0], "no description", "file:///tmp", emptyParameters);
        store.createDatabase(db);
        db = new Database(dbNames[1], "no description", "file:///tmp", emptyParameters);
        store.createDatabase(db);
        String[] roleNames = new String[] { "ldbg_role1", "ldbg_role2" };
        String[] userNames = new String[] { "frodo", "sam" };
        store.addRole(roleNames[0], "me");
        store.addRole(roleNames[1], "me");
        int now = (int) (System.currentTimeMillis() / 1000);
        Role role1 = store.getRole(roleNames[0]);
        Role role2 = store.getRole(roleNames[1]);
        store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
        store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
        store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
        List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
        HiveObjectRef hiveObjRef = new HiveObjectRef(HiveObjectType.DATABASE, dbNames[0], null, null, null);
        PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
        HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
        privileges.add(hop);
        grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
        hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
        privileges.add(hop);
        PrivilegeBag pBag = new PrivilegeBag(privileges);
        store.grantPrivileges(pBag);
        List<HiveObjectPrivilege> hops = store.listPrincipalDBGrants(roleNames[0], PrincipalType.ROLE, dbNames[0]);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrants(userNames[0], PrincipalType.USER, dbNames[0]);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrants(roleNames[1], PrincipalType.ROLE, dbNames[0]);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrants(userNames[1], PrincipalType.USER, dbNames[0]);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrants(roleNames[0], PrincipalType.ROLE, dbNames[1]);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrants(userNames[0], PrincipalType.USER, dbNames[1]);
        Assert.assertEquals(0, hops.size());
        hops = store.listDBGrantsAll(dbNames[0]);
        Assert.assertEquals(2, hops.size());
        boolean sawUser = false, sawRole = false;
        for (HiveObjectPrivilege h : hops) {
            if (h.getPrincipalName().equals(userNames[0])) {
                Assert.assertEquals(PrincipalType.USER, h.getPrincipalType());
                Assert.assertEquals(HiveObjectType.DATABASE, h.getHiveObject().getObjectType());
                Assert.assertEquals("read", h.getGrantInfo().getPrivilege());
                sawUser = true;
            } else if (h.getPrincipalName().equals(roleNames[0])) {
                Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType());
                Assert.assertEquals(HiveObjectType.DATABASE, h.getHiveObject().getObjectType());
                Assert.assertEquals("write", h.getGrantInfo().getPrivilege());
                sawRole = true;
            }
        }
        Assert.assertTrue(sawUser && sawRole);
        hops = store.listPrincipalDBGrantsAll(roleNames[0], PrincipalType.ROLE);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrantsAll(userNames[0], PrincipalType.USER);
        Assert.assertEquals(1, hops.size());
        Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
        Assert.assertEquals(HiveObjectType.DATABASE, hops.get(0).getHiveObject().getObjectType());
        Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
        hops = store.listPrincipalDBGrantsAll(roleNames[1], PrincipalType.ROLE);
        Assert.assertEquals(0, hops.size());
        hops = store.listPrincipalDBGrantsAll(userNames[1], PrincipalType.USER);
        Assert.assertEquals(0, hops.size());
    } finally {
        store.dropDatabase(dbNames[0]);
        store.dropDatabase(dbNames[1]);
    }
}
Also used : Role(org.apache.hadoop.hive.metastore.api.Role) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) Database(org.apache.hadoop.hive.metastore.api.Database) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Aggregations

HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)53 ArrayList (java.util.ArrayList)38 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)38 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)37 List (java.util.List)15 PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)15 LinkedList (java.util.LinkedList)13 PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)11 Database (org.apache.hadoop.hive.metastore.api.Database)10 IOException (java.io.IOException)9 PrincipalPrivilegeSet (org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet)9 SQLCheckConstraint (org.apache.hadoop.hive.metastore.api.SQLCheckConstraint)9 SQLDefaultConstraint (org.apache.hadoop.hive.metastore.api.SQLDefaultConstraint)9 SQLNotNullConstraint (org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint)9 SQLUniqueConstraint (org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint)9 MConstraint (org.apache.hadoop.hive.metastore.model.MConstraint)9 Query (javax.jdo.Query)8 ScheduledQuery (org.apache.hadoop.hive.metastore.api.ScheduledQuery)8 Table (org.apache.hadoop.hive.metastore.api.Table)8 MScheduledQuery (org.apache.hadoop.hive.metastore.model.MScheduledQuery)8