Example 31 with HiveObjectRef
use of org.apache.hadoop.hive.metastore.api.HiveObjectRef in project hive by apache.
the class ObjectStore method listPrincipalPartitionColumnGrants.
@Override
public List<HiveObjectPrivilege> listPrincipalPartitionColumnGrants(String principalName, PrincipalType principalType, String dbName, String tableName, List<String> partValues, String partitionName, String columnName) {
List<MPartitionColumnPrivilege> mPartitionCols = listPrincipalMPartitionColumnGrants(principalName, principalType, dbName, tableName, partitionName, columnName);
if (mPartitionCols.isEmpty()) {
return Collections.emptyList();
}
List<HiveObjectPrivilege> result = new ArrayList<HiveObjectPrivilege>();
for (int i = 0; i < mPartitionCols.size(); i++) {
MPartitionColumnPrivilege sCol = mPartitionCols.get(i);
HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.COLUMN, dbName, tableName, partValues, sCol.getColumnName());
HiveObjectPrivilege secObj = new HiveObjectPrivilege(objectRef, sCol.getPrincipalName(), principalType, new PrivilegeGrantInfo(sCol.getPrivilege(), sCol.getCreateTime(), sCol.getGrantor(), PrincipalType.valueOf(sCol.getGrantorType()), sCol.getGrantOption()));
result.add(secObj);
}
return result;
}
Also used :
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
ArrayList(java.util.ArrayList)
MPartitionColumnPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege)
MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint)
Example 32 with HiveObjectRef
use of org.apache.hadoop.hive.metastore.api.HiveObjectRef in project hive by apache.
the class ObjectStore method convertTableCols.
private List<HiveObjectPrivilege> convertTableCols(List<MTableColumnPrivilege> privs) {
List<HiveObjectPrivilege> result = new ArrayList<HiveObjectPrivilege>();
for (MTableColumnPrivilege priv : privs) {
String pname = priv.getPrincipalName();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
MTable mtable = priv.getTable();
MDatabase mdatabase = mtable.getDatabase();
HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.COLUMN, mdatabase.getName(), mtable.getTableName(), null, priv.getColumnName());
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor));
}
return result;
}
Also used :
MDatabase(org.apache.hadoop.hive.metastore.model.MDatabase)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
MTable(org.apache.hadoop.hive.metastore.model.MTable)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
ArrayList(java.util.ArrayList)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
MTableColumnPrivilege(org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege)
Example 33 with HiveObjectRef
use of org.apache.hadoop.hive.metastore.api.HiveObjectRef in project hive by apache.
the class HiveV1Authorizer method toPrivilegeBag.
private PrivilegeBag toPrivilegeBag(List<HivePrivilege> privileges, HivePrivilegeObject privObject, HivePrincipal grantor, boolean grantOption) throws HiveException {
PrivilegeBag privBag = new PrivilegeBag();
if (privileges.isEmpty()) {
return privBag;
}
String grantorName = grantor.getName();
PrincipalType grantorType = AuthorizationUtils.getThriftPrincipalType(grantor.getType());
if (privObject.getType() == null || privObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.GLOBAL) {
for (HivePrivilege priv : privileges) {
List<String> columns = priv.getColumns();
if (columns != null && !columns.isEmpty()) {
throw new HiveException("For user-level privileges, column sets should be null. columns=" + columns.toString());
}
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantor.getName(), grantorType, grantOption)));
}
return privBag;
}
if (privObject.getPartKeys() != null && grantOption) {
throw new HiveException("Grant does not support partition level.");
}
Hive hive = Hive.getWithFastCheck(this.conf);
Database dbObj = hive.getDatabase(privObject.getDbname());
if (dbObj == null) {
throw new HiveException("Database " + privObject.getDbname() + " does not exists");
}
Table tableObj = null;
if (privObject.getObjectName() != null) {
tableObj = hive.getTable(dbObj.getName(), privObject.getObjectName());
}
List<String> partValues = null;
if (tableObj != null) {
if ((!tableObj.isPartitioned()) && privObject.getPartKeys() != null) {
throw new HiveException("Table is not partitioned, but partition name is present: partSpec=" + privObject.getPartKeys());
}
if (privObject.getPartKeys() != null) {
Map<String, String> partSpec = Warehouse.makeSpecFromValues(tableObj.getPartitionKeys(), privObject.getPartKeys());
Partition partObj = hive.getPartition(tableObj, partSpec, false).getTPartition();
partValues = partObj.getValues();
}
}
for (HivePrivilege priv : privileges) {
List<String> columns = priv.getColumns();
if (columns != null && !columns.isEmpty()) {
if (!priv.supportsScope(PrivilegeScope.COLUMN_LEVEL_SCOPE)) {
throw new HiveException(priv.getName() + " does not support column level privilege.");
}
if (tableObj == null) {
throw new HiveException("For user-level/database-level privileges, column sets should be null. columns=" + columns);
}
for (int i = 0; i < columns.size(); i++) {
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, dbObj.getName(), tableObj.getTableName(), partValues, columns.get(i)), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
}
} else if (tableObj == null) {
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbObj.getName(), null, null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
} else if (partValues == null) {
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbObj.getName(), tableObj.getTableName(), null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
} else {
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.PARTITION, dbObj.getName(), tableObj.getTableName(), partValues, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
}
}
return privBag;
}
Also used :
PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag)
Partition(org.apache.hadoop.hive.metastore.api.Partition)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
Table(org.apache.hadoop.hive.ql.metadata.Table)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
Hive(org.apache.hadoop.hive.ql.metadata.Hive)
Database(org.apache.hadoop.hive.metastore.api.Database)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
Example 34 with HiveObjectRef
use of org.apache.hadoop.hive.metastore.api.HiveObjectRef in project hive by apache.
the class SQLAuthorizationUtils method getThriftPrivilegesBag.
/**
* Create thrift privileges bag
*
* @param hivePrincipals
* @param hivePrivileges
* @param hivePrivObject
* @param grantorPrincipal
* @param grantOption
* @return
* @throws HiveAuthzPluginException
*/
static PrivilegeBag getThriftPrivilegesBag(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException {
HiveObjectRef privObj = getThriftHiveObjectRef(hivePrivObject);
PrivilegeBag privBag = new PrivilegeBag();
for (HivePrivilege privilege : hivePrivileges) {
if (privilege.getColumns() != null && privilege.getColumns().size() > 0) {
throw new HiveAuthzPluginException("Privileges on columns not supported currently" + " in sql standard authorization mode");
}
if (!SUPPORTED_PRIVS_SET.contains(privilege.getName().toUpperCase(Locale.US))) {
throw new HiveAuthzPluginException("Privilege: " + privilege.getName() + " is not supported in sql standard authorization mode");
}
PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege, grantorPrincipal, grantOption, 0);
for (HivePrincipal principal : hivePrincipals) {
HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), grantInfo);
privBag.addToPrivileges(objPriv);
}
}
return privBag;
}
Also used :
PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)
HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
Aggregations
HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)34
HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)31
ArrayList (java.util.ArrayList)29
PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)29
List (java.util.List)11
LinkedList (java.util.LinkedList)10
PrincipalPrivilegeSet (org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet)10
PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)10
IOException (java.io.IOException)8
Database (org.apache.hadoop.hive.metastore.api.Database)7
PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)7
MConstraint (org.apache.hadoop.hive.metastore.model.MConstraint)7
Table (org.apache.hadoop.hive.metastore.api.Table)6
Test (org.junit.Test)6
Role (org.apache.hadoop.hive.metastore.api.Role)5
MDatabase (org.apache.hadoop.hive.metastore.model.MDatabase)5
MTable (org.apache.hadoop.hive.metastore.model.MTable)5
MDBPrivilege (org.apache.hadoop.hive.metastore.model.MDBPrivilege)4
MGlobalPrivilege (org.apache.hadoop.hive.metastore.model.MGlobalPrivilege)4
MPartitionColumnPrivilege (org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege)4
