Examples with MetaException org.apache.hadoop.hive.metastore.api.MetaException used on opensource projects

Example 46 with MetaException

use of org.apache.hadoop.hive.metastore.api.MetaException in project hive by apache.

the class HCatClientHMSImpl method getPartitions.

@Override
public List<HCatPartition> getPartitions(String dbName, String tblName) throws HCatException {
    List<HCatPartition> hcatPtns = new ArrayList<HCatPartition>();
    try {
        HCatTable hcatTable = getTable(dbName, tblName);
        List<Partition> hivePtns = hmsClient.listPartitions(checkDB(dbName), tblName, (short) -1);
        for (Partition ptn : hivePtns) {
            hcatPtns.add(new HCatPartition(hcatTable, ptn));
        }
    } catch (NoSuchObjectException e) {
        throw new ObjectNotFoundException("NoSuchObjectException while retrieving partition.", e);
    } catch (MetaException e) {
        throw new HCatException("MetaException while retrieving partition.", e);
    } catch (TException e) {
        throw new ConnectionFailureException("TException while retrieving partition.", e);
    }
    return hcatPtns;
}

Example 47 with MetaException

use of org.apache.hadoop.hive.metastore.api.MetaException in project hive by apache.

the class TestMetastoreAuthorizationProvider method testSimplePrivileges.

public void testSimplePrivileges() throws Exception {
    if (!isTestEnabled()) {
        System.out.println("Skipping test " + this.getClass().getName());
        return;
    }
    String dbName = getTestDbName();
    String tblName = getTestTableName();
    String userName = setupUser();
    allowCreateDatabase(userName);
    CommandProcessorResponse ret = driver.run("create database " + dbName);
    assertEquals(0, ret.getResponseCode());
    Database db = msc.getDatabase(dbName);
    String dbLocn = db.getLocationUri();
    validateCreateDb(db, dbName);
    disallowCreateInDb(dbName, userName, dbLocn);
    disallowCreateDatabase(userName);
    driver.run("use " + dbName);
    ret = driver.run(String.format("create table %s (a string) partitioned by (b string)", tblName));
    assertEquals(1, ret.getResponseCode());
    // Even if table location is specified table creation should fail
    String tblNameLoc = tblName + "_loc";
    String tblLocation = new Path(dbLocn).getParent().toUri() + "/" + tblNameLoc;
    driver.run("use " + dbName);
    ret = driver.run(String.format("create table %s (a string) partitioned by (b string) location '" + tblLocation + "'", tblNameLoc));
    assertEquals(1, ret.getResponseCode());
    // failure from not having permissions to create table
    ArrayList<FieldSchema> fields = new ArrayList<FieldSchema>(2);
    fields.add(new FieldSchema("a", serdeConstants.STRING_TYPE_NAME, ""));
    Table ttbl = new Table();
    ttbl.setDbName(dbName);
    ttbl.setTableName(tblName);
    StorageDescriptor sd = new StorageDescriptor();
    ttbl.setSd(sd);
    sd.setCols(fields);
    sd.setParameters(new HashMap<String, String>());
    sd.getParameters().put("test_param_1", "Use this for comments etc");
    sd.setSerdeInfo(new SerDeInfo());
    sd.getSerdeInfo().setName(ttbl.getTableName());
    sd.getSerdeInfo().setParameters(new HashMap<String, String>());
    sd.getSerdeInfo().getParameters().put(org.apache.hadoop.hive.serde.serdeConstants.SERIALIZATION_FORMAT, "1");
    sd.getSerdeInfo().setSerializationLib(org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe.class.getName());
    sd.setInputFormat(HiveInputFormat.class.getName());
    sd.setOutputFormat(HiveOutputFormat.class.getName());
    ttbl.setPartitionKeys(new ArrayList<FieldSchema>());
    MetaException me = null;
    try {
        msc.createTable(ttbl);
    } catch (MetaException e) {
        me = e;
    }
    assertNoPrivileges(me);
    allowCreateInDb(dbName, userName, dbLocn);
    driver.run("use " + dbName);
    ret = driver.run(String.format("create table %s (a string) partitioned by (b string)", tblName));
    // now it succeeds.
    assertEquals(0, ret.getResponseCode());
    Table tbl = msc.getTable(dbName, tblName);
    validateCreateTable(tbl, tblName, dbName);
    // Table creation should succeed even if location is specified
    driver.run("use " + dbName);
    ret = driver.run(String.format("create table %s (a string) partitioned by (b string) location '" + tblLocation + "'", tblNameLoc));
    assertEquals(0, ret.getResponseCode());
    Table tblLoc = msc.getTable(dbName, tblNameLoc);
    validateCreateTable(tblLoc, tblNameLoc, dbName);
    String fakeUser = "mal";
    List<String> fakeGroupNames = new ArrayList<String>();
    fakeGroupNames.add("groupygroup");
    InjectableDummyAuthenticator.injectUserName(fakeUser);
    InjectableDummyAuthenticator.injectGroupNames(fakeGroupNames);
    InjectableDummyAuthenticator.injectMode(true);
    ret = driver.run(String.format("create table %s (a string) partitioned by (b string)", tblName + "mal"));
    assertEquals(1, ret.getResponseCode());
    ttbl.setTableName(tblName + "mal");
    me = null;
    try {
        msc.createTable(ttbl);
    } catch (MetaException e) {
        me = e;
    }
    assertNoPrivileges(me);
    disallowCreateInTbl(tbl.getTableName(), userName, tbl.getSd().getLocation());
    ret = driver.run("alter table " + tblName + " add partition (b='2011')");
    assertEquals(1, ret.getResponseCode());
    List<String> ptnVals = new ArrayList<String>();
    ptnVals.add("b=2011");
    Partition tpart = new Partition();
    tpart.setDbName(dbName);
    tpart.setTableName(tblName);
    tpart.setValues(ptnVals);
    tpart.setParameters(new HashMap<String, String>());
    tpart.setSd(tbl.getSd().deepCopy());
    tpart.getSd().setSerdeInfo(tbl.getSd().getSerdeInfo().deepCopy());
    tpart.getSd().setLocation(tbl.getSd().getLocation() + "/tpart");
    me = null;
    try {
        msc.add_partition(tpart);
    } catch (MetaException e) {
        me = e;
    }
    assertNoPrivileges(me);
    InjectableDummyAuthenticator.injectMode(false);
    allowCreateInTbl(tbl.getTableName(), userName, tbl.getSd().getLocation());
    ret = driver.run("alter table " + tblName + " add partition (b='2011')");
    assertEquals(0, ret.getResponseCode());
    allowDropOnTable(tblName, userName, tbl.getSd().getLocation());
    allowDropOnDb(dbName, userName, db.getLocationUri());
    ret = driver.run("drop database if exists " + getTestDbName() + " cascade");
    assertEquals(0, ret.getResponseCode());
    InjectableDummyAuthenticator.injectUserName(userName);
    InjectableDummyAuthenticator.injectGroupNames(Arrays.asList(ugi.getGroupNames()));
    InjectableDummyAuthenticator.injectMode(true);
    allowCreateDatabase(userName);
    driver.run("create database " + dbName);
    allowCreateInDb(dbName, userName, dbLocn);
    tbl.setTableType("EXTERNAL_TABLE");
    msc.createTable(tbl);
    disallowDropOnTable(tblName, userName, tbl.getSd().getLocation());
    ret = driver.run("drop table " + tbl.getTableName());
    assertEquals(1, ret.getResponseCode());
}

Example 48 with MetaException

use of org.apache.hadoop.hive.metastore.api.MetaException in project hive by apache.

the class SQLStdHiveAccessController method grantRole.

@Override
public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException {
    if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) {
        throw new HiveAccessControlException("Current user : " + currentUserName + " is not" + " allowed to grant role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG);
    }
    for (HivePrincipal hivePrincipal : hivePrincipals) {
        for (String roleName : roleNames) {
            try {
                IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
                mClient.grant_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantorPrinc.getName(), AuthorizationUtils.getThriftPrincipalType(grantorPrinc.getType()), grantOption);
            } catch (MetaException e) {
                throw SQLAuthorizationUtils.getPluginException("Error granting role", e);
            } catch (Exception e) {
                String msg = "Error granting roles for " + hivePrincipal.getName() + " to role " + roleName;
                throw SQLAuthorizationUtils.getPluginException(msg, e);
            }
        }
    }
}

Example 49 with MetaException

use of org.apache.hadoop.hive.metastore.api.MetaException in project hive by apache.

the class StorageBasedAuthorizationProvider method authorize.

@Override
public void authorize(Table table, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException {
    try {
        initWh();
    } catch (MetaException ex) {
        throw hiveException(ex);
    }
    // extract any drop privileges out of required privileges
    DropPrivilegeExtractor privExtractor = new DropPrivilegeExtractor(readRequiredPriv, writeRequiredPriv);
    readRequiredPriv = privExtractor.getReadReqPriv();
    writeRequiredPriv = privExtractor.getWriteReqPriv();
    // the database directory
    if (privExtractor.hasDropPrivilege || requireCreatePrivilege(readRequiredPriv) || requireCreatePrivilege(writeRequiredPriv)) {
        authorize(hive_db.getDatabase(table.getDbName()), new Privilege[] {}, new Privilege[] { Privilege.ALTER_DATA });
    }
    Path path = table.getDataLocation();
    // set to true
    if (privExtractor.hasDropPrivilege() && (table.getTableType() != TableType.EXTERNAL_TABLE || getConf().getBoolean(HiveConf.ConfVars.METASTORE_AUTHORIZATION_EXTERNALTABLE_DROP_CHECK.varname, HiveConf.ConfVars.METASTORE_AUTHORIZATION_EXTERNALTABLE_DROP_CHECK.defaultBoolVal))) {
        checkDeletePermission(path, getConf(), authenticator.getUserName());
    }
    // has the permissions on the table dir
    if (path != null) {
        authorize(path, readRequiredPriv, writeRequiredPriv);
    }
}

Example 50 with MetaException

use of org.apache.hadoop.hive.metastore.api.MetaException in project hive by apache.

the class StorageBasedAuthorizationProvider method authorize.

@Override
public void authorize(Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv) throws HiveException, AuthorizationException {
    // Currently not used in hive code-base, but intended to authorize actions
    // that are directly user-level. As there's no storage based aspect to this,
    // we can follow one of two routes:
    // a) We can allow by default - that way, this call stays out of the way
    // b) We can deny by default - that way, no privileges are authorized that
    // is not understood and explicitly allowed.
    // Both approaches have merit, but given that things like grants and revokes
    // that are user-level do not make sense from the context of storage-permission
    // based auth, denying seems to be more canonical here.
    // Update to previous comment: there does seem to be one place that uses this
    // and that is to authorize "show databases" in hcat commandline, which is used
    // by webhcat. And user-level auth seems to be a reasonable default in this case.
    // The now deprecated HdfsAuthorizationProvider in hcatalog approached this in
    // another way, and that was to see if the user had said above appropriate requested
    // privileges for the hive root warehouse directory. That seems to be the best
    // mapping for user level privileges to storage. Using that strategy here.
    Path root = null;
    try {
        initWh();
        root = wh.getWhRoot();
        authorize(root, readRequiredPriv, writeRequiredPriv);
    } catch (MetaException ex) {
        throw hiveException(ex);
    }
}