Examples with PrincipalPrivilegeSet org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet used on opensource projects

Search in sources :

Example 11 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project presto by prestodb.

the class InMemoryHiveMetastore method createTable.

@Override
public synchronized void createTable(Table table) {
    TableType tableType = TableType.valueOf(table.getTableType());
    checkArgument(EnumSet.of(MANAGED_TABLE, EXTERNAL_TABLE, VIRTUAL_VIEW).contains(tableType), "Invalid table type: %s", tableType);
    if (tableType == VIRTUAL_VIEW) {
        checkArgument(table.getSd().getLocation() == null, "Storage location for view must be null");
    } else {
        File directory = new File(new Path(table.getSd().getLocation()).toUri());
        checkArgument(directory.exists(), "Table directory does not exist");
        if (tableType == MANAGED_TABLE) {
            checkArgument(isParentDir(directory, baseDirectory), "Table directory must be inside of the metastore base directory");
        }
    }
    SchemaTableName schemaTableName = new SchemaTableName(table.getDbName(), table.getTableName());
    Table tableCopy = table.deepCopy();
    if (relations.putIfAbsent(schemaTableName, tableCopy) != null) {
        throw new TableAlreadyExistsException(schemaTableName);
    }
    if (tableType == VIRTUAL_VIEW) {
        views.put(schemaTableName, tableCopy);
    }
    PrincipalPrivilegeSet privileges = table.getPrivileges();
    if (privileges != null) {
        for (Entry<String, List<PrivilegeGrantInfo>> entry : privileges.getUserPrivileges().entrySet()) {
            String user = entry.getKey();
            Set<HivePrivilegeInfo> userPrivileges = entry.getValue().stream().map(HivePrivilegeInfo::parsePrivilege).flatMap(Collection::stream).collect(toImmutableSet());
            setTablePrivileges(user, USER, table.getDbName(), table.getTableName(), userPrivileges);
        }
        for (Entry<String, List<PrivilegeGrantInfo>> entry : privileges.getRolePrivileges().entrySet()) {
            String role = entry.getKey();
            Set<HivePrivilegeInfo> rolePrivileges = entry.getValue().stream().map(HivePrivilegeInfo::parsePrivilege).flatMap(Collection::stream).collect(toImmutableSet());
            setTablePrivileges(role, ROLE, table.getDbName(), table.getTableName(), rolePrivileges);
        }
    }
}
Also used : Path(org.apache.hadoop.fs.Path) TableAlreadyExistsException(com.facebook.presto.hive.TableAlreadyExistsException) TableType(org.apache.hadoop.hive.metastore.TableType) Table(org.apache.hadoop.hive.metastore.api.Table) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) Collectors.toList(java.util.stream.Collectors.toList) File(java.io.File) SchemaTableName(com.facebook.presto.spi.SchemaTableName)

Example 12 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class TestHBaseStoreIntegration method doGrantRevoke.

private void doGrantRevoke(HiveObjectType objectType, String dbName, String tableName, String[] roleNames, String[] userNames) throws Exception {
    store.addRole(roleNames[0], "me");
    store.addRole(roleNames[1], "me");
    int now = (int) (System.currentTimeMillis() / 1000);
    Role role1 = store.getRole(roleNames[0]);
    Role role2 = store.getRole(roleNames[1]);
    store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
    store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
    store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
    List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
    HiveObjectRef hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
    HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("exec", now, "me", PrincipalType.USER, false);
    hop = new HiveObjectPrivilege(hiveObjRef, roleNames[1], PrincipalType.ROLE, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("create", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("create2", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    PrivilegeBag pBag = new PrivilegeBag(privileges);
    store.grantPrivileges(pBag);
    PrincipalPrivilegeSet pps = getPPS(objectType, dbName, tableName, userNames[0]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(1, pps.getUserPrivileges().get(userNames[0]).size());
    grantInfo = pps.getUserPrivileges().get(userNames[0]).get(0);
    Assert.assertEquals("read", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertFalse(grantInfo.isGrantOption());
    Assert.assertEquals(2, pps.getRolePrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
    grantInfo = pps.getRolePrivileges().get(roleNames[0]).get(0);
    Assert.assertEquals("write", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertTrue(grantInfo.isGrantOption());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[1]).size());
    grantInfo = pps.getRolePrivileges().get(roleNames[1]).get(0);
    Assert.assertEquals("exec", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertFalse(grantInfo.isGrantOption());
    pps = getPPS(objectType, dbName, tableName, userNames[1]);
    Assert.assertEquals(0, pps.getUserPrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[1]).size());
    grantInfo = pps.getRolePrivileges().get(roleNames[1]).get(0);
    Assert.assertEquals("exec", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertFalse(grantInfo.isGrantOption());
    pps = getPPS(objectType, dbName, tableName, userNames[2]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(2, pps.getUserPrivileges().get(userNames[2]).size());
    Assert.assertEquals(0, pps.getRolePrivilegesSize());
    pps = getPPS(objectType, dbName, tableName, userNames[3]);
    Assert.assertEquals(0, pps.getUserPrivilegesSize());
    Assert.assertEquals(0, pps.getRolePrivilegesSize());
    // Test that removing role removes the role grants
    store.removeRole(roleNames[1]);
    checkRoleRemovedFromAllPrivileges(objectType, dbName, tableName, roleNames[1]);
    pps = getPPS(objectType, dbName, tableName, userNames[0]);
    Assert.assertEquals(1, pps.getRolePrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
    pps = getPPS(objectType, dbName, tableName, userNames[1]);
    Assert.assertEquals(0, pps.getRolePrivilegesSize());
    // Test that revoking with grant option = true just removes grant option
    privileges.clear();
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("create2", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    pBag = new PrivilegeBag(privileges);
    store.revokePrivileges(pBag, true);
    pps = getPPS(objectType, dbName, tableName, userNames[0]);
    Assert.assertEquals(1, pps.getRolePrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
    grantInfo = pps.getRolePrivileges().get(roleNames[0]).get(0);
    Assert.assertEquals("write", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertFalse(grantInfo.isGrantOption());
    pps = getPPS(objectType, dbName, tableName, userNames[2]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(2, pps.getUserPrivileges().get(userNames[2]).size());
    for (PrivilegeGrantInfo pgi : pps.getUserPrivileges().get(userNames[2])) {
        if (pgi.getPrivilege().equals("create"))
            Assert.assertTrue(pgi.isGrantOption());
        else if (pgi.getPrivilege().equals("create2"))
            Assert.assertFalse(pgi.isGrantOption());
        else
            Assert.fail("huh?");
    }
    // Test revoking revokes
    store.revokePrivileges(pBag, false);
    pps = getPPS(objectType, dbName, tableName, userNames[0]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivilegesSize());
    Assert.assertEquals(0, pps.getRolePrivileges().get(roleNames[0]).size());
    pps = getPPS(objectType, dbName, tableName, userNames[2]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(1, pps.getUserPrivileges().get(userNames[2]).size());
    Assert.assertEquals("create", pps.getUserPrivileges().get(userNames[2]).get(0).getPrivilege());
    Assert.assertEquals(0, pps.getRolePrivilegesSize());
}
Also used : Role(org.apache.hadoop.hive.metastore.api.Role) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList)

Example 13 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class ObjectStore method getDBPrivilegeSet.

@Override
public PrincipalPrivilegeSet getDBPrivilegeSet(String dbName, String userName, List<String> groupNames) throws InvalidObjectException, MetaException {
    boolean commited = false;
    dbName = HiveStringUtils.normalizeIdentifier(dbName);
    PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
    try {
        openTransaction();
        if (userName != null) {
            Map<String, List<PrivilegeGrantInfo>> dbUserPriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            dbUserPriv.put(userName, getDBPrivilege(dbName, userName, PrincipalType.USER));
            ret.setUserPrivileges(dbUserPriv);
        }
        if (groupNames != null && groupNames.size() > 0) {
            Map<String, List<PrivilegeGrantInfo>> dbGroupPriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            for (String groupName : groupNames) {
                dbGroupPriv.put(groupName, getDBPrivilege(dbName, groupName, PrincipalType.GROUP));
            }
            ret.setGroupPrivileges(dbGroupPriv);
        }
        Set<String> roleNames = listAllRolesInHierarchy(userName, groupNames);
        if (roleNames != null && roleNames.size() > 0) {
            Map<String, List<PrivilegeGrantInfo>> dbRolePriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            for (String roleName : roleNames) {
                dbRolePriv.put(roleName, getDBPrivilege(dbName, roleName, PrincipalType.ROLE));
            }
            ret.setRolePrivileges(dbRolePriv);
        }
        commited = commitTransaction();
    } finally {
        if (!commited) {
            rollbackTransaction();
        }
    }
    return ret;
}
Also used : HashMap(java.util.HashMap) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) MStringList(org.apache.hadoop.hive.metastore.model.MStringList) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList)

Example 14 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class ObjectStore method getUserPrivilegeSet.

@Override
public PrincipalPrivilegeSet getUserPrivilegeSet(String userName, List<String> groupNames) throws InvalidObjectException, MetaException {
    boolean commited = false;
    PrincipalPrivilegeSet ret = new PrincipalPrivilegeSet();
    try {
        openTransaction();
        if (userName != null) {
            List<MGlobalPrivilege> user = this.listPrincipalMGlobalGrants(userName, PrincipalType.USER);
            if (user.size() > 0) {
                Map<String, List<PrivilegeGrantInfo>> userPriv = new HashMap<String, List<PrivilegeGrantInfo>>();
                List<PrivilegeGrantInfo> grantInfos = new ArrayList<PrivilegeGrantInfo>(user.size());
                for (int i = 0; i < user.size(); i++) {
                    MGlobalPrivilege item = user.get(i);
                    grantInfos.add(new PrivilegeGrantInfo(item.getPrivilege(), item.getCreateTime(), item.getGrantor(), getPrincipalTypeFromStr(item.getGrantorType()), item.getGrantOption()));
                }
                userPriv.put(userName, grantInfos);
                ret.setUserPrivileges(userPriv);
            }
        }
        if (groupNames != null && groupNames.size() > 0) {
            Map<String, List<PrivilegeGrantInfo>> groupPriv = new HashMap<String, List<PrivilegeGrantInfo>>();
            for (String groupName : groupNames) {
                List<MGlobalPrivilege> group = this.listPrincipalMGlobalGrants(groupName, PrincipalType.GROUP);
                if (group.size() > 0) {
                    List<PrivilegeGrantInfo> grantInfos = new ArrayList<PrivilegeGrantInfo>(group.size());
                    for (int i = 0; i < group.size(); i++) {
                        MGlobalPrivilege item = group.get(i);
                        grantInfos.add(new PrivilegeGrantInfo(item.getPrivilege(), item.getCreateTime(), item.getGrantor(), getPrincipalTypeFromStr(item.getGrantorType()), item.getGrantOption()));
                    }
                    groupPriv.put(groupName, grantInfos);
                }
            }
            ret.setGroupPrivileges(groupPriv);
        }
        commited = commitTransaction();
    } finally {
        if (!commited) {
            rollbackTransaction();
        }
    }
    return ret;
}
Also used : HashMap(java.util.HashMap) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) ArrayList(java.util.ArrayList) MStringList(org.apache.hadoop.hive.metastore.model.MStringList) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) MGlobalPrivilege(org.apache.hadoop.hive.metastore.model.MGlobalPrivilege) MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint)

Example 15 with PrincipalPrivilegeSet

use of org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet in project hive by apache.

the class ObjectStore method createTable.

@Override
public void createTable(Table tbl) throws InvalidObjectException, MetaException {
    boolean commited = false;
    try {
        openTransaction();
        MTable mtbl = convertToMTable(tbl);
        pm.makePersistent(mtbl);
        PrincipalPrivilegeSet principalPrivs = tbl.getPrivileges();
        List<Object> toPersistPrivObjs = new ArrayList<Object>();
        if (principalPrivs != null) {
            int now = (int) (System.currentTimeMillis() / 1000);
            Map<String, List<PrivilegeGrantInfo>> userPrivs = principalPrivs.getUserPrivileges();
            putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, userPrivs, PrincipalType.USER);
            Map<String, List<PrivilegeGrantInfo>> groupPrivs = principalPrivs.getGroupPrivileges();
            putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, groupPrivs, PrincipalType.GROUP);
            Map<String, List<PrivilegeGrantInfo>> rolePrivs = principalPrivs.getRolePrivileges();
            putPersistentPrivObjects(mtbl, toPersistPrivObjs, now, rolePrivs, PrincipalType.ROLE);
        }
        pm.makePersistentAll(toPersistPrivObjs);
        commited = commitTransaction();
    } finally {
        if (!commited) {
            rollbackTransaction();
        }
    }
}
Also used : MTable(org.apache.hadoop.hive.metastore.model.MTable) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) ArrayList(java.util.ArrayList) MStringList(org.apache.hadoop.hive.metastore.model.MStringList) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint)

Aggregations

PrincipalPrivilegeSet (org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet)27 ArrayList (java.util.ArrayList)19 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)17 List (java.util.List)15 LinkedList (java.util.LinkedList)14 IOException (java.io.IOException)13 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)10 HashMap (java.util.HashMap)9 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)9 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)6 Table (org.apache.hadoop.hive.metastore.api.Table)6 MStringList (org.apache.hadoop.hive.metastore.model.MStringList)6 Database (org.apache.hadoop.hive.metastore.api.Database)5 Map (java.util.Map)4 MTable (org.apache.hadoop.hive.metastore.model.MTable)4 NoSuchObjectException (org.apache.hadoop.hive.metastore.api.NoSuchObjectException)3 Partition (org.apache.hadoop.hive.metastore.api.Partition)3 MPartition (org.apache.hadoop.hive.metastore.model.MPartition)3 TException (org.apache.thrift.TException)3 FileNotFoundException (java.io.FileNotFoundException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial