Example 11 with PrincipalType
use of org.apache.hadoop.hive.metastore.api.PrincipalType in project hive by apache.
the class ObjectStore method convertPartition.
private List<HiveObjectPrivilege> convertPartition(List<MPartitionPrivilege> privs) {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MPartitionPrivilege priv : privs) {
String pname = priv.getPrincipalName();
String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
MPartition mpartition = priv.getPartition();
MTable mtable = mpartition.getTable();
MDatabase mdatabase = mtable.getDatabase();
HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.PARTITION, mdatabase.getName(), mtable.getTableName(), mpartition.getValues(), null);
objectRef.setCatName(mdatabase.getCatalogName());
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
Also used :
MDatabase(org.apache.hadoop.hive.metastore.model.MDatabase)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
MTable(org.apache.hadoop.hive.metastore.model.MTable)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
ArrayList(java.util.ArrayList)
MPartitionPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionPrivilege)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
MPartition(org.apache.hadoop.hive.metastore.model.MPartition)
Example 12 with PrincipalType
use of org.apache.hadoop.hive.metastore.api.PrincipalType in project hive by apache.
the class ObjectStore method createDatabase.
@Override
public void createDatabase(Database db) throws InvalidObjectException, MetaException {
boolean commited = false;
MDatabase mdb = new MDatabase();
assert db.getCatalogName() != null;
mdb.setCatalogName(normalizeIdentifier(db.getCatalogName()));
assert mdb.getCatalogName() != null;
mdb.setName(db.getName().toLowerCase());
mdb.setLocationUri(db.getLocationUri());
mdb.setManagedLocationUri(db.getManagedLocationUri());
mdb.setDescription(db.getDescription());
mdb.setParameters(db.getParameters());
mdb.setOwnerName(db.getOwnerName());
mdb.setDataConnectorName(db.getConnector_name());
mdb.setRemoteDatabaseName(db.getRemote_dbname());
if (db.getType() == null) {
mdb.setType(DatabaseType.NATIVE.name());
} else {
mdb.setType(db.getType().name());
}
PrincipalType ownerType = db.getOwnerType();
mdb.setOwnerType((null == ownerType ? PrincipalType.USER.name() : ownerType.name()));
mdb.setCreateTime(db.getCreateTime());
try {
openTransaction();
pm.makePersistent(mdb);
commited = commitTransaction();
} finally {
if (!commited) {
rollbackTransaction();
}
}
}
Also used :
MDatabase(org.apache.hadoop.hive.metastore.model.MDatabase)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
Example 13 with PrincipalType
use of org.apache.hadoop.hive.metastore.api.PrincipalType in project hive by apache.
the class ObjectStore method revokePrivileges.
@Override
public boolean revokePrivileges(PrivilegeBag privileges, boolean grantOption) throws InvalidObjectException, MetaException, NoSuchObjectException {
boolean committed = false;
try {
openTransaction();
List<Object> persistentObjs = new ArrayList<>();
List<HiveObjectPrivilege> privilegeList = privileges.getPrivileges();
if (CollectionUtils.isNotEmpty(privilegeList)) {
Iterator<HiveObjectPrivilege> privIter = privilegeList.iterator();
while (privIter.hasNext()) {
HiveObjectPrivilege privDef = privIter.next();
HiveObjectRef hiveObject = privDef.getHiveObject();
String privilegeStr = privDef.getGrantInfo().getPrivilege();
if (privilegeStr == null || privilegeStr.trim().equals("")) {
continue;
}
String[] privs = privilegeStr.split(",");
String userName = privDef.getPrincipalName();
PrincipalType principalType = privDef.getPrincipalType();
String catName = hiveObject.isSetCatName() ? hiveObject.getCatName() : getDefaultCatalog(conf);
if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) {
List<MGlobalPrivilege> mSecUser = this.listPrincipalMGlobalGrants(userName, principalType);
boolean found = false;
for (String privilege : privs) {
for (MGlobalPrivilege userGrant : mSecUser) {
String userGrantPrivs = userGrant.getPrivilege();
if (privilege.equals(userGrantPrivs)) {
found = true;
if (grantOption) {
if (userGrant.getGrantOption()) {
userGrant.setGrantOption(false);
} else {
throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
}
}
persistentObjs.add(userGrant);
break;
}
}
if (!found) {
throw new InvalidObjectException("No user grant found for privileges " + privilege);
}
}
} else if (hiveObject.getObjectType() == HiveObjectType.DATABASE) {
MDatabase dbObj = getMDatabase(catName, hiveObject.getDbName());
String db = hiveObject.getDbName();
boolean found = false;
List<MDBPrivilege> dbGrants = this.listPrincipalMDBGrants(userName, principalType, catName, db);
for (String privilege : privs) {
for (MDBPrivilege dbGrant : dbGrants) {
String dbGrantPriv = dbGrant.getPrivilege();
if (privilege.equals(dbGrantPriv)) {
found = true;
if (grantOption) {
if (dbGrant.getGrantOption()) {
dbGrant.setGrantOption(false);
} else {
throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
}
}
persistentObjs.add(dbGrant);
break;
}
}
if (!found) {
throw new InvalidObjectException("No database grant found for privileges " + privilege + " on database " + db);
}
}
} else if (hiveObject.getObjectType() == HiveObjectType.DATACONNECTOR) {
MDataConnector dCObj = getMDataConnector(hiveObject.getObjectName());
String dc = hiveObject.getObjectName();
boolean found = false;
List<MDCPrivilege> dcGrants = this.listPrincipalMDCGrants(userName, principalType, catName, dc);
for (String privilege : privs) {
for (MDCPrivilege dcGrant : dcGrants) {
String dcGrantPriv = dcGrant.getPrivilege();
if (privilege.equals(dcGrantPriv)) {
found = true;
if (grantOption) {
if (dcGrant.getGrantOption()) {
dcGrant.setGrantOption(false);
} else {
throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
}
}
persistentObjs.add(dcGrant);
break;
}
}
if (!found) {
throw new InvalidObjectException("No dataconnector grant found for privileges " + privilege + " on data connector " + dc);
}
}
} else if (hiveObject.getObjectType() == HiveObjectType.TABLE) {
boolean found = false;
List<MTablePrivilege> tableGrants = this.listAllMTableGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject.getObjectName());
for (String privilege : privs) {
for (MTablePrivilege tabGrant : tableGrants) {
String tableGrantPriv = tabGrant.getPrivilege();
if (privilege.equalsIgnoreCase(tableGrantPriv)) {
found = true;
if (grantOption) {
if (tabGrant.getGrantOption()) {
tabGrant.setGrantOption(false);
} else {
throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
}
}
persistentObjs.add(tabGrant);
break;
}
}
if (!found) {
throw new InvalidObjectException("No grant (" + privilege + ") found " + " on table " + hiveObject.getObjectName() + ", database is " + hiveObject.getDbName());
}
}
} else if (hiveObject.getObjectType() == HiveObjectType.PARTITION) {
boolean found = false;
Table tabObj = this.getTable(catName, hiveObject.getDbName(), hiveObject.getObjectName(), null);
String partName = null;
if (hiveObject.getPartValues() != null) {
partName = Warehouse.makePartName(tabObj.getPartitionKeys(), hiveObject.getPartValues());
}
List<MPartitionPrivilege> partitionGrants = this.listPrincipalMPartitionGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject.getObjectName(), partName);
for (String privilege : privs) {
for (MPartitionPrivilege partGrant : partitionGrants) {
String partPriv = partGrant.getPrivilege();
if (partPriv.equalsIgnoreCase(privilege)) {
found = true;
if (grantOption) {
if (partGrant.getGrantOption()) {
partGrant.setGrantOption(false);
} else {
throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
}
}
persistentObjs.add(partGrant);
break;
}
}
if (!found) {
throw new InvalidObjectException("No grant (" + privilege + ") found " + " on table " + tabObj.getTableName() + ", partition is " + partName + ", database is " + tabObj.getDbName());
}
}
} else if (hiveObject.getObjectType() == HiveObjectType.COLUMN) {
Table tabObj = this.getTable(catName, hiveObject.getDbName(), hiveObject.getObjectName(), null);
String partName = null;
if (hiveObject.getPartValues() != null) {
partName = Warehouse.makePartName(tabObj.getPartitionKeys(), hiveObject.getPartValues());
}
if (partName != null) {
List<MPartitionColumnPrivilege> mSecCol = listPrincipalMPartitionColumnGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject.getObjectName(), partName, hiveObject.getColumnName());
boolean found = false;
for (String privilege : privs) {
for (MPartitionColumnPrivilege col : mSecCol) {
String colPriv = col.getPrivilege();
if (colPriv.equalsIgnoreCase(privilege)) {
found = true;
if (grantOption) {
if (col.getGrantOption()) {
col.setGrantOption(false);
} else {
throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
}
}
persistentObjs.add(col);
break;
}
}
if (!found) {
throw new InvalidObjectException("No grant (" + privilege + ") found " + " on table " + tabObj.getTableName() + ", partition is " + partName + ", column name = " + hiveObject.getColumnName() + ", database is " + tabObj.getDbName());
}
}
} else {
List<MTableColumnPrivilege> mSecCol = listPrincipalMTableColumnGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getColumnName());
boolean found = false;
for (String privilege : privs) {
for (MTableColumnPrivilege col : mSecCol) {
String colPriv = col.getPrivilege();
if (colPriv.equalsIgnoreCase(privilege)) {
found = true;
if (grantOption) {
if (col.getGrantOption()) {
col.setGrantOption(false);
} else {
throw new MetaException("User " + userName + " does not have grant option with privilege " + privilege);
}
}
persistentObjs.add(col);
break;
}
}
if (!found) {
throw new InvalidObjectException("No grant (" + privilege + ") found " + " on table " + tabObj.getTableName() + ", column name = " + hiveObject.getColumnName() + ", database is " + tabObj.getDbName());
}
}
}
}
}
}
if (CollectionUtils.isNotEmpty(persistentObjs)) {
if (grantOption) {
// If grant option specified, only update the privilege, don't remove it.
// Grant option has already been removed from the privileges in the section above
} else {
pm.deletePersistentAll(persistentObjs);
}
}
committed = commitTransaction();
} finally {
if (!committed) {
rollbackTransaction();
}
}
return committed;
}
Also used :
MDataConnector(org.apache.hadoop.hive.metastore.model.MDataConnector)
ArrayList(java.util.ArrayList)
MPartitionColumnPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege)
MDCPrivilege(org.apache.hadoop.hive.metastore.model.MDCPrivilege)
InvalidObjectException(org.apache.hadoop.hive.metastore.api.InvalidObjectException)
ValidWriteIdList(org.apache.hadoop.hive.common.ValidWriteIdList)
ReplicationMetricList(org.apache.hadoop.hive.metastore.api.ReplicationMetricList)
LinkedList(java.util.LinkedList)
MStringList(org.apache.hadoop.hive.metastore.model.MStringList)
ArrayList(java.util.ArrayList)
ValidReaderWriteIdList(org.apache.hadoop.hive.common.ValidReaderWriteIdList)
List(java.util.List)
MTableColumnPrivilege(org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
MVersionTable(org.apache.hadoop.hive.metastore.model.MVersionTable)
SourceTable(org.apache.hadoop.hive.metastore.api.SourceTable)
Table(org.apache.hadoop.hive.metastore.api.Table)
MTable(org.apache.hadoop.hive.metastore.model.MTable)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
MDBPrivilege(org.apache.hadoop.hive.metastore.model.MDBPrivilege)
MGlobalPrivilege(org.apache.hadoop.hive.metastore.model.MGlobalPrivilege)
MDatabase(org.apache.hadoop.hive.metastore.model.MDatabase)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
MPartitionPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionPrivilege)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)
Example 14 with PrincipalType
use of org.apache.hadoop.hive.metastore.api.PrincipalType in project hive by apache.
the class ObjectStore method convertPartCols.
private List<HiveObjectPrivilege> convertPartCols(List<MPartitionColumnPrivilege> privs) {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MPartitionColumnPrivilege priv : privs) {
String pname = priv.getPrincipalName();
String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
MPartition mpartition = priv.getPartition();
MTable mtable = mpartition.getTable();
MDatabase mdatabase = mtable.getDatabase();
HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.COLUMN, mdatabase.getName(), mtable.getTableName(), mpartition.getValues(), priv.getColumnName());
objectRef.setCatName(mdatabase.getCatalogName());
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
Also used :
MDatabase(org.apache.hadoop.hive.metastore.model.MDatabase)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
MTable(org.apache.hadoop.hive.metastore.model.MTable)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
ArrayList(java.util.ArrayList)
MPartitionColumnPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
MPartition(org.apache.hadoop.hive.metastore.model.MPartition)
Example 15 with PrincipalType
use of org.apache.hadoop.hive.metastore.api.PrincipalType in project hive by apache.
the class HiveV1Authorizer method toPrivilegeBag.
private PrivilegeBag toPrivilegeBag(List<HivePrivilege> privileges, HivePrivilegeObject privObject, HivePrincipal grantor, boolean grantOption) throws HiveException {
PrivilegeBag privBag = new PrivilegeBag();
if (privileges.isEmpty()) {
return privBag;
}
String grantorName = grantor.getName();
PrincipalType grantorType = AuthorizationUtils.getThriftPrincipalType(grantor.getType());
if (privObject.getType() == null || privObject.getType() == HivePrivilegeObject.HivePrivilegeObjectType.GLOBAL) {
for (HivePrivilege priv : privileges) {
List<String> columns = priv.getColumns();
if (columns != null && !columns.isEmpty()) {
throw new HiveException("For user-level privileges, column sets should be null. columns=" + columns.toString());
}
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantor.getName(), grantorType, grantOption)));
}
return privBag;
}
if (privObject.getPartKeys() != null && grantOption) {
throw new HiveException("Grant does not support partition level.");
}
Hive hive = Hive.getWithFastCheck(this.conf);
Database dbObj = hive.getDatabase(privObject.getDbname());
if (dbObj == null) {
throw new HiveException("Database " + privObject.getDbname() + " does not exists");
}
Table tableObj = null;
if (privObject.getObjectName() != null) {
tableObj = hive.getTable(dbObj.getName(), privObject.getObjectName());
}
List<String> partValues = null;
if (tableObj != null) {
if ((!tableObj.isPartitioned()) && privObject.getPartKeys() != null) {
throw new HiveException("Table is not partitioned, but partition name is present: partSpec=" + privObject.getPartKeys());
}
if (privObject.getPartKeys() != null) {
Map<String, String> partSpec = Warehouse.makeSpecFromValues(tableObj.getPartitionKeys(), privObject.getPartKeys());
Partition partObj = hive.getPartition(tableObj, partSpec, false).getTPartition();
partValues = partObj.getValues();
}
}
for (HivePrivilege priv : privileges) {
List<String> columns = priv.getColumns();
if (columns != null && !columns.isEmpty()) {
if (!priv.supportsScope(PrivilegeScope.COLUMN_LEVEL_SCOPE)) {
throw new HiveException(priv.getName() + " does not support column level privilege.");
}
if (tableObj == null) {
throw new HiveException("For user-level/database-level privileges, column sets should be null. columns=" + columns);
}
for (int i = 0; i < columns.size(); i++) {
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.COLUMN, dbObj.getName(), tableObj.getTableName(), partValues, columns.get(i)), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
}
} else if (tableObj == null) {
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.DATABASE, dbObj.getName(), null, null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
} else if (partValues == null) {
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.TABLE, dbObj.getName(), tableObj.getTableName(), null, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
} else {
privBag.addToPrivileges(new HiveObjectPrivilege(new HiveObjectRef(HiveObjectType.PARTITION, dbObj.getName(), tableObj.getTableName(), partValues, null), null, null, new PrivilegeGrantInfo(priv.getName(), 0, grantorName, grantorType, grantOption)));
}
}
return privBag;
}
Also used :
PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag)
Partition(org.apache.hadoop.hive.metastore.api.Partition)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
Table(org.apache.hadoop.hive.ql.metadata.Table)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
Hive(org.apache.hadoop.hive.ql.metadata.Hive)
Database(org.apache.hadoop.hive.metastore.api.Database)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
Aggregations
PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)29
HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)15
ArrayList (java.util.ArrayList)14
HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)13
PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)11
MDatabase (org.apache.hadoop.hive.metastore.model.MDatabase)8
InvalidObjectException (org.apache.hadoop.hive.metastore.api.InvalidObjectException)6
MTable (org.apache.hadoop.hive.metastore.model.MTable)6
Hive (org.apache.hadoop.hive.ql.metadata.Hive)6
Database (org.apache.hadoop.hive.metastore.api.Database)5
MetaException (org.apache.hadoop.hive.metastore.api.MetaException)5
NoSuchObjectException (org.apache.hadoop.hive.metastore.api.NoSuchObjectException)5
MDataConnector (org.apache.hadoop.hive.metastore.model.MDataConnector)4
HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)4
IOException (java.io.IOException)3
SQLException (java.sql.SQLException)3
List (java.util.List)3
InvalidOperationException (org.apache.hadoop.hive.metastore.api.InvalidOperationException)3
MDBPrivilege (org.apache.hadoop.hive.metastore.model.MDBPrivilege)3
MDCPrivilege (org.apache.hadoop.hive.metastore.model.MDCPrivilege)3
