Example 11 with PrivilegeGrantInfo
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class ObjectStore method putPersistentPrivObjects.
/**
* Convert PrivilegeGrantInfo from privMap to MTablePrivilege, and add all of
* them to the toPersistPrivObjs. These privilege objects will be persisted as
* part of createTable.
*
* @param mtbl
* @param toPersistPrivObjs
* @param now
* @param privMap
* @param type
*/
private void putPersistentPrivObjects(MTable mtbl, List<Object> toPersistPrivObjs, int now, Map<String, List<PrivilegeGrantInfo>> privMap, PrincipalType type) {
if (privMap != null) {
for (Map.Entry<String, List<PrivilegeGrantInfo>> entry : privMap.entrySet()) {
String principalName = entry.getKey();
List<PrivilegeGrantInfo> privs = entry.getValue();
for (int i = 0; i < privs.size(); i++) {
PrivilegeGrantInfo priv = privs.get(i);
if (priv == null) {
continue;
}
MTablePrivilege mTblSec = new MTablePrivilege(principalName, type.toString(), mtbl, priv.getPrivilege(), now, priv.getGrantor(), priv.getGrantorType().toString(), priv.isGrantOption());
toPersistPrivObjs.add(mTblSec);
}
}
}
}
Also used :
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
MStringList(org.apache.hadoop.hive.metastore.model.MStringList)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
Map(java.util.Map)
MRoleMap(org.apache.hadoop.hive.metastore.model.MRoleMap)
HashMap(java.util.HashMap)
MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint)
MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)
Example 12 with PrivilegeGrantInfo
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class SQLStdHiveAccessController method showPrivileges.
@Override
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException {
try {
// First authorize the call
if (principal == null) {
// only the admin is allowed to list privileges for any user
if (!isUserAdmin()) {
throw new HiveAccessControlException("User : " + currentUserName + " has to specify" + " a user name or role in the show grant. " + ADMIN_ONLY_MSG);
}
} else {
//principal is specified, authorize on it
if (!isUserAdmin()) {
ensureShowGrantAllowed(principal);
}
}
IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>();
String principalName = principal == null ? null : principal.getName();
PrincipalType principalType = principal == null ? null : AuthorizationUtils.getThriftPrincipalType(principal.getType());
// get metastore/thrift privilege object using metastore api
List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(principalName, principalType, SQLAuthorizationUtils.getThriftHiveObjectRef(privObj));
// convert the metastore thrift objects to result objects
for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
// result principal
HivePrincipal resPrincipal = new HivePrincipal(msObjPriv.getPrincipalName(), AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType()));
// result privilege
PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
HivePrivilege resPrivilege = new HivePrivilege(msGrantInfo.getPrivilege(), null);
// result object
HiveObjectRef msObjRef = msObjPriv.getHiveObject();
if (!isSupportedObjectType(msObjRef.getObjectType())) {
// ignore them
continue;
}
HivePrivilegeObject resPrivObj = new HivePrivilegeObject(getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName());
// result grantor principal
HivePrincipal grantorPrincipal = new HivePrincipal(msGrantInfo.getGrantor(), AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType()));
HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(resPrincipal, resPrivilege, resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption(), msGrantInfo.getCreateTime());
resPrivInfos.add(resPrivInfo);
}
return resPrivInfos;
} catch (Exception e) {
throw SQLAuthorizationUtils.getPluginException("Error showing privileges", e);
}
}
Also used :
HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
ArrayList(java.util.ArrayList)
HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)
IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
TException(org.apache.thrift.TException)
HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
Example 13 with PrivilegeGrantInfo
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class AuthorizationUtils method getPrivilegeInfos.
public static List<HivePrivilegeInfo> getPrivilegeInfos(List<HiveObjectPrivilege> privs) throws HiveException {
List<HivePrivilegeInfo> hivePrivs = new ArrayList<HivePrivilegeInfo>();
for (HiveObjectPrivilege priv : privs) {
PrivilegeGrantInfo grantorInfo = priv.getGrantInfo();
HiveObjectRef privObject = priv.getHiveObject();
HivePrincipal hivePrincipal = getHivePrincipal(priv.getPrincipalName(), priv.getPrincipalType());
HivePrincipal grantor = getHivePrincipal(grantorInfo.getGrantor(), grantorInfo.getGrantorType());
HivePrivilegeObject object = getHiveObjectRef(privObject);
HivePrivilege privilege = new HivePrivilege(grantorInfo.getPrivilege(), null);
hivePrivs.add(new HivePrivilegeInfo(hivePrincipal, privilege, object, grantor, grantorInfo.isGrantOption(), grantorInfo.getCreateTime()));
}
return hivePrivs;
}
Also used :
HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)
HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
ArrayList(java.util.ArrayList)
HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)
Example 14 with PrivilegeGrantInfo
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class RevokePrivAuthUtils method authorizeAndGetRevokePrivileges.
public static List<HiveObjectPrivilege> authorizeAndGetRevokePrivileges(List<HivePrincipal> principals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, boolean grantOption, IMetaStoreClient mClient, String userName) throws HiveAuthzPluginException, HiveAccessControlException {
List<HiveObjectPrivilege> matchingPrivs = new ArrayList<HiveObjectPrivilege>();
StringBuilder errMsg = new StringBuilder();
for (HivePrincipal principal : principals) {
// get metastore/thrift privilege object for this principal and object, not looking at
// privileges obtained indirectly via roles
List<HiveObjectPrivilege> msObjPrivs;
try {
msObjPrivs = mClient.list_privileges(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivObject));
} catch (MetaException e) {
throw new HiveAuthzPluginException(e);
} catch (TException e) {
throw new HiveAuthzPluginException(e);
}
// the resulting privileges need to be filtered on privilege type and
// username
// create a Map to capture object privileges corresponding to privilege
// type
Map<String, HiveObjectPrivilege> priv2privObj = new HashMap<String, HiveObjectPrivilege>();
for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
PrivilegeGrantInfo grantInfo = msObjPriv.getGrantInfo();
// check if the grantor matches current user
if (grantInfo.getGrantor() != null && grantInfo.getGrantor().equals(userName) && grantInfo.getGrantorType() == PrincipalType.USER) {
// add to the map
priv2privObj.put(grantInfo.getPrivilege(), msObjPriv);
}
// else skip this one
}
// find the privileges that we are looking for
for (HivePrivilege hivePrivilege : hivePrivileges) {
HiveObjectPrivilege matchedPriv = priv2privObj.get(hivePrivilege.getName());
if (matchedPriv != null) {
matchingPrivs.add(matchedPriv);
} else {
errMsg.append("Cannot find privilege ").append(hivePrivilege).append(" for ").append(principal).append(" on ").append(hivePrivObject).append(" granted by ").append(userName).append(System.getProperty("line.separator"));
}
}
}
if (errMsg.length() != 0) {
throw new HiveAccessControlException(errMsg.toString());
}
return matchingPrivs;
}
Also used :
TException(org.apache.thrift.TException)
HashMap(java.util.HashMap)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)
ArrayList(java.util.ArrayList)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)
HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
Example 15 with PrivilegeGrantInfo
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class CreateTableAutomaticGrant method getGrantorInfoList.
private static List<PrivilegeGrantInfo> getGrantorInfoList(String privList) throws HiveException {
if (privList == null || privList.trim().equals("")) {
return null;
}
validatePrivilege(privList);
String[] grantArray = privList.split(",");
List<PrivilegeGrantInfo> grantInfoList = new ArrayList<PrivilegeGrantInfo>();
String grantor = SessionState.getUserFromAuthenticator();
for (String grant : grantArray) {
grantInfoList.add(new PrivilegeGrantInfo(grant, -1, grantor, PrincipalType.USER, true));
}
return grantInfoList;
}
Also used :
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
ArrayList(java.util.ArrayList)
Aggregations
PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)49
ArrayList (java.util.ArrayList)43
HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)31
HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)29
PrincipalPrivilegeSet (org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet)17
List (java.util.List)16
LinkedList (java.util.LinkedList)15
IOException (java.io.IOException)12
MConstraint (org.apache.hadoop.hive.metastore.model.MConstraint)12
HashMap (java.util.HashMap)10
Database (org.apache.hadoop.hive.metastore.api.Database)8
PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)8
PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)7
MetaException (org.apache.hadoop.hive.metastore.api.MetaException)6
Table (org.apache.hadoop.hive.metastore.api.Table)6
MStringList (org.apache.hadoop.hive.metastore.model.MStringList)6
Role (org.apache.hadoop.hive.metastore.api.Role)5
Map (java.util.Map)4
MTablePrivilege (org.apache.hadoop.hive.metastore.model.MTablePrivilege)4
Test (org.junit.Test)4
