Search in sources :

Example 31 with PrivilegeGrantInfo

use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.

the class TestHBaseStoreIntegration method listGlobalGrants.

@Test
public void listGlobalGrants() throws Exception {
    String[] roleNames = new String[] { "lgg_role1", "lgg_role2" };
    String[] userNames = new String[] { "merry", "pippen" };
    store.addRole(roleNames[0], "me");
    store.addRole(roleNames[1], "me");
    int now = (int) (System.currentTimeMillis() / 1000);
    Role role1 = store.getRole(roleNames[0]);
    Role role2 = store.getRole(roleNames[1]);
    store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
    store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
    store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
    List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
    HiveObjectRef hiveObjRef = new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null);
    PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
    HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
    privileges.add(hop);
    PrivilegeBag pBag = new PrivilegeBag(privileges);
    store.grantPrivileges(pBag);
    List<HiveObjectPrivilege> hops = store.listPrincipalGlobalGrants(roleNames[0], PrincipalType.ROLE);
    Assert.assertEquals(1, hops.size());
    Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
    Assert.assertEquals(HiveObjectType.GLOBAL, hops.get(0).getHiveObject().getObjectType());
    Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
    hops = store.listPrincipalGlobalGrants(userNames[0], PrincipalType.USER);
    Assert.assertEquals(1, hops.size());
    Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
    Assert.assertEquals(HiveObjectType.GLOBAL, hops.get(0).getHiveObject().getObjectType());
    Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
    hops = store.listPrincipalGlobalGrants(roleNames[1], PrincipalType.ROLE);
    Assert.assertEquals(0, hops.size());
    hops = store.listPrincipalGlobalGrants(userNames[1], PrincipalType.USER);
    Assert.assertEquals(0, hops.size());
    hops = store.listGlobalGrantsAll();
    Assert.assertEquals(2, hops.size());
    boolean sawUser = false, sawRole = false;
    for (HiveObjectPrivilege h : hops) {
        if (h.getPrincipalName().equals(userNames[0])) {
            Assert.assertEquals(PrincipalType.USER, h.getPrincipalType());
            Assert.assertEquals(HiveObjectType.GLOBAL, h.getHiveObject().getObjectType());
            Assert.assertEquals("read", h.getGrantInfo().getPrivilege());
            sawUser = true;
        } else if (h.getPrincipalName().equals(roleNames[0])) {
            Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType());
            Assert.assertEquals(HiveObjectType.GLOBAL, h.getHiveObject().getObjectType());
            Assert.assertEquals("write", h.getGrantInfo().getPrivilege());
            sawRole = true;
        }
    }
    Assert.assertTrue(sawUser && sawRole);
}
Also used : Role(org.apache.hadoop.hive.metastore.api.Role) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) Test(org.junit.Test)

Example 32 with PrivilegeGrantInfo

use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.

the class TestHBaseSchemaTool method oneMondoTest.

@Test
public void oneMondoTest() throws Exception {
    // This is a pain to do in one big test, but we have to control the order so that we have tests
    // without dbs, etc.
    HBaseSchemaTool tool = new HBaseSchemaTool();
    ByteArrayOutputStream outStr = new ByteArrayOutputStream();
    PrintStream out = new PrintStream(outStr);
    ByteArrayOutputStream errStr = new ByteArrayOutputStream();
    PrintStream err = new PrintStream(errStr);
    // This needs to be up front before we create any tables or partitions
    tool.go(false, HBaseReadWrite.SD_TABLE, null, "whatever", conf, out, err);
    Assert.assertEquals("No storage descriptors" + lsep, outStr.toString());
    // This one needs to be up front too
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.SEQUENCES_TABLE, null, "whatever", conf, out, err);
    Assert.assertEquals("No sequences" + lsep, outStr.toString());
    // Create some databases
    String[] dbNames = new String[3];
    for (int i = 0; i < dbNames.length; i++) {
        dbNames[i] = "db" + i;
        Database db = new Database(dbNames[i], "no description", "file:///tmp", emptyParameters);
        store.createDatabase(db);
    }
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.DB_TABLE, "db0", null, conf, out, err);
    Assert.assertEquals("{\"name\":\"db0\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.DB_TABLE, null, ".*", conf, out, err);
    Assert.assertEquals("{\"name\":\"db0\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep + "{\"name\":\"db1\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep + "{\"name\":\"db2\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.DB_TABLE, null, "db[12]", conf, out, err);
    Assert.assertEquals("{\"name\":\"db1\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep + "{\"name\":\"db2\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep, outStr.toString());
    String[] roleNames = new String[2];
    for (int i = 0; i < roleNames.length; i++) {
        roleNames[i] = "role" + i;
        store.addRole(roleNames[i], "me");
    }
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.ROLE_TABLE, null, "role.", conf, out, err);
    Assert.assertEquals("{\"roleName\":\"role0\",\"createTime\":now,\"ownerName\":\"me\"}" + lsep + "{\"roleName\":\"role1\",\"createTime\":now,\"ownerName\":\"me\"}" + lsep, outStr.toString().replaceAll("createTime\":[0-9]+", "createTime\":now"));
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.ROLE_TABLE, "role1", null, conf, out, err);
    Assert.assertEquals("{\"roleName\":\"role1\",\"createTime\":now,\"ownerName\":\"me\"}" + lsep, outStr.toString().replaceAll("createTime\":[0-9]+", "createTime\":now"));
    Role role1 = store.getRole("role1");
    store.grantRole(role1, "fred", PrincipalType.USER, "me", PrincipalType.USER, false);
    store.grantRole(role1, "joanne", PrincipalType.USER, "me", PrincipalType.USER, false);
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.USER_TO_ROLE_TABLE, null, ".*", conf, out, err);
    Assert.assertEquals("fred: role1" + lsep + "joanne: role1" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.USER_TO_ROLE_TABLE, "joanne", null, conf, out, err);
    Assert.assertEquals("role1" + lsep, outStr.toString());
    String[] funcNames = new String[3];
    for (int i = 0; i < funcNames.length; i++) {
        funcNames[i] = "func" + i;
        Function function = new Function(funcNames[i], "db1", "Function", "me", PrincipalType.USER, 0, FunctionType.JAVA, null);
        store.createFunction(function);
    }
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.FUNC_TABLE, "db1.func0", null, conf, out, err);
    Assert.assertEquals("{\"functionName\":\"func0\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.FUNC_TABLE, null, ".*", conf, out, err);
    Assert.assertEquals("{\"functionName\":\"func0\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep + "{\"functionName\":\"func1\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep + "{\"functionName\":\"func2\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.FUNC_TABLE, null, "db1.func[12]", conf, out, err);
    Assert.assertEquals("{\"functionName\":\"func1\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep + "{\"functionName\":\"func2\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.GLOBAL_PRIVS_TABLE, null, null, conf, out, err);
    Assert.assertEquals("No global privileges" + lsep, outStr.toString());
    List<HiveObjectPrivilege> privileges = new ArrayList<>();
    HiveObjectRef hiveObjRef = new HiveObjectRef(HiveObjectType.GLOBAL, "db0", "tab0", null, null);
    PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", 0, "me", PrincipalType.USER, false);
    HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, "user", PrincipalType.USER, grantInfo);
    privileges.add(hop);
    grantInfo = new PrivilegeGrantInfo("create", 0, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, "user", PrincipalType.USER, grantInfo);
    privileges.add(hop);
    PrivilegeBag pBag = new PrivilegeBag(privileges);
    store.grantPrivileges(pBag);
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.GLOBAL_PRIVS_TABLE, null, null, conf, out, err);
    Assert.assertEquals("{\"userPrivileges\":{\"user\":[{\"privilege\":\"read\",\"createTime\":0," + "\"grantor\":\"me\",\"grantorType\":1,\"grantOption\":0},{\"privilege\":\"create\"," + "\"createTime\":0,\"grantor\":\"me\",\"grantorType\":1,\"grantOption\":1}]}}" + lsep, outStr.toString());
    String[] tableNames = new String[3];
    for (int i = 0; i < tableNames.length; i++) {
        tableNames[i] = "tab" + i;
        StorageDescriptor sd = new StorageDescriptor(Arrays.asList(new FieldSchema("col1", "int", ""), new FieldSchema("col2", "varchar(32)", "")), "/tmp", null, null, false, 0, null, null, null, Collections.<String, String>emptyMap());
        Table tab = new Table(tableNames[i], dbNames[0], "me", 0, 0, 0, sd, Arrays.asList(new FieldSchema("pcol1", "string", ""), new FieldSchema("pcol2", "string", "")), Collections.<String, String>emptyMap(), null, null, null);
        store.createTable(tab);
    }
    ColumnStatisticsDesc tableStatsDesc = new ColumnStatisticsDesc(false, "db0", "tab0");
    ColumnStatisticsData tcsd = new ColumnStatisticsData();
    LongColumnStatsData tlcsd = new LongColumnStatsData(1, 2);
    tlcsd.setLowValue(-95);
    tlcsd.setHighValue(95);
    tcsd.setLongStats(tlcsd);
    ColumnStatisticsData tcsd2 = new ColumnStatisticsData();
    tcsd2.setStringStats(new StringColumnStatsData(97, 18.78, 29, 397));
    List<ColumnStatisticsObj> tcsos = Arrays.asList(new ColumnStatisticsObj("col1", "int", tcsd), new ColumnStatisticsObj("col2", "varchar(32)", tcsd2));
    ColumnStatistics tStatObj = new ColumnStatistics(tableStatsDesc, tcsos);
    store.updateTableColumnStatistics(tStatObj);
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.TABLE_TABLE, "db0.tab1", null, conf, out, err);
    Assert.assertEquals("{\"tableName\":\"tab1\",\"dbName\":\"db0\",\"owner\":\"me\"," + "\"createTime\":0,\"lastAccessTime\":0,\"retention\":0," + "\"partitionKeys\":[{\"name\":\"pcol1\",\"type\":\"string\",\"comment\":\"\"}," + "{\"name\":\"pcol2\",\"type\":\"string\",\"comment\":\"\"}],\"parameters\":{}," + "\"tableType\":\"\",\"rewriteEnabled\":0} sdHash: qQTgZAi5VzgpozzFGmIVTQ stats:" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.TABLE_TABLE, null, "db0.*", conf, out, err);
    Assert.assertEquals("{\"tableName\":\"tab0\",\"dbName\":\"db0\",\"owner\":\"me\"," + "\"createTime\":0,\"lastAccessTime\":0,\"retention\":0," + "\"partitionKeys\":[{\"name\":\"pcol1\",\"type\":\"string\",\"comment\":\"\"}," + "{\"name\":\"pcol2\",\"type\":\"string\",\"comment\":\"\"}],\"parameters\":{\"COLUMN_STATS_ACCURATE\":\"{\\\"COLUMN_STATS\\\":{\\\"col1\\\":\\\"true\\\",\\\"col2\\\":\\\"true\\\"}}\"}," + "\"tableType\":\"\",\"rewriteEnabled\":0} sdHash: qQTgZAi5VzgpozzFGmIVTQ stats: column " + "col1: {\"colName\":\"col1\",\"colType\":\"int\"," + "\"statsData\":{\"longStats\":{\"lowValue\":-95,\"highValue\":95,\"numNulls\":1," + "\"numDVs\":2,\"bitVectors\":\"\"}}} column col2: {\"colName\":\"col2\",\"colType\":\"varchar(32)\"," + "\"statsData\":{\"stringStats\":{\"maxColLen\":97,\"avgColLen\":18.78," + "\"numNulls\":29,\"numDVs\":397,\"bitVectors\":\"\"}}}" + lsep + "{\"tableName\":\"tab1\",\"dbName\":\"db0\",\"owner\":\"me\",\"createTime\":0," + "\"lastAccessTime\":0,\"retention\":0,\"partitionKeys\":[{\"name\":\"pcol1\"," + "\"type\":\"string\",\"comment\":\"\"},{\"name\":\"pcol2\",\"type\":\"string\"," + "\"comment\":\"\"}],\"parameters\":{},\"tableType\":\"\",\"rewriteEnabled\":0} sdHash: " + "qQTgZAi5VzgpozzFGmIVTQ stats:" + lsep + "{\"tableName\":\"tab2\",\"dbName\":\"db0\",\"owner\":\"me\",\"createTime\":0," + "\"lastAccessTime\":0,\"retention\":0,\"partitionKeys\":[{\"name\":\"pcol1\"," + "\"type\":\"string\",\"comment\":\"\"},{\"name\":\"pcol2\",\"type\":\"string\"," + "\"comment\":\"\"}],\"parameters\":{},\"tableType\":\"\",\"rewriteEnabled\":0} sdHash: " + "qQTgZAi5VzgpozzFGmIVTQ stats:" + lsep, outStr.toString());
    List<List<String>> partVals = Arrays.asList(Arrays.asList("a", "b"), Arrays.asList("c", "d"));
    for (List<String> pv : partVals) {
        StorageDescriptor sd = new StorageDescriptor(Arrays.asList(new FieldSchema("col1", "int", ""), new FieldSchema("col2", "varchar(32)", "")), "/tmp", null, null, false, 0, null, null, null, Collections.<String, String>emptyMap());
        Partition p = new Partition(pv, "db0", "tab1", 0, 0, sd, Collections.<String, String>emptyMap());
        store.addPartition(p);
    }
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.PART_TABLE, "db0.tab1.a.b", null, conf, out, err);
    Assert.assertEquals("{\"values\":[\"a\",\"b\"],\"dbName\":\"db0\",\"tableName\":\"tab1\"," + "\"createTime\":0,\"lastAccessTime\":0,\"parameters\":{}} sdHash: " + "qQTgZAi5VzgpozzFGmIVTQ stats:" + lsep, outStr.toString());
    ColumnStatisticsDesc statsDesc = new ColumnStatisticsDesc(false, "db0", "tab1");
    statsDesc.setPartName("pcol1=c/pcol2=d");
    ColumnStatisticsData csd1 = new ColumnStatisticsData();
    LongColumnStatsData lcsd = new LongColumnStatsData(1, 2);
    lcsd.setLowValue(-95);
    lcsd.setHighValue(95);
    csd1.setLongStats(lcsd);
    ColumnStatisticsData csd2 = new ColumnStatisticsData();
    csd2.setStringStats(new StringColumnStatsData(97, 18.78, 29, 397));
    List<ColumnStatisticsObj> csos = Arrays.asList(new ColumnStatisticsObj("col1", "int", csd1), new ColumnStatisticsObj("col2", "varchar(32)", csd2));
    ColumnStatistics statsObj = new ColumnStatistics(statsDesc, csos);
    store.updatePartitionColumnStatistics(statsObj, partVals.get(1));
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.PART_TABLE, "db0.tab1.c.d", null, conf, out, err);
    Assert.assertEquals("{\"values\":[\"c\",\"d\"],\"dbName\":\"db0\",\"tableName\":\"tab1\"," + "\"createTime\":0,\"lastAccessTime\":0,\"parameters\":{\"COLUMN_STATS_ACCURATE\":\"{\\\"COLUMN_STATS\\\":{\\\"col1\\\":\\\"true\\\",\\\"col2\\\":\\\"true\\\"}}\"}} sdHash: qQTgZAi5VzgpozzFGmIVTQ " + "stats: column col1: {\"colName\":\"col1\",\"colType\":\"int\"," + "\"statsData\":{\"longStats\":{\"lowValue\":-95,\"highValue\":95,\"numNulls\":1," + "\"numDVs\":2,\"bitVectors\":\"\"}}} column col2: {\"colName\":\"col2\",\"colType\":\"varchar(32)\"," + "\"statsData\":{\"stringStats\":{\"maxColLen\":97,\"avgColLen\":18.78,\"numNulls\":29," + "\"numDVs\":397,\"bitVectors\":\"\"}}}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.PART_TABLE, null, "db0.tab1", conf, out, err);
    Assert.assertEquals("{\"values\":[\"a\",\"b\"],\"dbName\":\"db0\",\"tableName\":\"tab1\"," + "\"createTime\":0,\"lastAccessTime\":0,\"parameters\":{}} sdHash: qQTgZAi5VzgpozzFGmIVTQ " + "stats:" + lsep + "{\"values\":[\"c\",\"d\"],\"dbName\":\"db0\",\"tableName\":\"tab1\",\"createTime\":0," + "\"lastAccessTime\":0,\"parameters\":{\"COLUMN_STATS_ACCURATE\":\"{\\\"COLUMN_STATS\\\":{\\\"col1\\\":\\\"true\\\",\\\"col2\\\":\\\"true\\\"}}\"}} sdHash: qQTgZAi5VzgpozzFGmIVTQ stats: column " + "col1: {\"colName\":\"col1\",\"colType\":\"int\"," + "\"statsData\":{\"longStats\":{\"lowValue\":-95,\"highValue\":95,\"numNulls\":1," + "\"numDVs\":2,\"bitVectors\":\"\"}}} column col2: {\"colName\":\"col2\",\"colType\":\"varchar(32)\"," + "\"statsData\":{\"stringStats\":{\"maxColLen\":97,\"avgColLen\":18.78,\"numNulls\":29," + "\"numDVs\":397,\"bitVectors\":\"\"}}}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.PART_TABLE, null, "db0.tab1.a", conf, out, err);
    Assert.assertEquals("{\"values\":[\"a\",\"b\"],\"dbName\":\"db0\",\"tableName\":\"tab1\"," + "\"createTime\":0,\"lastAccessTime\":0,\"parameters\":{}} sdHash: qQTgZAi5VzgpozzFGmIVTQ " + "stats:" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.SD_TABLE, "qQTgZAi5VzgpozzFGmIVTQ", null, conf, out, err);
    Assert.assertEquals("{\"cols\":[{\"name\":\"col1\",\"type\":\"int\",\"comment\":\"\"}," + "{\"name\":\"col2\",\"type\":\"varchar(32)\",\"comment\":\"\"}],\"compressed\":0," + "\"numBuckets\":0,\"bucketCols\":[],\"sortCols\":[],\"storedAsSubDirectories\":0}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.SD_TABLE, null, "whatever", conf, out, err);
    Assert.assertEquals("qQTgZAi5VzgpozzFGmIVTQ: {\"cols\":[{\"name\":\"col1\",\"type\":\"int\"," + "\"comment\":\"\"}," + "{\"name\":\"col2\",\"type\":\"varchar(32)\",\"comment\":\"\"}],\"compressed\":0," + "\"numBuckets\":0,\"bucketCols\":[],\"sortCols\":[],\"storedAsSubDirectories\":0}" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.SECURITY_TABLE, null, "whatever", conf, out, err);
    Assert.assertEquals("No security related entries" + lsep, outStr.toString());
    store.addMasterKey("this be a key");
    store.addToken("tokenid", "delegation token");
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.SECURITY_TABLE, null, "whatever", conf, out, err);
    Assert.assertEquals("Master key 0: this be a key" + lsep + "Delegation token tokenid: delegation token" + lsep, outStr.toString());
    outStr = new ByteArrayOutputStream();
    out = new PrintStream(outStr);
    tool.go(false, HBaseReadWrite.SEQUENCES_TABLE, null, "whatever", conf, out, err);
    Assert.assertEquals("master_key: 1" + lsep, outStr.toString());
}
Also used : PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) FieldSchema(org.apache.hadoop.hive.metastore.api.FieldSchema) ArrayList(java.util.ArrayList) StorageDescriptor(org.apache.hadoop.hive.metastore.api.StorageDescriptor) Function(org.apache.hadoop.hive.metastore.api.Function) ColumnStatisticsObj(org.apache.hadoop.hive.metastore.api.ColumnStatisticsObj) ColumnStatisticsDesc(org.apache.hadoop.hive.metastore.api.ColumnStatisticsDesc) Database(org.apache.hadoop.hive.metastore.api.Database) ArrayList(java.util.ArrayList) List(java.util.List) ColumnStatistics(org.apache.hadoop.hive.metastore.api.ColumnStatistics) PrintStream(java.io.PrintStream) Partition(org.apache.hadoop.hive.metastore.api.Partition) Table(org.apache.hadoop.hive.metastore.api.Table) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) StringColumnStatsData(org.apache.hadoop.hive.metastore.api.StringColumnStatsData) ByteArrayOutputStream(java.io.ByteArrayOutputStream) LongColumnStatsData(org.apache.hadoop.hive.metastore.api.LongColumnStatsData) Role(org.apache.hadoop.hive.metastore.api.Role) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) ColumnStatisticsData(org.apache.hadoop.hive.metastore.api.ColumnStatisticsData) Test(org.junit.Test)

Example 33 with PrivilegeGrantInfo

use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.

the class TestHBaseStoreIntegration method doGrantRevoke.

private void doGrantRevoke(HiveObjectType objectType, String dbName, String tableName, String[] roleNames, String[] userNames) throws Exception {
    store.addRole(roleNames[0], "me");
    store.addRole(roleNames[1], "me");
    int now = (int) (System.currentTimeMillis() / 1000);
    Role role1 = store.getRole(roleNames[0]);
    Role role2 = store.getRole(roleNames[1]);
    store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
    store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
    store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
    List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
    HiveObjectRef hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
    HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("exec", now, "me", PrincipalType.USER, false);
    hop = new HiveObjectPrivilege(hiveObjRef, roleNames[1], PrincipalType.ROLE, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("create", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("create2", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    PrivilegeBag pBag = new PrivilegeBag(privileges);
    store.grantPrivileges(pBag);
    PrincipalPrivilegeSet pps = getPPS(objectType, dbName, tableName, userNames[0]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(1, pps.getUserPrivileges().get(userNames[0]).size());
    grantInfo = pps.getUserPrivileges().get(userNames[0]).get(0);
    Assert.assertEquals("read", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertFalse(grantInfo.isGrantOption());
    Assert.assertEquals(2, pps.getRolePrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
    grantInfo = pps.getRolePrivileges().get(roleNames[0]).get(0);
    Assert.assertEquals("write", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertTrue(grantInfo.isGrantOption());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[1]).size());
    grantInfo = pps.getRolePrivileges().get(roleNames[1]).get(0);
    Assert.assertEquals("exec", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertFalse(grantInfo.isGrantOption());
    pps = getPPS(objectType, dbName, tableName, userNames[1]);
    Assert.assertEquals(0, pps.getUserPrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[1]).size());
    grantInfo = pps.getRolePrivileges().get(roleNames[1]).get(0);
    Assert.assertEquals("exec", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertFalse(grantInfo.isGrantOption());
    pps = getPPS(objectType, dbName, tableName, userNames[2]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(2, pps.getUserPrivileges().get(userNames[2]).size());
    Assert.assertEquals(0, pps.getRolePrivilegesSize());
    pps = getPPS(objectType, dbName, tableName, userNames[3]);
    Assert.assertEquals(0, pps.getUserPrivilegesSize());
    Assert.assertEquals(0, pps.getRolePrivilegesSize());
    // Test that removing role removes the role grants
    store.removeRole(roleNames[1]);
    checkRoleRemovedFromAllPrivileges(objectType, dbName, tableName, roleNames[1]);
    pps = getPPS(objectType, dbName, tableName, userNames[0]);
    Assert.assertEquals(1, pps.getRolePrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
    pps = getPPS(objectType, dbName, tableName, userNames[1]);
    Assert.assertEquals(0, pps.getRolePrivilegesSize());
    // Test that revoking with grant option = true just removes grant option
    privileges.clear();
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
    privileges.add(hop);
    hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
    grantInfo = new PrivilegeGrantInfo("create2", now, "me", PrincipalType.USER, true);
    hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
    privileges.add(hop);
    pBag = new PrivilegeBag(privileges);
    store.revokePrivileges(pBag, true);
    pps = getPPS(objectType, dbName, tableName, userNames[0]);
    Assert.assertEquals(1, pps.getRolePrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
    grantInfo = pps.getRolePrivileges().get(roleNames[0]).get(0);
    Assert.assertEquals("write", grantInfo.getPrivilege());
    Assert.assertTrue(now <= grantInfo.getCreateTime());
    Assert.assertEquals("me", grantInfo.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
    Assert.assertFalse(grantInfo.isGrantOption());
    pps = getPPS(objectType, dbName, tableName, userNames[2]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(2, pps.getUserPrivileges().get(userNames[2]).size());
    for (PrivilegeGrantInfo pgi : pps.getUserPrivileges().get(userNames[2])) {
        if (pgi.getPrivilege().equals("create"))
            Assert.assertTrue(pgi.isGrantOption());
        else if (pgi.getPrivilege().equals("create2"))
            Assert.assertFalse(pgi.isGrantOption());
        else
            Assert.fail("huh?");
    }
    // Test revoking revokes
    store.revokePrivileges(pBag, false);
    pps = getPPS(objectType, dbName, tableName, userNames[0]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(1, pps.getRolePrivilegesSize());
    Assert.assertEquals(0, pps.getRolePrivileges().get(roleNames[0]).size());
    pps = getPPS(objectType, dbName, tableName, userNames[2]);
    Assert.assertEquals(1, pps.getUserPrivilegesSize());
    Assert.assertEquals(1, pps.getUserPrivileges().get(userNames[2]).size());
    Assert.assertEquals("create", pps.getUserPrivileges().get(userNames[2]).get(0).getPrivilege());
    Assert.assertEquals(0, pps.getRolePrivilegesSize());
}
Also used : Role(org.apache.hadoop.hive.metastore.api.Role) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) PrincipalPrivilegeSet(org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList)

Example 34 with PrivilegeGrantInfo

use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.

the class SQLAuthorizationUtils method getThriftPrivilegesBag.

/**
 * Create thrift privileges bag
 *
 * @param hivePrincipals
 * @param hivePrivileges
 * @param hivePrivObject
 * @param grantorPrincipal
 * @param grantOption
 * @return
 * @throws HiveAuthzPluginException
 */
static PrivilegeBag getThriftPrivilegesBag(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException {
    HiveObjectRef privObj = getThriftHiveObjectRef(hivePrivObject);
    PrivilegeBag privBag = new PrivilegeBag();
    for (HivePrivilege privilege : hivePrivileges) {
        if (privilege.getColumns() != null && privilege.getColumns().size() > 0) {
            throw new HiveAuthzPluginException("Privileges on columns not supported currently" + " in sql standard authorization mode");
        }
        if (!SUPPORTED_PRIVS_SET.contains(privilege.getName().toUpperCase(Locale.US))) {
            throw new HiveAuthzPluginException("Privilege: " + privilege.getName() + " is not supported in sql standard authorization mode");
        }
        PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege, grantorPrincipal, grantOption, 0);
        for (HivePrincipal principal : hivePrincipals) {
            HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), grantInfo);
            privBag.addToPrivileges(objPriv);
        }
    }
    return privBag;
}
Also used : PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)

Example 35 with PrivilegeGrantInfo

use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.

the class ObjectStore method getColumnPrivilege.

private List<PrivilegeGrantInfo> getColumnPrivilege(String dbName, String tableName, String columnName, String partitionName, String principalName, PrincipalType principalType) {
    tableName = normalizeIdentifier(tableName);
    dbName = normalizeIdentifier(dbName);
    columnName = normalizeIdentifier(columnName);
    if (partitionName == null) {
        List<MTableColumnPrivilege> userNameColumnPriv = this.listPrincipalMTableColumnGrants(principalName, principalType, dbName, tableName, columnName);
        if (CollectionUtils.isNotEmpty(userNameColumnPriv)) {
            List<PrivilegeGrantInfo> grantInfos = new ArrayList<>(userNameColumnPriv.size());
            for (int i = 0; i < userNameColumnPriv.size(); i++) {
                MTableColumnPrivilege item = userNameColumnPriv.get(i);
                grantInfos.add(new PrivilegeGrantInfo(item.getPrivilege(), item.getCreateTime(), item.getGrantor(), getPrincipalTypeFromStr(item.getGrantorType()), item.getGrantOption()));
            }
            return grantInfos;
        }
    } else {
        List<MPartitionColumnPrivilege> userNameColumnPriv = this.listPrincipalMPartitionColumnGrants(principalName, principalType, dbName, tableName, partitionName, columnName);
        if (CollectionUtils.isNotEmpty(userNameColumnPriv)) {
            List<PrivilegeGrantInfo> grantInfos = new ArrayList<>(userNameColumnPriv.size());
            for (int i = 0; i < userNameColumnPriv.size(); i++) {
                MPartitionColumnPrivilege item = userNameColumnPriv.get(i);
                grantInfos.add(new PrivilegeGrantInfo(item.getPrivilege(), item.getCreateTime(), item.getGrantor(), getPrincipalTypeFromStr(item.getGrantorType()), item.getGrantOption()));
            }
            return grantInfos;
        }
    }
    return new ArrayList<>(0);
}
Also used : PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) ArrayList(java.util.ArrayList) MPartitionColumnPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege) MTableColumnPrivilege(org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege) MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint) SQLUniqueConstraint(org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint) SQLCheckConstraint(org.apache.hadoop.hive.metastore.api.SQLCheckConstraint) SQLDefaultConstraint(org.apache.hadoop.hive.metastore.api.SQLDefaultConstraint) SQLNotNullConstraint(org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint)

Aggregations

PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)45 ArrayList (java.util.ArrayList)39 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)31 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)29 PrincipalPrivilegeSet (org.apache.hadoop.hive.metastore.api.PrincipalPrivilegeSet)13 IOException (java.io.IOException)12 List (java.util.List)12 SQLCheckConstraint (org.apache.hadoop.hive.metastore.api.SQLCheckConstraint)12 SQLDefaultConstraint (org.apache.hadoop.hive.metastore.api.SQLDefaultConstraint)12 SQLNotNullConstraint (org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint)12 SQLUniqueConstraint (org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint)12 MConstraint (org.apache.hadoop.hive.metastore.model.MConstraint)12 LinkedList (java.util.LinkedList)11 Database (org.apache.hadoop.hive.metastore.api.Database)8 PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)8 PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)7 HashMap (java.util.HashMap)6 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)6 Table (org.apache.hadoop.hive.metastore.api.Table)6 Role (org.apache.hadoop.hive.metastore.api.Role)5