use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class TestHBaseStoreIntegration method listGlobalGrants.
@Test
public void listGlobalGrants() throws Exception {
String[] roleNames = new String[] { "lgg_role1", "lgg_role2" };
String[] userNames = new String[] { "merry", "pippen" };
store.addRole(roleNames[0], "me");
store.addRole(roleNames[1], "me");
int now = (int) (System.currentTimeMillis() / 1000);
Role role1 = store.getRole(roleNames[0]);
Role role2 = store.getRole(roleNames[1]);
store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
HiveObjectRef hiveObjRef = new HiveObjectRef(HiveObjectType.GLOBAL, null, null, null, null);
PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
privileges.add(hop);
grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
privileges.add(hop);
PrivilegeBag pBag = new PrivilegeBag(privileges);
store.grantPrivileges(pBag);
List<HiveObjectPrivilege> hops = store.listPrincipalGlobalGrants(roleNames[0], PrincipalType.ROLE);
Assert.assertEquals(1, hops.size());
Assert.assertEquals(PrincipalType.ROLE, hops.get(0).getPrincipalType());
Assert.assertEquals(HiveObjectType.GLOBAL, hops.get(0).getHiveObject().getObjectType());
Assert.assertEquals("write", hops.get(0).getGrantInfo().getPrivilege());
hops = store.listPrincipalGlobalGrants(userNames[0], PrincipalType.USER);
Assert.assertEquals(1, hops.size());
Assert.assertEquals(PrincipalType.USER, hops.get(0).getPrincipalType());
Assert.assertEquals(HiveObjectType.GLOBAL, hops.get(0).getHiveObject().getObjectType());
Assert.assertEquals("read", hops.get(0).getGrantInfo().getPrivilege());
hops = store.listPrincipalGlobalGrants(roleNames[1], PrincipalType.ROLE);
Assert.assertEquals(0, hops.size());
hops = store.listPrincipalGlobalGrants(userNames[1], PrincipalType.USER);
Assert.assertEquals(0, hops.size());
hops = store.listGlobalGrantsAll();
Assert.assertEquals(2, hops.size());
boolean sawUser = false, sawRole = false;
for (HiveObjectPrivilege h : hops) {
if (h.getPrincipalName().equals(userNames[0])) {
Assert.assertEquals(PrincipalType.USER, h.getPrincipalType());
Assert.assertEquals(HiveObjectType.GLOBAL, h.getHiveObject().getObjectType());
Assert.assertEquals("read", h.getGrantInfo().getPrivilege());
sawUser = true;
} else if (h.getPrincipalName().equals(roleNames[0])) {
Assert.assertEquals(PrincipalType.ROLE, h.getPrincipalType());
Assert.assertEquals(HiveObjectType.GLOBAL, h.getHiveObject().getObjectType());
Assert.assertEquals("write", h.getGrantInfo().getPrivilege());
sawRole = true;
}
}
Assert.assertTrue(sawUser && sawRole);
}
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class TestHBaseSchemaTool method oneMondoTest.
@Test
public void oneMondoTest() throws Exception {
// This is a pain to do in one big test, but we have to control the order so that we have tests
// without dbs, etc.
HBaseSchemaTool tool = new HBaseSchemaTool();
ByteArrayOutputStream outStr = new ByteArrayOutputStream();
PrintStream out = new PrintStream(outStr);
ByteArrayOutputStream errStr = new ByteArrayOutputStream();
PrintStream err = new PrintStream(errStr);
// This needs to be up front before we create any tables or partitions
tool.go(false, HBaseReadWrite.SD_TABLE, null, "whatever", conf, out, err);
Assert.assertEquals("No storage descriptors" + lsep, outStr.toString());
// This one needs to be up front too
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.SEQUENCES_TABLE, null, "whatever", conf, out, err);
Assert.assertEquals("No sequences" + lsep, outStr.toString());
// Create some databases
String[] dbNames = new String[3];
for (int i = 0; i < dbNames.length; i++) {
dbNames[i] = "db" + i;
Database db = new Database(dbNames[i], "no description", "file:///tmp", emptyParameters);
store.createDatabase(db);
}
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.DB_TABLE, "db0", null, conf, out, err);
Assert.assertEquals("{\"name\":\"db0\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.DB_TABLE, null, ".*", conf, out, err);
Assert.assertEquals("{\"name\":\"db0\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep + "{\"name\":\"db1\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep + "{\"name\":\"db2\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.DB_TABLE, null, "db[12]", conf, out, err);
Assert.assertEquals("{\"name\":\"db1\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep + "{\"name\":\"db2\",\"description\":\"no description\"," + "\"locationUri\":\"file:///tmp\",\"parameters\":{}}" + lsep, outStr.toString());
String[] roleNames = new String[2];
for (int i = 0; i < roleNames.length; i++) {
roleNames[i] = "role" + i;
store.addRole(roleNames[i], "me");
}
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.ROLE_TABLE, null, "role.", conf, out, err);
Assert.assertEquals("{\"roleName\":\"role0\",\"createTime\":now,\"ownerName\":\"me\"}" + lsep + "{\"roleName\":\"role1\",\"createTime\":now,\"ownerName\":\"me\"}" + lsep, outStr.toString().replaceAll("createTime\":[0-9]+", "createTime\":now"));
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.ROLE_TABLE, "role1", null, conf, out, err);
Assert.assertEquals("{\"roleName\":\"role1\",\"createTime\":now,\"ownerName\":\"me\"}" + lsep, outStr.toString().replaceAll("createTime\":[0-9]+", "createTime\":now"));
Role role1 = store.getRole("role1");
store.grantRole(role1, "fred", PrincipalType.USER, "me", PrincipalType.USER, false);
store.grantRole(role1, "joanne", PrincipalType.USER, "me", PrincipalType.USER, false);
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.USER_TO_ROLE_TABLE, null, ".*", conf, out, err);
Assert.assertEquals("fred: role1" + lsep + "joanne: role1" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.USER_TO_ROLE_TABLE, "joanne", null, conf, out, err);
Assert.assertEquals("role1" + lsep, outStr.toString());
String[] funcNames = new String[3];
for (int i = 0; i < funcNames.length; i++) {
funcNames[i] = "func" + i;
Function function = new Function(funcNames[i], "db1", "Function", "me", PrincipalType.USER, 0, FunctionType.JAVA, null);
store.createFunction(function);
}
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.FUNC_TABLE, "db1.func0", null, conf, out, err);
Assert.assertEquals("{\"functionName\":\"func0\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.FUNC_TABLE, null, ".*", conf, out, err);
Assert.assertEquals("{\"functionName\":\"func0\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep + "{\"functionName\":\"func1\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep + "{\"functionName\":\"func2\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.FUNC_TABLE, null, "db1.func[12]", conf, out, err);
Assert.assertEquals("{\"functionName\":\"func1\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep + "{\"functionName\":\"func2\",\"dbName\":\"db1\"," + "\"className\":\"Function\",\"ownerName\":\"me\",\"ownerType\":1,\"createTime\":0," + "\"functionType\":1}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.GLOBAL_PRIVS_TABLE, null, null, conf, out, err);
Assert.assertEquals("No global privileges" + lsep, outStr.toString());
List<HiveObjectPrivilege> privileges = new ArrayList<>();
HiveObjectRef hiveObjRef = new HiveObjectRef(HiveObjectType.GLOBAL, "db0", "tab0", null, null);
PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", 0, "me", PrincipalType.USER, false);
HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, "user", PrincipalType.USER, grantInfo);
privileges.add(hop);
grantInfo = new PrivilegeGrantInfo("create", 0, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, "user", PrincipalType.USER, grantInfo);
privileges.add(hop);
PrivilegeBag pBag = new PrivilegeBag(privileges);
store.grantPrivileges(pBag);
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.GLOBAL_PRIVS_TABLE, null, null, conf, out, err);
Assert.assertEquals("{\"userPrivileges\":{\"user\":[{\"privilege\":\"read\",\"createTime\":0," + "\"grantor\":\"me\",\"grantorType\":1,\"grantOption\":0},{\"privilege\":\"create\"," + "\"createTime\":0,\"grantor\":\"me\",\"grantorType\":1,\"grantOption\":1}]}}" + lsep, outStr.toString());
String[] tableNames = new String[3];
for (int i = 0; i < tableNames.length; i++) {
tableNames[i] = "tab" + i;
StorageDescriptor sd = new StorageDescriptor(Arrays.asList(new FieldSchema("col1", "int", ""), new FieldSchema("col2", "varchar(32)", "")), "/tmp", null, null, false, 0, null, null, null, Collections.<String, String>emptyMap());
Table tab = new Table(tableNames[i], dbNames[0], "me", 0, 0, 0, sd, Arrays.asList(new FieldSchema("pcol1", "string", ""), new FieldSchema("pcol2", "string", "")), Collections.<String, String>emptyMap(), null, null, null);
store.createTable(tab);
}
ColumnStatisticsDesc tableStatsDesc = new ColumnStatisticsDesc(false, "db0", "tab0");
ColumnStatisticsData tcsd = new ColumnStatisticsData();
LongColumnStatsData tlcsd = new LongColumnStatsData(1, 2);
tlcsd.setLowValue(-95);
tlcsd.setHighValue(95);
tcsd.setLongStats(tlcsd);
ColumnStatisticsData tcsd2 = new ColumnStatisticsData();
tcsd2.setStringStats(new StringColumnStatsData(97, 18.78, 29, 397));
List<ColumnStatisticsObj> tcsos = Arrays.asList(new ColumnStatisticsObj("col1", "int", tcsd), new ColumnStatisticsObj("col2", "varchar(32)", tcsd2));
ColumnStatistics tStatObj = new ColumnStatistics(tableStatsDesc, tcsos);
store.updateTableColumnStatistics(tStatObj);
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.TABLE_TABLE, "db0.tab1", null, conf, out, err);
Assert.assertEquals("{\"tableName\":\"tab1\",\"dbName\":\"db0\",\"owner\":\"me\"," + "\"createTime\":0,\"lastAccessTime\":0,\"retention\":0," + "\"partitionKeys\":[{\"name\":\"pcol1\",\"type\":\"string\",\"comment\":\"\"}," + "{\"name\":\"pcol2\",\"type\":\"string\",\"comment\":\"\"}],\"parameters\":{}," + "\"tableType\":\"\",\"rewriteEnabled\":0} sdHash: qQTgZAi5VzgpozzFGmIVTQ stats:" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.TABLE_TABLE, null, "db0.*", conf, out, err);
Assert.assertEquals("{\"tableName\":\"tab0\",\"dbName\":\"db0\",\"owner\":\"me\"," + "\"createTime\":0,\"lastAccessTime\":0,\"retention\":0," + "\"partitionKeys\":[{\"name\":\"pcol1\",\"type\":\"string\",\"comment\":\"\"}," + "{\"name\":\"pcol2\",\"type\":\"string\",\"comment\":\"\"}],\"parameters\":{\"COLUMN_STATS_ACCURATE\":\"{\\\"COLUMN_STATS\\\":{\\\"col1\\\":\\\"true\\\",\\\"col2\\\":\\\"true\\\"}}\"}," + "\"tableType\":\"\",\"rewriteEnabled\":0} sdHash: qQTgZAi5VzgpozzFGmIVTQ stats: column " + "col1: {\"colName\":\"col1\",\"colType\":\"int\"," + "\"statsData\":{\"longStats\":{\"lowValue\":-95,\"highValue\":95,\"numNulls\":1," + "\"numDVs\":2,\"bitVectors\":\"\"}}} column col2: {\"colName\":\"col2\",\"colType\":\"varchar(32)\"," + "\"statsData\":{\"stringStats\":{\"maxColLen\":97,\"avgColLen\":18.78," + "\"numNulls\":29,\"numDVs\":397,\"bitVectors\":\"\"}}}" + lsep + "{\"tableName\":\"tab1\",\"dbName\":\"db0\",\"owner\":\"me\",\"createTime\":0," + "\"lastAccessTime\":0,\"retention\":0,\"partitionKeys\":[{\"name\":\"pcol1\"," + "\"type\":\"string\",\"comment\":\"\"},{\"name\":\"pcol2\",\"type\":\"string\"," + "\"comment\":\"\"}],\"parameters\":{},\"tableType\":\"\",\"rewriteEnabled\":0} sdHash: " + "qQTgZAi5VzgpozzFGmIVTQ stats:" + lsep + "{\"tableName\":\"tab2\",\"dbName\":\"db0\",\"owner\":\"me\",\"createTime\":0," + "\"lastAccessTime\":0,\"retention\":0,\"partitionKeys\":[{\"name\":\"pcol1\"," + "\"type\":\"string\",\"comment\":\"\"},{\"name\":\"pcol2\",\"type\":\"string\"," + "\"comment\":\"\"}],\"parameters\":{},\"tableType\":\"\",\"rewriteEnabled\":0} sdHash: " + "qQTgZAi5VzgpozzFGmIVTQ stats:" + lsep, outStr.toString());
List<List<String>> partVals = Arrays.asList(Arrays.asList("a", "b"), Arrays.asList("c", "d"));
for (List<String> pv : partVals) {
StorageDescriptor sd = new StorageDescriptor(Arrays.asList(new FieldSchema("col1", "int", ""), new FieldSchema("col2", "varchar(32)", "")), "/tmp", null, null, false, 0, null, null, null, Collections.<String, String>emptyMap());
Partition p = new Partition(pv, "db0", "tab1", 0, 0, sd, Collections.<String, String>emptyMap());
store.addPartition(p);
}
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.PART_TABLE, "db0.tab1.a.b", null, conf, out, err);
Assert.assertEquals("{\"values\":[\"a\",\"b\"],\"dbName\":\"db0\",\"tableName\":\"tab1\"," + "\"createTime\":0,\"lastAccessTime\":0,\"parameters\":{}} sdHash: " + "qQTgZAi5VzgpozzFGmIVTQ stats:" + lsep, outStr.toString());
ColumnStatisticsDesc statsDesc = new ColumnStatisticsDesc(false, "db0", "tab1");
statsDesc.setPartName("pcol1=c/pcol2=d");
ColumnStatisticsData csd1 = new ColumnStatisticsData();
LongColumnStatsData lcsd = new LongColumnStatsData(1, 2);
lcsd.setLowValue(-95);
lcsd.setHighValue(95);
csd1.setLongStats(lcsd);
ColumnStatisticsData csd2 = new ColumnStatisticsData();
csd2.setStringStats(new StringColumnStatsData(97, 18.78, 29, 397));
List<ColumnStatisticsObj> csos = Arrays.asList(new ColumnStatisticsObj("col1", "int", csd1), new ColumnStatisticsObj("col2", "varchar(32)", csd2));
ColumnStatistics statsObj = new ColumnStatistics(statsDesc, csos);
store.updatePartitionColumnStatistics(statsObj, partVals.get(1));
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.PART_TABLE, "db0.tab1.c.d", null, conf, out, err);
Assert.assertEquals("{\"values\":[\"c\",\"d\"],\"dbName\":\"db0\",\"tableName\":\"tab1\"," + "\"createTime\":0,\"lastAccessTime\":0,\"parameters\":{\"COLUMN_STATS_ACCURATE\":\"{\\\"COLUMN_STATS\\\":{\\\"col1\\\":\\\"true\\\",\\\"col2\\\":\\\"true\\\"}}\"}} sdHash: qQTgZAi5VzgpozzFGmIVTQ " + "stats: column col1: {\"colName\":\"col1\",\"colType\":\"int\"," + "\"statsData\":{\"longStats\":{\"lowValue\":-95,\"highValue\":95,\"numNulls\":1," + "\"numDVs\":2,\"bitVectors\":\"\"}}} column col2: {\"colName\":\"col2\",\"colType\":\"varchar(32)\"," + "\"statsData\":{\"stringStats\":{\"maxColLen\":97,\"avgColLen\":18.78,\"numNulls\":29," + "\"numDVs\":397,\"bitVectors\":\"\"}}}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.PART_TABLE, null, "db0.tab1", conf, out, err);
Assert.assertEquals("{\"values\":[\"a\",\"b\"],\"dbName\":\"db0\",\"tableName\":\"tab1\"," + "\"createTime\":0,\"lastAccessTime\":0,\"parameters\":{}} sdHash: qQTgZAi5VzgpozzFGmIVTQ " + "stats:" + lsep + "{\"values\":[\"c\",\"d\"],\"dbName\":\"db0\",\"tableName\":\"tab1\",\"createTime\":0," + "\"lastAccessTime\":0,\"parameters\":{\"COLUMN_STATS_ACCURATE\":\"{\\\"COLUMN_STATS\\\":{\\\"col1\\\":\\\"true\\\",\\\"col2\\\":\\\"true\\\"}}\"}} sdHash: qQTgZAi5VzgpozzFGmIVTQ stats: column " + "col1: {\"colName\":\"col1\",\"colType\":\"int\"," + "\"statsData\":{\"longStats\":{\"lowValue\":-95,\"highValue\":95,\"numNulls\":1," + "\"numDVs\":2,\"bitVectors\":\"\"}}} column col2: {\"colName\":\"col2\",\"colType\":\"varchar(32)\"," + "\"statsData\":{\"stringStats\":{\"maxColLen\":97,\"avgColLen\":18.78,\"numNulls\":29," + "\"numDVs\":397,\"bitVectors\":\"\"}}}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.PART_TABLE, null, "db0.tab1.a", conf, out, err);
Assert.assertEquals("{\"values\":[\"a\",\"b\"],\"dbName\":\"db0\",\"tableName\":\"tab1\"," + "\"createTime\":0,\"lastAccessTime\":0,\"parameters\":{}} sdHash: qQTgZAi5VzgpozzFGmIVTQ " + "stats:" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.SD_TABLE, "qQTgZAi5VzgpozzFGmIVTQ", null, conf, out, err);
Assert.assertEquals("{\"cols\":[{\"name\":\"col1\",\"type\":\"int\",\"comment\":\"\"}," + "{\"name\":\"col2\",\"type\":\"varchar(32)\",\"comment\":\"\"}],\"compressed\":0," + "\"numBuckets\":0,\"bucketCols\":[],\"sortCols\":[],\"storedAsSubDirectories\":0}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.SD_TABLE, null, "whatever", conf, out, err);
Assert.assertEquals("qQTgZAi5VzgpozzFGmIVTQ: {\"cols\":[{\"name\":\"col1\",\"type\":\"int\"," + "\"comment\":\"\"}," + "{\"name\":\"col2\",\"type\":\"varchar(32)\",\"comment\":\"\"}],\"compressed\":0," + "\"numBuckets\":0,\"bucketCols\":[],\"sortCols\":[],\"storedAsSubDirectories\":0}" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.SECURITY_TABLE, null, "whatever", conf, out, err);
Assert.assertEquals("No security related entries" + lsep, outStr.toString());
store.addMasterKey("this be a key");
store.addToken("tokenid", "delegation token");
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.SECURITY_TABLE, null, "whatever", conf, out, err);
Assert.assertEquals("Master key 0: this be a key" + lsep + "Delegation token tokenid: delegation token" + lsep, outStr.toString());
outStr = new ByteArrayOutputStream();
out = new PrintStream(outStr);
tool.go(false, HBaseReadWrite.SEQUENCES_TABLE, null, "whatever", conf, out, err);
Assert.assertEquals("master_key: 1" + lsep, outStr.toString());
}
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class TestHBaseStoreIntegration method doGrantRevoke.
private void doGrantRevoke(HiveObjectType objectType, String dbName, String tableName, String[] roleNames, String[] userNames) throws Exception {
store.addRole(roleNames[0], "me");
store.addRole(roleNames[1], "me");
int now = (int) (System.currentTimeMillis() / 1000);
Role role1 = store.getRole(roleNames[0]);
Role role2 = store.getRole(roleNames[1]);
store.grantRole(role1, userNames[0], PrincipalType.USER, "bob", PrincipalType.USER, false);
store.grantRole(role1, roleNames[1], PrincipalType.ROLE, "admin", PrincipalType.ROLE, true);
store.grantRole(role2, userNames[1], PrincipalType.USER, "bob", PrincipalType.USER, false);
List<HiveObjectPrivilege> privileges = new ArrayList<HiveObjectPrivilege>();
HiveObjectRef hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
PrivilegeGrantInfo grantInfo = new PrivilegeGrantInfo("read", now, "me", PrincipalType.USER, false);
HiveObjectPrivilege hop = new HiveObjectPrivilege(hiveObjRef, userNames[0], PrincipalType.USER, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("exec", now, "me", PrincipalType.USER, false);
hop = new HiveObjectPrivilege(hiveObjRef, roleNames[1], PrincipalType.ROLE, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("create", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("create2", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
privileges.add(hop);
PrivilegeBag pBag = new PrivilegeBag(privileges);
store.grantPrivileges(pBag);
PrincipalPrivilegeSet pps = getPPS(objectType, dbName, tableName, userNames[0]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(1, pps.getUserPrivileges().get(userNames[0]).size());
grantInfo = pps.getUserPrivileges().get(userNames[0]).get(0);
Assert.assertEquals("read", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertFalse(grantInfo.isGrantOption());
Assert.assertEquals(2, pps.getRolePrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
grantInfo = pps.getRolePrivileges().get(roleNames[0]).get(0);
Assert.assertEquals("write", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertTrue(grantInfo.isGrantOption());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[1]).size());
grantInfo = pps.getRolePrivileges().get(roleNames[1]).get(0);
Assert.assertEquals("exec", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertFalse(grantInfo.isGrantOption());
pps = getPPS(objectType, dbName, tableName, userNames[1]);
Assert.assertEquals(0, pps.getUserPrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[1]).size());
grantInfo = pps.getRolePrivileges().get(roleNames[1]).get(0);
Assert.assertEquals("exec", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertFalse(grantInfo.isGrantOption());
pps = getPPS(objectType, dbName, tableName, userNames[2]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(2, pps.getUserPrivileges().get(userNames[2]).size());
Assert.assertEquals(0, pps.getRolePrivilegesSize());
pps = getPPS(objectType, dbName, tableName, userNames[3]);
Assert.assertEquals(0, pps.getUserPrivilegesSize());
Assert.assertEquals(0, pps.getRolePrivilegesSize());
// Test that removing role removes the role grants
store.removeRole(roleNames[1]);
checkRoleRemovedFromAllPrivileges(objectType, dbName, tableName, roleNames[1]);
pps = getPPS(objectType, dbName, tableName, userNames[0]);
Assert.assertEquals(1, pps.getRolePrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
pps = getPPS(objectType, dbName, tableName, userNames[1]);
Assert.assertEquals(0, pps.getRolePrivilegesSize());
// Test that revoking with grant option = true just removes grant option
privileges.clear();
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("write", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, roleNames[0], PrincipalType.ROLE, grantInfo);
privileges.add(hop);
hiveObjRef = new HiveObjectRef(objectType, dbName, tableName, null, null);
grantInfo = new PrivilegeGrantInfo("create2", now, "me", PrincipalType.USER, true);
hop = new HiveObjectPrivilege(hiveObjRef, userNames[2], PrincipalType.USER, grantInfo);
privileges.add(hop);
pBag = new PrivilegeBag(privileges);
store.revokePrivileges(pBag, true);
pps = getPPS(objectType, dbName, tableName, userNames[0]);
Assert.assertEquals(1, pps.getRolePrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivileges().get(roleNames[0]).size());
grantInfo = pps.getRolePrivileges().get(roleNames[0]).get(0);
Assert.assertEquals("write", grantInfo.getPrivilege());
Assert.assertTrue(now <= grantInfo.getCreateTime());
Assert.assertEquals("me", grantInfo.getGrantor());
Assert.assertEquals(PrincipalType.USER, grantInfo.getGrantorType());
Assert.assertFalse(grantInfo.isGrantOption());
pps = getPPS(objectType, dbName, tableName, userNames[2]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(2, pps.getUserPrivileges().get(userNames[2]).size());
for (PrivilegeGrantInfo pgi : pps.getUserPrivileges().get(userNames[2])) {
if (pgi.getPrivilege().equals("create"))
Assert.assertTrue(pgi.isGrantOption());
else if (pgi.getPrivilege().equals("create2"))
Assert.assertFalse(pgi.isGrantOption());
else
Assert.fail("huh?");
}
// Test revoking revokes
store.revokePrivileges(pBag, false);
pps = getPPS(objectType, dbName, tableName, userNames[0]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(1, pps.getRolePrivilegesSize());
Assert.assertEquals(0, pps.getRolePrivileges().get(roleNames[0]).size());
pps = getPPS(objectType, dbName, tableName, userNames[2]);
Assert.assertEquals(1, pps.getUserPrivilegesSize());
Assert.assertEquals(1, pps.getUserPrivileges().get(userNames[2]).size());
Assert.assertEquals("create", pps.getUserPrivileges().get(userNames[2]).get(0).getPrivilege());
Assert.assertEquals(0, pps.getRolePrivilegesSize());
}
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class SQLAuthorizationUtils method getThriftPrivilegesBag.
/**
* Create thrift privileges bag
*
* @param hivePrincipals
* @param hivePrivileges
* @param hivePrivObject
* @param grantorPrincipal
* @param grantOption
* @return
* @throws HiveAuthzPluginException
*/
static PrivilegeBag getThriftPrivilegesBag(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException {
HiveObjectRef privObj = getThriftHiveObjectRef(hivePrivObject);
PrivilegeBag privBag = new PrivilegeBag();
for (HivePrivilege privilege : hivePrivileges) {
if (privilege.getColumns() != null && privilege.getColumns().size() > 0) {
throw new HiveAuthzPluginException("Privileges on columns not supported currently" + " in sql standard authorization mode");
}
if (!SUPPORTED_PRIVS_SET.contains(privilege.getName().toUpperCase(Locale.US))) {
throw new HiveAuthzPluginException("Privilege: " + privilege.getName() + " is not supported in sql standard authorization mode");
}
PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege, grantorPrincipal, grantOption, 0);
for (HivePrincipal principal : hivePrincipals) {
HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), grantInfo);
privBag.addToPrivileges(objPriv);
}
}
return privBag;
}
use of org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo in project hive by apache.
the class ObjectStore method getColumnPrivilege.
private List<PrivilegeGrantInfo> getColumnPrivilege(String dbName, String tableName, String columnName, String partitionName, String principalName, PrincipalType principalType) {
tableName = normalizeIdentifier(tableName);
dbName = normalizeIdentifier(dbName);
columnName = normalizeIdentifier(columnName);
if (partitionName == null) {
List<MTableColumnPrivilege> userNameColumnPriv = this.listPrincipalMTableColumnGrants(principalName, principalType, dbName, tableName, columnName);
if (CollectionUtils.isNotEmpty(userNameColumnPriv)) {
List<PrivilegeGrantInfo> grantInfos = new ArrayList<>(userNameColumnPriv.size());
for (int i = 0; i < userNameColumnPriv.size(); i++) {
MTableColumnPrivilege item = userNameColumnPriv.get(i);
grantInfos.add(new PrivilegeGrantInfo(item.getPrivilege(), item.getCreateTime(), item.getGrantor(), getPrincipalTypeFromStr(item.getGrantorType()), item.getGrantOption()));
}
return grantInfos;
}
} else {
List<MPartitionColumnPrivilege> userNameColumnPriv = this.listPrincipalMPartitionColumnGrants(principalName, principalType, dbName, tableName, partitionName, columnName);
if (CollectionUtils.isNotEmpty(userNameColumnPriv)) {
List<PrivilegeGrantInfo> grantInfos = new ArrayList<>(userNameColumnPriv.size());
for (int i = 0; i < userNameColumnPriv.size(); i++) {
MPartitionColumnPrivilege item = userNameColumnPriv.get(i);
grantInfos.add(new PrivilegeGrantInfo(item.getPrivilege(), item.getCreateTime(), item.getGrantor(), getPrincipalTypeFromStr(item.getGrantorType()), item.getGrantOption()));
}
return grantInfos;
}
}
return new ArrayList<>(0);
}
Aggregations