use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class SQLStdHiveAccessController method createRole.
@Override
public void createRole(String roleName, HivePrincipal adminGrantor) throws HiveAuthzPluginException, HiveAccessControlException {
// only user belonging to admin role can create new roles.
if (!isUserAdmin()) {
throw new HiveAccessControlException("Current user : " + currentUserName + " is not" + " allowed to add roles. " + ADMIN_ONLY_MSG);
}
if (RESERVED_ROLE_NAMES.contains(roleName.trim().toUpperCase())) {
throw new HiveAuthzPluginException("Role name cannot be one of the reserved roles: " + RESERVED_ROLE_NAMES);
}
try {
String grantorName = adminGrantor == null ? null : adminGrantor.getName();
metastoreClientFactory.getHiveMetastoreClient().create_role(new Role(roleName, 0, grantorName));
} catch (TException e) {
throw SQLAuthorizationUtils.getPluginException("Error create role", e);
}
}
use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class HiveV1Authorizer method getCurrentRoleNames.
@Override
public List<String> getCurrentRoleNames() throws HiveAuthzPluginException {
String userName = SessionState.get().getUserName();
if (userName == null) {
userName = SessionState.getUserFromAuthenticator();
}
if (userName == null) {
throw new HiveAuthzPluginException("Cannot resolve current user name");
}
try {
Hive hive = Hive.getWithFastCheck(this.conf);
List<String> roleNames = new ArrayList<String>();
for (Role role : hive.listRoles(userName, PrincipalType.USER)) {
roleNames.add(role.getRoleName());
}
return roleNames;
} catch (HiveException e) {
throw new HiveAuthzPluginException(e);
}
}
use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class TestHBaseStore method dropRole.
@Test
public void dropRole() throws Exception {
String roleName = "anotherrole";
store.addRole(roleName, "me");
Role role = store.getRole(roleName);
Assert.assertNotNull(role);
store.removeRole(roleName);
thrown.expect(NoSuchObjectException.class);
store.getRole(roleName);
}
use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class TestHBaseStore method createRole.
@Test
public void createRole() throws Exception {
int now = (int) System.currentTimeMillis() / 1000;
String roleName = "myrole";
store.addRole(roleName, "me");
Role r = store.getRole(roleName);
Assert.assertEquals(roleName, r.getRoleName());
Assert.assertEquals("me", r.getOwnerName());
Assert.assertTrue(now <= r.getCreateTime());
}
use of org.apache.hadoop.hive.metastore.api.Role in project hive by apache.
the class HBaseStore method listRolesWithGrants.
@Override
public List<RolePrincipalGrant> listRolesWithGrants(String principalName, PrincipalType principalType) {
boolean commit = false;
openTransaction();
try {
List<Role> roles = listRoles(principalName, principalType);
List<RolePrincipalGrant> rpgs = new ArrayList<RolePrincipalGrant>(roles.size());
for (Role role : roles) {
HbaseMetastoreProto.RoleGrantInfoList grants = getHBase().getRolePrincipals(role.getRoleName());
if (grants != null) {
for (HbaseMetastoreProto.RoleGrantInfo grant : grants.getGrantInfoList()) {
if (grant.getPrincipalType() == HBaseUtils.convertPrincipalTypes(principalType) && grant.getPrincipalName().equals(principalName)) {
rpgs.add(new RolePrincipalGrant(role.getRoleName(), principalName, principalType, grant.getGrantOption(), (int) grant.getAddTime(), grant.getGrantor(), HBaseUtils.convertPrincipalTypes(grant.getGrantorType())));
}
}
}
}
commit = true;
return rpgs;
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
commitOrRoleBack(commit);
}
}
Aggregations