Example 1 with RolePrincipalGrant
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.
the class HBaseStore method listRolesWithGrants.
@Override
public List<RolePrincipalGrant> listRolesWithGrants(String principalName, PrincipalType principalType) {
boolean commit = false;
openTransaction();
try {
List<Role> roles = listRoles(principalName, principalType);
List<RolePrincipalGrant> rpgs = new ArrayList<RolePrincipalGrant>(roles.size());
for (Role role : roles) {
HbaseMetastoreProto.RoleGrantInfoList grants = getHBase().getRolePrincipals(role.getRoleName());
if (grants != null) {
for (HbaseMetastoreProto.RoleGrantInfo grant : grants.getGrantInfoList()) {
if (grant.getPrincipalType() == HBaseUtils.convertPrincipalTypes(principalType) && grant.getPrincipalName().equals(principalName)) {
rpgs.add(new RolePrincipalGrant(role.getRoleName(), principalName, principalType, grant.getGrantOption(), (int) grant.getAddTime(), grant.getGrantor(), HBaseUtils.convertPrincipalTypes(grant.getGrantorType())));
}
}
}
}
commit = true;
return rpgs;
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
commitOrRoleBack(commit);
}
}
Also used :
Role(org.apache.hadoop.hive.metastore.api.Role)
RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)
ArrayList(java.util.ArrayList)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
InvalidInputException(org.apache.hadoop.hive.metastore.api.InvalidInputException)
InvalidPartitionException(org.apache.hadoop.hive.metastore.api.InvalidPartitionException)
UnknownDBException(org.apache.hadoop.hive.metastore.api.UnknownDBException)
UnknownTableException(org.apache.hadoop.hive.metastore.api.UnknownTableException)
TException(org.apache.thrift.TException)
UnknownPartitionException(org.apache.hadoop.hive.metastore.api.UnknownPartitionException)
IOException(java.io.IOException)
InvalidObjectException(org.apache.hadoop.hive.metastore.api.InvalidObjectException)
NoSuchObjectException(org.apache.hadoop.hive.metastore.api.NoSuchObjectException)
Example 2 with RolePrincipalGrant
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project presto by prestodb.
the class ThriftHiveMetastoreClient method revokeRole.
@Override
public void revokeRole(String role, String granteeName, PrincipalType granteeType, boolean grantOption) throws TException {
List<RolePrincipalGrant> grants = listRoleGrants(granteeName, granteeType);
RolePrincipalGrant currentGrant = null;
for (RolePrincipalGrant grant : grants) {
if (grant.getRoleName().equals(role)) {
currentGrant = grant;
break;
}
}
if (currentGrant == null) {
return;
}
if (!currentGrant.isGrantOption() && grantOption) {
return;
}
removeGrant(role, granteeName, granteeType, grantOption);
}
Also used :
RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)
Example 3 with RolePrincipalGrant
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.
the class SQLStdHiveAccessController method getHiveRoleGrants.
public static List<HiveRoleGrant> getHiveRoleGrants(IMetaStoreClient client, String roleName) throws Exception {
GetPrincipalsInRoleRequest request = new GetPrincipalsInRoleRequest(roleName);
GetPrincipalsInRoleResponse princGrantInfo = client.get_principals_in_role(request);
List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>();
for (RolePrincipalGrant thriftRoleGrant : princGrantInfo.getPrincipalGrants()) {
hiveRoleGrants.add(new HiveRoleGrant(thriftRoleGrant));
}
return hiveRoleGrants;
}
Also used :
RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
ArrayList(java.util.ArrayList)
GetPrincipalsInRoleResponse(org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleResponse)
GetPrincipalsInRoleRequest(org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleRequest)
Example 4 with RolePrincipalGrant
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.
the class SQLStdHiveAccessController method getAllRoleAncestors.
/**
* Add role names of parentRoles and its parents to processedRolesMap
*
* @param processedRolesMap
* @param roleGrants
* @throws TException
* @throws HiveAuthzPluginException
* @throws MetaException
*/
private void getAllRoleAncestors(Map<String, HiveRoleGrant> processedRolesMap, List<RolePrincipalGrant> roleGrants) throws MetaException, HiveAuthzPluginException, TException {
for (RolePrincipalGrant parentRoleGrant : roleGrants) {
String parentRoleName = parentRoleGrant.getRoleName();
if (processedRolesMap.get(parentRoleName) == null) {
// unprocessed role: get its parents, add it to processed, and call this
// function recursively
List<RolePrincipalGrant> nextParentRoles = getRoleGrants(parentRoleName, PrincipalType.ROLE);
processedRolesMap.put(parentRoleName, new HiveRoleGrant(parentRoleGrant));
getAllRoleAncestors(processedRolesMap, nextParentRoles);
}
}
}
Also used :
RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
Example 5 with RolePrincipalGrant
use of org.apache.hadoop.hive.metastore.api.RolePrincipalGrant in project hive by apache.
the class SQLStdHiveAccessController method getRoleGrantInfoForPrincipal.
@Override
public List<HiveRoleGrant> getRoleGrantInfoForPrincipal(HivePrincipal principal) throws HiveAuthzPluginException, HiveAccessControlException {
try {
// first authorize the call
if (!isUserAdmin()) {
ensureShowGrantAllowed(principal);
}
List<RolePrincipalGrant> roleGrants = getRoleGrants(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()));
List<HiveRoleGrant> hiveRoleGrants = new ArrayList<HiveRoleGrant>(roleGrants.size());
for (RolePrincipalGrant roleGrant : roleGrants) {
hiveRoleGrants.add(new HiveRoleGrant(roleGrant));
}
return hiveRoleGrants;
} catch (Exception e) {
throw SQLAuthorizationUtils.getPluginException("Error getting role grant information for user " + principal.getName(), e);
}
}
Also used :
RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
ArrayList(java.util.ArrayList)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
TException(org.apache.thrift.TException)
Aggregations
RolePrincipalGrant (org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)13
ArrayList (java.util.ArrayList)8
MetaException (org.apache.hadoop.hive.metastore.api.MetaException)4
HiveRoleGrant (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)4
TException (org.apache.thrift.TException)4
IOException (java.io.IOException)2
InvalidInputException (org.apache.hadoop.hive.metastore.api.InvalidInputException)2
InvalidObjectException (org.apache.hadoop.hive.metastore.api.InvalidObjectException)2
InvalidPartitionException (org.apache.hadoop.hive.metastore.api.InvalidPartitionException)2
NoSuchObjectException (org.apache.hadoop.hive.metastore.api.NoSuchObjectException)2
Role (org.apache.hadoop.hive.metastore.api.Role)2
UnknownDBException (org.apache.hadoop.hive.metastore.api.UnknownDBException)2
UnknownPartitionException (org.apache.hadoop.hive.metastore.api.UnknownPartitionException)2
UnknownTableException (org.apache.hadoop.hive.metastore.api.UnknownTableException)2
MRoleMap (org.apache.hadoop.hive.metastore.model.MRoleMap)2
HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)2
HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)2
HashMap (java.util.HashMap)1
GetPrincipalsInRoleRequest (org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleRequest)1
GetPrincipalsInRoleResponse (org.apache.hadoop.hive.metastore.api.GetPrincipalsInRoleResponse)1
