Example 6 with MDCPrivilege
use of org.apache.hadoop.hive.metastore.model.MDCPrivilege in project hive by apache.
the class ObjectStore method dropDataConnector.
@Override
public boolean dropDataConnector(String dcname) throws NoSuchObjectException, MetaException {
boolean success = false;
LOG.info("Dropping dataconnector {} ", dcname);
dcname = normalizeIdentifier(dcname);
try {
openTransaction();
// then drop the dataconnector
MDataConnector mdb = getMDataConnector(dcname);
pm.retrieve(mdb);
List<MDCPrivilege> dcGrants = this.listDataConnectorGrants(dcname, null);
if (CollectionUtils.isNotEmpty(dcGrants)) {
pm.deletePersistentAll(dcGrants);
}
pm.deletePersistent(mdb);
success = commitTransaction();
} catch (Exception e) {
throw new MetaException(e.getMessage() + " " + org.apache.hadoop.hive.metastore.utils.StringUtils.stringifyException(e));
} finally {
rollbackAndCleanup(success, null);
}
return success;
}
Also used :
MDataConnector(org.apache.hadoop.hive.metastore.model.MDataConnector)
MDCPrivilege(org.apache.hadoop.hive.metastore.model.MDCPrivilege)
AlreadyExistsException(org.apache.hadoop.hive.metastore.api.AlreadyExistsException)
InvalidInputException(org.apache.hadoop.hive.metastore.api.InvalidInputException)
InvalidOperationException(org.apache.hadoop.hive.metastore.api.InvalidOperationException)
SQLIntegrityConstraintViolationException(java.sql.SQLIntegrityConstraintViolationException)
IOException(java.io.IOException)
NoSuchObjectException(org.apache.hadoop.hive.metastore.api.NoSuchObjectException)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
InvalidPartitionException(org.apache.hadoop.hive.metastore.api.InvalidPartitionException)
UnknownPartitionException(org.apache.hadoop.hive.metastore.api.UnknownPartitionException)
InvalidObjectException(org.apache.hadoop.hive.metastore.api.InvalidObjectException)
JDOException(javax.jdo.JDOException)
MissingTableException(org.datanucleus.store.rdbms.exceptions.MissingTableException)
SQLException(java.sql.SQLException)
UnknownDBException(org.apache.hadoop.hive.metastore.api.UnknownDBException)
TException(org.apache.thrift.TException)
JDODataStoreException(javax.jdo.JDODataStoreException)
JDOObjectNotFoundException(javax.jdo.JDOObjectNotFoundException)
UnknownTableException(org.apache.hadoop.hive.metastore.api.UnknownTableException)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
Example 7 with MDCPrivilege
use of org.apache.hadoop.hive.metastore.model.MDCPrivilege in project hive by apache.
the class ObjectStore method grantPrivileges.
@Override
public boolean grantPrivileges(PrivilegeBag privileges) throws InvalidObjectException, MetaException, NoSuchObjectException {
boolean committed = false;
int now = (int) (System.currentTimeMillis() / 1000);
try {
openTransaction();
List<Object> persistentObjs = new ArrayList<>();
List<HiveObjectPrivilege> privilegeList = privileges.getPrivileges();
if (CollectionUtils.isNotEmpty(privilegeList)) {
Iterator<HiveObjectPrivilege> privIter = privilegeList.iterator();
Set<String> privSet = new HashSet<>();
while (privIter.hasNext()) {
HiveObjectPrivilege privDef = privIter.next();
HiveObjectRef hiveObject = privDef.getHiveObject();
String privilegeStr = privDef.getGrantInfo().getPrivilege();
String[] privs = privilegeStr.split(",");
String userName = privDef.getPrincipalName();
String authorizer = privDef.getAuthorizer();
PrincipalType principalType = privDef.getPrincipalType();
String grantor = privDef.getGrantInfo().getGrantor();
String grantorType = privDef.getGrantInfo().getGrantorType().toString();
boolean grantOption = privDef.getGrantInfo().isGrantOption();
privSet.clear();
if (principalType == PrincipalType.ROLE) {
validateRole(userName);
}
String catName = hiveObject.isSetCatName() ? hiveObject.getCatName() : getDefaultCatalog(conf);
if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) {
List<MGlobalPrivilege> globalPrivs = this.listPrincipalMGlobalGrants(userName, principalType, authorizer);
for (MGlobalPrivilege priv : globalPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
privSet.add(priv.getPrivilege());
}
}
for (String privilege : privs) {
if (privSet.contains(privilege)) {
throw new InvalidObjectException(privilege + " is already granted by " + grantor);
}
MGlobalPrivilege mGlobalPrivs = new MGlobalPrivilege(userName, principalType.toString(), privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mGlobalPrivs);
}
} else if (hiveObject.getObjectType() == HiveObjectType.DATABASE) {
MDatabase dbObj = getMDatabase(catName, hiveObject.getDbName());
List<MDBPrivilege> dbPrivs = this.listPrincipalMDBGrants(userName, principalType, catName, hiveObject.getDbName(), authorizer);
for (MDBPrivilege priv : dbPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
privSet.add(priv.getPrivilege());
}
}
for (String privilege : privs) {
if (privSet.contains(privilege)) {
throw new InvalidObjectException(privilege + " is already granted on database " + hiveObject.getDbName() + " by " + grantor);
}
MDBPrivilege mDb = new MDBPrivilege(userName, principalType.toString(), dbObj, privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mDb);
}
} else if (hiveObject.getObjectType() == HiveObjectType.DATACONNECTOR) {
MDataConnector dcObj = getMDataConnector(hiveObject.getObjectName());
List<MDCPrivilege> dcPrivs = this.listPrincipalMDCGrants(userName, principalType, hiveObject.getObjectName(), authorizer);
for (MDCPrivilege priv : dcPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
privSet.add(priv.getPrivilege());
}
}
for (String privilege : privs) {
if (privSet.contains(privilege)) {
throw new InvalidObjectException(privilege + " is already granted on data connector " + hiveObject.getDbName() + " by " + grantor);
}
MDCPrivilege mDc = new MDCPrivilege(userName, principalType.toString(), dcObj, privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mDc);
}
} else if (hiveObject.getObjectType() == HiveObjectType.TABLE) {
MTable tblObj = getMTable(catName, hiveObject.getDbName(), hiveObject.getObjectName());
if (tblObj != null) {
List<MTablePrivilege> tablePrivs = this.listAllMTableGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject.getObjectName(), authorizer);
for (MTablePrivilege priv : tablePrivs) {
if (priv.getGrantor() != null && priv.getGrantor().equalsIgnoreCase(grantor)) {
privSet.add(priv.getPrivilege());
}
}
for (String privilege : privs) {
if (privSet.contains(privilege)) {
throw new InvalidObjectException(privilege + " is already granted on table [" + hiveObject.getDbName() + "," + hiveObject.getObjectName() + "] by " + grantor);
}
MTablePrivilege mTab = new MTablePrivilege(userName, principalType.toString(), tblObj, privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mTab);
}
}
} else if (hiveObject.getObjectType() == HiveObjectType.PARTITION) {
MPartition partObj = this.getMPartition(catName, hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getPartValues(), null);
String partName = null;
if (partObj != null) {
partName = partObj.getPartitionName();
List<MPartitionPrivilege> partPrivs = this.listPrincipalMPartitionGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject.getObjectName(), partObj.getPartitionName(), authorizer);
for (MPartitionPrivilege priv : partPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
privSet.add(priv.getPrivilege());
}
}
for (String privilege : privs) {
if (privSet.contains(privilege)) {
throw new InvalidObjectException(privilege + " is already granted on partition [" + hiveObject.getDbName() + "," + hiveObject.getObjectName() + "," + partName + "] by " + grantor);
}
MPartitionPrivilege mTab = new MPartitionPrivilege(userName, principalType.toString(), partObj, privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mTab);
}
}
} else if (hiveObject.getObjectType() == HiveObjectType.COLUMN) {
MTable tblObj = getMTable(catName, hiveObject.getDbName(), hiveObject.getObjectName());
if (tblObj != null) {
if (hiveObject.getPartValues() != null) {
MPartition partObj = null;
List<MPartitionColumnPrivilege> colPrivs = null;
partObj = this.getMPartition(catName, hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getPartValues(), tblObj);
if (partObj == null) {
continue;
}
colPrivs = this.listPrincipalMPartitionColumnGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject.getObjectName(), partObj.getPartitionName(), hiveObject.getColumnName(), authorizer);
for (MPartitionColumnPrivilege priv : colPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
privSet.add(priv.getPrivilege());
}
}
for (String privilege : privs) {
if (privSet.contains(privilege)) {
throw new InvalidObjectException(privilege + " is already granted on column " + hiveObject.getColumnName() + " [" + hiveObject.getDbName() + "," + hiveObject.getObjectName() + "," + partObj.getPartitionName() + "] by " + grantor);
}
MPartitionColumnPrivilege mCol = new MPartitionColumnPrivilege(userName, principalType.toString(), partObj, hiveObject.getColumnName(), privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mCol);
}
} else {
List<MTableColumnPrivilege> colPrivs = null;
colPrivs = this.listPrincipalMTableColumnGrants(userName, principalType, catName, hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getColumnName(), authorizer);
for (MTableColumnPrivilege priv : colPrivs) {
if (priv.getGrantor().equalsIgnoreCase(grantor)) {
privSet.add(priv.getPrivilege());
}
}
for (String privilege : privs) {
if (privSet.contains(privilege)) {
throw new InvalidObjectException(privilege + " is already granted on column " + hiveObject.getColumnName() + " [" + hiveObject.getDbName() + "," + hiveObject.getObjectName() + "] by " + grantor);
}
MTableColumnPrivilege mCol = new MTableColumnPrivilege(userName, principalType.toString(), tblObj, hiveObject.getColumnName(), privilege, now, grantor, grantorType, grantOption, authorizer);
persistentObjs.add(mCol);
}
}
}
}
}
}
if (CollectionUtils.isNotEmpty(persistentObjs)) {
pm.makePersistentAll(persistentObjs);
}
committed = commitTransaction();
} finally {
if (!committed) {
rollbackTransaction();
}
}
return committed;
}
Also used :
MDataConnector(org.apache.hadoop.hive.metastore.model.MDataConnector)
ArrayList(java.util.ArrayList)
MPartitionColumnPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege)
MDCPrivilege(org.apache.hadoop.hive.metastore.model.MDCPrivilege)
InvalidObjectException(org.apache.hadoop.hive.metastore.api.InvalidObjectException)
ValidWriteIdList(org.apache.hadoop.hive.common.ValidWriteIdList)
ReplicationMetricList(org.apache.hadoop.hive.metastore.api.ReplicationMetricList)
LinkedList(java.util.LinkedList)
MStringList(org.apache.hadoop.hive.metastore.model.MStringList)
ArrayList(java.util.ArrayList)
ValidReaderWriteIdList(org.apache.hadoop.hive.common.ValidReaderWriteIdList)
List(java.util.List)
MTableColumnPrivilege(org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege)
HashSet(java.util.HashSet)
MPartition(org.apache.hadoop.hive.metastore.model.MPartition)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
MDBPrivilege(org.apache.hadoop.hive.metastore.model.MDBPrivilege)
MGlobalPrivilege(org.apache.hadoop.hive.metastore.model.MGlobalPrivilege)
MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint)
SQLUniqueConstraint(org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint)
SQLCheckConstraint(org.apache.hadoop.hive.metastore.api.SQLCheckConstraint)
SQLDefaultConstraint(org.apache.hadoop.hive.metastore.api.SQLDefaultConstraint)
SQLNotNullConstraint(org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint)
MDatabase(org.apache.hadoop.hive.metastore.model.MDatabase)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
MTable(org.apache.hadoop.hive.metastore.model.MTable)
MPartitionPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionPrivilege)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)
Example 8 with MDCPrivilege
use of org.apache.hadoop.hive.metastore.model.MDCPrivilege in project hive by apache.
the class ObjectStore method listPrincipalAllDCGrant.
private List<MDCPrivilege> listPrincipalAllDCGrant(String principalName, PrincipalType principalType) throws Exception {
final List<MDCPrivilege> mSecurityDCList;
LOG.debug("Executing listPrincipalAllDCGrant");
Preconditions.checkState(this.currentTransaction.isActive());
if (principalName != null && principalType != null) {
try (Query query = pm.newQuery(MDCPrivilege.class, "principalName == t1 && principalType == t2")) {
query.declareParameters("java.lang.String t1, java.lang.String t2");
mSecurityDCList = (List<MDCPrivilege>) query.execute(principalName, principalType.toString());
pm.retrieveAll(mSecurityDCList);
LOG.debug("Done retrieving all objects for listPrincipalAllDCGrant: {}", mSecurityDCList);
return Collections.unmodifiableList(new ArrayList<>(mSecurityDCList));
}
} else {
try (Query query = pm.newQuery(MDCPrivilege.class)) {
mSecurityDCList = (List<MDCPrivilege>) query.execute();
pm.retrieveAll(mSecurityDCList);
LOG.debug("Done retrieving all objects for listPrincipalAllDCGrant: {}", mSecurityDCList);
return Collections.unmodifiableList(new ArrayList<>(mSecurityDCList));
}
}
}
Also used :
ScheduledQuery(org.apache.hadoop.hive.metastore.api.ScheduledQuery)
Query(javax.jdo.Query)
MScheduledQuery(org.apache.hadoop.hive.metastore.model.MScheduledQuery)
MDCPrivilege(org.apache.hadoop.hive.metastore.model.MDCPrivilege)
Example 9 with MDCPrivilege
use of org.apache.hadoop.hive.metastore.model.MDCPrivilege in project hive by apache.
the class ObjectStore method getConnectorPrivilege.
private List<PrivilegeGrantInfo> getConnectorPrivilege(String catName, String connectorName, String principalName, PrincipalType principalType) {
// normalize string name
catName = normalizeIdentifier(catName);
connectorName = normalizeIdentifier(connectorName);
if (principalName != null) {
// get all data connector granted privilege
List<MDCPrivilege> userNameDcPriv = this.listPrincipalMDCGrants(principalName, principalType, catName, connectorName);
// populate and return grantInfos
if (CollectionUtils.isNotEmpty(userNameDcPriv)) {
List<PrivilegeGrantInfo> grantInfos = new ArrayList<>(userNameDcPriv.size());
for (int i = 0; i < userNameDcPriv.size(); i++) {
MDCPrivilege item = userNameDcPriv.get(i);
grantInfos.add(new PrivilegeGrantInfo(item.getPrivilege(), item.getCreateTime(), item.getGrantor(), getPrincipalTypeFromStr(item.getGrantorType()), item.getGrantOption()));
}
return grantInfos;
}
}
// return empty list if no principalName
return Collections.emptyList();
}
Also used :
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
MDCPrivilege(org.apache.hadoop.hive.metastore.model.MDCPrivilege)
ArrayList(java.util.ArrayList)
MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint)
SQLUniqueConstraint(org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint)
SQLCheckConstraint(org.apache.hadoop.hive.metastore.api.SQLCheckConstraint)
SQLDefaultConstraint(org.apache.hadoop.hive.metastore.api.SQLDefaultConstraint)
SQLNotNullConstraint(org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint)
Example 10 with MDCPrivilege
use of org.apache.hadoop.hive.metastore.model.MDCPrivilege in project hive by apache.
the class ObjectStore method convertDC.
private List<HiveObjectPrivilege> convertDC(List<MDCPrivilege> privs) {
List<HiveObjectPrivilege> result = new ArrayList<>();
for (MDCPrivilege priv : privs) {
String pname = priv.getPrincipalName();
String authorizer = priv.getAuthorizer();
PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
String dataConnectorName = priv.getDataConnector().getName();
HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.DATACONNECTOR, null, dataConnectorName, null, null);
PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor, authorizer));
}
return result;
}
Also used :
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
MDCPrivilege(org.apache.hadoop.hive.metastore.model.MDCPrivilege)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
ArrayList(java.util.ArrayList)
PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)
Aggregations
MDCPrivilege (org.apache.hadoop.hive.metastore.model.MDCPrivilege)10
ArrayList (java.util.ArrayList)6
HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)4
HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)4
InvalidObjectException (org.apache.hadoop.hive.metastore.api.InvalidObjectException)4
Query (javax.jdo.Query)3
MetaException (org.apache.hadoop.hive.metastore.api.MetaException)3
PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)3
PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)3
SQLCheckConstraint (org.apache.hadoop.hive.metastore.api.SQLCheckConstraint)3
SQLDefaultConstraint (org.apache.hadoop.hive.metastore.api.SQLDefaultConstraint)3
SQLNotNullConstraint (org.apache.hadoop.hive.metastore.api.SQLNotNullConstraint)3
SQLUniqueConstraint (org.apache.hadoop.hive.metastore.api.SQLUniqueConstraint)3
ScheduledQuery (org.apache.hadoop.hive.metastore.api.ScheduledQuery)3
MConstraint (org.apache.hadoop.hive.metastore.model.MConstraint)3
MDBPrivilege (org.apache.hadoop.hive.metastore.model.MDBPrivilege)3
MDataConnector (org.apache.hadoop.hive.metastore.model.MDataConnector)3
MGlobalPrivilege (org.apache.hadoop.hive.metastore.model.MGlobalPrivilege)3
MPartitionColumnPrivilege (org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege)3
MPartitionPrivilege (org.apache.hadoop.hive.metastore.model.MPartitionPrivilege)3
