Search in sources :

Example 6 with MTablePrivilege

use of org.apache.hadoop.hive.metastore.model.MTablePrivilege in project hive by apache.

the class ObjectStore method putPersistentPrivObjects.

/**
   * Convert PrivilegeGrantInfo from privMap to MTablePrivilege, and add all of
   * them to the toPersistPrivObjs. These privilege objects will be persisted as
   * part of createTable.
   *
   * @param mtbl
   * @param toPersistPrivObjs
   * @param now
   * @param privMap
   * @param type
   */
private void putPersistentPrivObjects(MTable mtbl, List<Object> toPersistPrivObjs, int now, Map<String, List<PrivilegeGrantInfo>> privMap, PrincipalType type) {
    if (privMap != null) {
        for (Map.Entry<String, List<PrivilegeGrantInfo>> entry : privMap.entrySet()) {
            String principalName = entry.getKey();
            List<PrivilegeGrantInfo> privs = entry.getValue();
            for (int i = 0; i < privs.size(); i++) {
                PrivilegeGrantInfo priv = privs.get(i);
                if (priv == null) {
                    continue;
                }
                MTablePrivilege mTblSec = new MTablePrivilege(principalName, type.toString(), mtbl, priv.getPrivilege(), now, priv.getGrantor(), priv.getGrantorType().toString(), priv.isGrantOption());
                toPersistPrivObjs.add(mTblSec);
            }
        }
    }
}
Also used : PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) MStringList(org.apache.hadoop.hive.metastore.model.MStringList) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) Map(java.util.Map) MRoleMap(org.apache.hadoop.hive.metastore.model.MRoleMap) HashMap(java.util.HashMap) MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint) MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)

Example 7 with MTablePrivilege

use of org.apache.hadoop.hive.metastore.model.MTablePrivilege in project hive by apache.

the class ObjectStore method addPartitions.

@Override
public boolean addPartitions(String dbName, String tblName, PartitionSpecProxy partitionSpec, boolean ifNotExists) throws InvalidObjectException, MetaException {
    boolean success = false;
    openTransaction();
    try {
        List<MTablePrivilege> tabGrants = null;
        List<MTableColumnPrivilege> tabColumnGrants = null;
        MTable table = this.getMTable(dbName, tblName);
        if ("TRUE".equalsIgnoreCase(table.getParameters().get("PARTITION_LEVEL_PRIVILEGE"))) {
            tabGrants = this.listAllTableGrants(dbName, tblName);
            tabColumnGrants = this.listTableAllColumnGrants(dbName, tblName);
        }
        if (!partitionSpec.getTableName().equals(tblName) || !partitionSpec.getDbName().equals(dbName)) {
            throw new MetaException("Partition does not belong to target table " + dbName + "." + tblName + ": " + partitionSpec);
        }
        PartitionSpecProxy.PartitionIterator iterator = partitionSpec.getPartitionIterator();
        int now = (int) (System.currentTimeMillis() / 1000);
        while (iterator.hasNext()) {
            Partition part = iterator.next();
            if (isValidPartition(part, ifNotExists)) {
                MPartition mpart = convertToMPart(part, true);
                pm.makePersistent(mpart);
                if (tabGrants != null) {
                    for (MTablePrivilege tab : tabGrants) {
                        pm.makePersistent(new MPartitionPrivilege(tab.getPrincipalName(), tab.getPrincipalType(), mpart, tab.getPrivilege(), now, tab.getGrantor(), tab.getGrantorType(), tab.getGrantOption()));
                    }
                }
                if (tabColumnGrants != null) {
                    for (MTableColumnPrivilege col : tabColumnGrants) {
                        pm.makePersistent(new MPartitionColumnPrivilege(col.getPrincipalName(), col.getPrincipalType(), mpart, col.getColumnName(), col.getPrivilege(), now, col.getGrantor(), col.getGrantorType(), col.getGrantOption()));
                    }
                }
            }
        }
        success = commitTransaction();
    } finally {
        if (!success) {
            rollbackTransaction();
        }
    }
    return success;
}
Also used : MPartition(org.apache.hadoop.hive.metastore.model.MPartition) Partition(org.apache.hadoop.hive.metastore.api.Partition) MPartitionColumnPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege) MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint) MTable(org.apache.hadoop.hive.metastore.model.MTable) MPartitionPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionPrivilege) PartitionSpecProxy(org.apache.hadoop.hive.metastore.partition.spec.PartitionSpecProxy) MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege) MTableColumnPrivilege(org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) MPartition(org.apache.hadoop.hive.metastore.model.MPartition)

Example 8 with MTablePrivilege

use of org.apache.hadoop.hive.metastore.model.MTablePrivilege in project hive by apache.

the class ObjectStore method convertTable.

private List<HiveObjectPrivilege> convertTable(List<MTablePrivilege> privs) {
    List<HiveObjectPrivilege> result = new ArrayList<HiveObjectPrivilege>();
    for (MTablePrivilege priv : privs) {
        String pname = priv.getPrincipalName();
        PrincipalType ptype = PrincipalType.valueOf(priv.getPrincipalType());
        String table = priv.getTable().getTableName();
        String database = priv.getTable().getDatabase().getName();
        HiveObjectRef objectRef = new HiveObjectRef(HiveObjectType.TABLE, database, table, null, null);
        PrivilegeGrantInfo grantor = new PrivilegeGrantInfo(priv.getPrivilege(), priv.getCreateTime(), priv.getGrantor(), PrincipalType.valueOf(priv.getGrantorType()), priv.getGrantOption());
        result.add(new HiveObjectPrivilege(objectRef, pname, ptype, grantor));
    }
    return result;
}
Also used : HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType) MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)

Example 9 with MTablePrivilege

use of org.apache.hadoop.hive.metastore.model.MTablePrivilege in project hive by apache.

the class ObjectStore method grantPrivileges.

@Override
public boolean grantPrivileges(PrivilegeBag privileges) throws InvalidObjectException, MetaException, NoSuchObjectException {
    boolean committed = false;
    int now = (int) (System.currentTimeMillis() / 1000);
    try {
        openTransaction();
        List<Object> persistentObjs = new ArrayList<Object>();
        List<HiveObjectPrivilege> privilegeList = privileges.getPrivileges();
        if (privilegeList != null && privilegeList.size() > 0) {
            Iterator<HiveObjectPrivilege> privIter = privilegeList.iterator();
            Set<String> privSet = new HashSet<String>();
            while (privIter.hasNext()) {
                HiveObjectPrivilege privDef = privIter.next();
                HiveObjectRef hiveObject = privDef.getHiveObject();
                String privilegeStr = privDef.getGrantInfo().getPrivilege();
                String[] privs = privilegeStr.split(",");
                String userName = privDef.getPrincipalName();
                PrincipalType principalType = privDef.getPrincipalType();
                String grantor = privDef.getGrantInfo().getGrantor();
                String grantorType = privDef.getGrantInfo().getGrantorType().toString();
                boolean grantOption = privDef.getGrantInfo().isGrantOption();
                privSet.clear();
                if (principalType == PrincipalType.ROLE) {
                    validateRole(userName);
                }
                if (hiveObject.getObjectType() == HiveObjectType.GLOBAL) {
                    List<MGlobalPrivilege> globalPrivs = this.listPrincipalMGlobalGrants(userName, principalType);
                    if (globalPrivs != null) {
                        for (MGlobalPrivilege priv : globalPrivs) {
                            if (priv.getGrantor().equalsIgnoreCase(grantor)) {
                                privSet.add(priv.getPrivilege());
                            }
                        }
                    }
                    for (String privilege : privs) {
                        if (privSet.contains(privilege)) {
                            throw new InvalidObjectException(privilege + " is already granted by " + grantor);
                        }
                        MGlobalPrivilege mGlobalPrivs = new MGlobalPrivilege(userName, principalType.toString(), privilege, now, grantor, grantorType, grantOption);
                        persistentObjs.add(mGlobalPrivs);
                    }
                } else if (hiveObject.getObjectType() == HiveObjectType.DATABASE) {
                    MDatabase dbObj = getMDatabase(hiveObject.getDbName());
                    if (dbObj != null) {
                        List<MDBPrivilege> dbPrivs = this.listPrincipalMDBGrants(userName, principalType, hiveObject.getDbName());
                        if (dbPrivs != null) {
                            for (MDBPrivilege priv : dbPrivs) {
                                if (priv.getGrantor().equalsIgnoreCase(grantor)) {
                                    privSet.add(priv.getPrivilege());
                                }
                            }
                        }
                        for (String privilege : privs) {
                            if (privSet.contains(privilege)) {
                                throw new InvalidObjectException(privilege + " is already granted on database " + hiveObject.getDbName() + " by " + grantor);
                            }
                            MDBPrivilege mDb = new MDBPrivilege(userName, principalType.toString(), dbObj, privilege, now, grantor, grantorType, grantOption);
                            persistentObjs.add(mDb);
                        }
                    }
                } else if (hiveObject.getObjectType() == HiveObjectType.TABLE) {
                    MTable tblObj = getMTable(hiveObject.getDbName(), hiveObject.getObjectName());
                    if (tblObj != null) {
                        List<MTablePrivilege> tablePrivs = this.listAllMTableGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName());
                        if (tablePrivs != null) {
                            for (MTablePrivilege priv : tablePrivs) {
                                if (priv.getGrantor() != null && priv.getGrantor().equalsIgnoreCase(grantor)) {
                                    privSet.add(priv.getPrivilege());
                                }
                            }
                        }
                        for (String privilege : privs) {
                            if (privSet.contains(privilege)) {
                                throw new InvalidObjectException(privilege + " is already granted on table [" + hiveObject.getDbName() + "," + hiveObject.getObjectName() + "] by " + grantor);
                            }
                            MTablePrivilege mTab = new MTablePrivilege(userName, principalType.toString(), tblObj, privilege, now, grantor, grantorType, grantOption);
                            persistentObjs.add(mTab);
                        }
                    }
                } else if (hiveObject.getObjectType() == HiveObjectType.PARTITION) {
                    MPartition partObj = this.getMPartition(hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getPartValues());
                    String partName = null;
                    if (partObj != null) {
                        partName = partObj.getPartitionName();
                        List<MPartitionPrivilege> partPrivs = this.listPrincipalMPartitionGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName(), partObj.getPartitionName());
                        if (partPrivs != null) {
                            for (MPartitionPrivilege priv : partPrivs) {
                                if (priv.getGrantor().equalsIgnoreCase(grantor)) {
                                    privSet.add(priv.getPrivilege());
                                }
                            }
                        }
                        for (String privilege : privs) {
                            if (privSet.contains(privilege)) {
                                throw new InvalidObjectException(privilege + " is already granted on partition [" + hiveObject.getDbName() + "," + hiveObject.getObjectName() + "," + partName + "] by " + grantor);
                            }
                            MPartitionPrivilege mTab = new MPartitionPrivilege(userName, principalType.toString(), partObj, privilege, now, grantor, grantorType, grantOption);
                            persistentObjs.add(mTab);
                        }
                    }
                } else if (hiveObject.getObjectType() == HiveObjectType.COLUMN) {
                    MTable tblObj = getMTable(hiveObject.getDbName(), hiveObject.getObjectName());
                    if (tblObj != null) {
                        if (hiveObject.getPartValues() != null) {
                            MPartition partObj = null;
                            List<MPartitionColumnPrivilege> colPrivs = null;
                            partObj = this.getMPartition(hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getPartValues());
                            if (partObj == null) {
                                continue;
                            }
                            colPrivs = this.listPrincipalMPartitionColumnGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName(), partObj.getPartitionName(), hiveObject.getColumnName());
                            if (colPrivs != null) {
                                for (MPartitionColumnPrivilege priv : colPrivs) {
                                    if (priv.getGrantor().equalsIgnoreCase(grantor)) {
                                        privSet.add(priv.getPrivilege());
                                    }
                                }
                            }
                            for (String privilege : privs) {
                                if (privSet.contains(privilege)) {
                                    throw new InvalidObjectException(privilege + " is already granted on column " + hiveObject.getColumnName() + " [" + hiveObject.getDbName() + "," + hiveObject.getObjectName() + "," + partObj.getPartitionName() + "] by " + grantor);
                                }
                                MPartitionColumnPrivilege mCol = new MPartitionColumnPrivilege(userName, principalType.toString(), partObj, hiveObject.getColumnName(), privilege, now, grantor, grantorType, grantOption);
                                persistentObjs.add(mCol);
                            }
                        } else {
                            List<MTableColumnPrivilege> colPrivs = null;
                            colPrivs = this.listPrincipalMTableColumnGrants(userName, principalType, hiveObject.getDbName(), hiveObject.getObjectName(), hiveObject.getColumnName());
                            if (colPrivs != null) {
                                for (MTableColumnPrivilege priv : colPrivs) {
                                    if (priv.getGrantor().equalsIgnoreCase(grantor)) {
                                        privSet.add(priv.getPrivilege());
                                    }
                                }
                            }
                            for (String privilege : privs) {
                                if (privSet.contains(privilege)) {
                                    throw new InvalidObjectException(privilege + " is already granted on column " + hiveObject.getColumnName() + " [" + hiveObject.getDbName() + "," + hiveObject.getObjectName() + "] by " + grantor);
                                }
                                MTableColumnPrivilege mCol = new MTableColumnPrivilege(userName, principalType.toString(), tblObj, hiveObject.getColumnName(), privilege, now, grantor, grantorType, grantOption);
                                persistentObjs.add(mCol);
                            }
                        }
                    }
                }
            }
        }
        if (persistentObjs.size() > 0) {
            pm.makePersistentAll(persistentObjs);
        }
        committed = commitTransaction();
    } finally {
        if (!committed) {
            rollbackTransaction();
        }
    }
    return committed;
}
Also used : ArrayList(java.util.ArrayList) MPartitionColumnPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege) InvalidObjectException(org.apache.hadoop.hive.metastore.api.InvalidObjectException) MStringList(org.apache.hadoop.hive.metastore.model.MStringList) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) MTableColumnPrivilege(org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege) HashSet(java.util.HashSet) MPartition(org.apache.hadoop.hive.metastore.model.MPartition) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) MDBPrivilege(org.apache.hadoop.hive.metastore.model.MDBPrivilege) MGlobalPrivilege(org.apache.hadoop.hive.metastore.model.MGlobalPrivilege) MConstraint(org.apache.hadoop.hive.metastore.model.MConstraint) MDatabase(org.apache.hadoop.hive.metastore.model.MDatabase) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) MTable(org.apache.hadoop.hive.metastore.model.MTable) MPartitionPrivilege(org.apache.hadoop.hive.metastore.model.MPartitionPrivilege) PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType) MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)

Example 10 with MTablePrivilege

use of org.apache.hadoop.hive.metastore.model.MTablePrivilege in project hive by apache.

the class ObjectStore method listAllTableGrants.

@SuppressWarnings("unchecked")
public List<MTablePrivilege> listAllTableGrants(String dbName, String tableName) {
    boolean success = false;
    Query query = null;
    tableName = HiveStringUtils.normalizeIdentifier(tableName);
    dbName = HiveStringUtils.normalizeIdentifier(dbName);
    List<MTablePrivilege> mSecurityTabList = new ArrayList<MTablePrivilege>();
    tableName = HiveStringUtils.normalizeIdentifier(tableName);
    dbName = HiveStringUtils.normalizeIdentifier(dbName);
    try {
        LOG.debug("Executing listAllTableGrants");
        openTransaction();
        String queryStr = "table.tableName == t1 && table.database.name == t2";
        query = pm.newQuery(MTablePrivilege.class, queryStr);
        query.declareParameters("java.lang.String t1, java.lang.String t2");
        List<MTablePrivilege> mPrivs = (List<MTablePrivilege>) query.executeWithArray(tableName, dbName);
        LOG.debug("Done executing query for listAllTableGrants");
        pm.retrieveAll(mPrivs);
        success = commitTransaction();
        mSecurityTabList.addAll(mPrivs);
        LOG.debug("Done retrieving all objects for listAllTableGrants");
    } finally {
        if (!success) {
            rollbackTransaction();
        }
        if (query != null) {
            query.closeAll();
        }
    }
    return mSecurityTabList;
}
Also used : Query(javax.jdo.Query) ArrayList(java.util.ArrayList) MStringList(org.apache.hadoop.hive.metastore.model.MStringList) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList) MTablePrivilege(org.apache.hadoop.hive.metastore.model.MTablePrivilege)

Aggregations

MTablePrivilege (org.apache.hadoop.hive.metastore.model.MTablePrivilege)16 ArrayList (java.util.ArrayList)11 MConstraint (org.apache.hadoop.hive.metastore.model.MConstraint)8 MPartitionColumnPrivilege (org.apache.hadoop.hive.metastore.model.MPartitionColumnPrivilege)7 MPartitionPrivilege (org.apache.hadoop.hive.metastore.model.MPartitionPrivilege)7 MTableColumnPrivilege (org.apache.hadoop.hive.metastore.model.MTableColumnPrivilege)7 LinkedList (java.util.LinkedList)6 List (java.util.List)6 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)6 MStringList (org.apache.hadoop.hive.metastore.model.MStringList)6 MTable (org.apache.hadoop.hive.metastore.model.MTable)6 Query (javax.jdo.Query)5 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)4 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)4 MPartition (org.apache.hadoop.hive.metastore.model.MPartition)4 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)3 PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)3 MDBPrivilege (org.apache.hadoop.hive.metastore.model.MDBPrivilege)3 MGlobalPrivilege (org.apache.hadoop.hive.metastore.model.MGlobalPrivilege)3 InvalidObjectException (org.apache.hadoop.hive.metastore.api.InvalidObjectException)2