Example 1 with GrantRoleDesc
use of org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc in project hive by apache.
the class TestHiveAuthorizationTaskFactory method testGrantRoleGroup.
/**
* GRANT ROLE ... TO GROUP ...
*/
@Test
public void testGrantRoleGroup() throws Exception {
DDLWork work = analyze("GRANT ROLE " + ROLE + " TO GROUP " + GROUP);
GrantRoleDesc grantDesc = (GrantRoleDesc) work.getDDLDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
}
Also used :
PrincipalDesc(org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc)
DDLWork(org.apache.hadoop.hive.ql.ddl.DDLWork)
GrantRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc)
Test(org.junit.Test)
Example 2 with GrantRoleDesc
use of org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc in project hive by apache.
the class TestHiveAuthorizationTaskFactory method testGrantRoleUser.
/**
* GRANT ROLE ... TO USER ...
*/
@Test
public void testGrantRoleUser() throws Exception {
DDLWork work = analyze("GRANT ROLE " + ROLE + " TO USER " + USER);
GrantRoleDesc grantDesc = (GrantRoleDesc) work.getDDLDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
}
Also used :
PrincipalDesc(org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc)
DDLWork(org.apache.hadoop.hive.ql.ddl.DDLWork)
GrantRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc)
Test(org.junit.Test)
Example 3 with GrantRoleDesc
use of org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc in project hive by apache.
the class HiveAuthorizationTaskFactoryImpl method analyzeGrantRevokeRole.
private Task<?> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, Set<ReadEntity> inputs, Set<WriteEntity> outputs) {
List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(0));
// check if admin option has been specified
int rolesStartPos = 1;
ASTNode wAdminOption = (ASTNode) ast.getChild(1);
boolean isAdmin = false;
if ((isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION) || (!isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_ADMIN_OPTION_FOR)) {
// start reading role names from next position
rolesStartPos = 2;
isAdmin = true;
}
List<String> roles = new ArrayList<String>();
for (int i = rolesStartPos; i < ast.getChildCount(); i++) {
roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()));
}
String roleOwnerName = SessionState.getUserFromAuthenticator();
if (isGrant) {
GrantRoleDesc grantRoleDesc = new GrantRoleDesc(roles, principalDesc, roleOwnerName, isAdmin);
return TaskFactory.get(new DDLWork(inputs, outputs, grantRoleDesc));
} else {
RevokeRoleDesc revokeRoleDesc = new RevokeRoleDesc(roles, principalDesc, roleOwnerName, isAdmin);
return TaskFactory.get(new DDLWork(inputs, outputs, revokeRoleDesc));
}
}
Also used :
PrincipalDesc(org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc)
DDLWork(org.apache.hadoop.hive.ql.ddl.DDLWork)
RevokeRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc)
ASTNode(org.apache.hadoop.hive.ql.parse.ASTNode)
ArrayList(java.util.ArrayList)
GrantRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc)
Example 4 with GrantRoleDesc
use of org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc in project hive by apache.
the class TestHiveAuthorizationTaskFactory method testGrantRoleRole.
/**
* GRANT ROLE ... TO ROLE ...
*/
@Test
public void testGrantRoleRole() throws Exception {
DDLWork work = analyze("GRANT ROLE " + ROLE + " TO ROLE " + ROLE);
GrantRoleDesc grantDesc = (GrantRoleDesc) work.getDDLDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
}
Also used :
PrincipalDesc(org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc)
DDLWork(org.apache.hadoop.hive.ql.ddl.DDLWork)
GrantRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc)
Test(org.junit.Test)
Aggregations
DDLWork (org.apache.hadoop.hive.ql.ddl.DDLWork)4
PrincipalDesc (org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc)4
GrantRoleDesc (org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc)4
Test (org.junit.Test)3
ArrayList (java.util.ArrayList)1
RevokeRoleDesc (org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc)1
ASTNode (org.apache.hadoop.hive.ql.parse.ASTNode)1
