Search in sources :

Example 1 with RevokeRoleDesc

use of org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testRevokeRoleRole.

/**
 * REVOKE ROLE ... FROM ROLE ...
 */
@Test
public void testRevokeRoleRole() throws Exception {
    DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE);
    RevokeRoleDesc grantDesc = (RevokeRoleDesc) work.getDDLDesc();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
    Assert.assertEquals(currentUser, grantDesc.getGrantor());
    for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
        Assert.assertEquals(ROLE, role);
    }
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.ROLE, principal.getType());
        Assert.assertEquals(ROLE, principal.getName());
    }
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.ddl.DDLWork) RevokeRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc) Test(org.junit.Test)

Example 2 with RevokeRoleDesc

use of org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testRevokeRoleUser.

/**
 * REVOKE ROLE ... FROM USER ...
 */
@Test
public void testRevokeRoleUser() throws Exception {
    DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM USER " + USER);
    RevokeRoleDesc grantDesc = (RevokeRoleDesc) work.getDDLDesc();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
    Assert.assertEquals(currentUser, grantDesc.getGrantor());
    for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
        Assert.assertEquals(ROLE, role);
    }
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.USER, principal.getType());
        Assert.assertEquals(USER, principal.getName());
    }
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.ddl.DDLWork) RevokeRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc) Test(org.junit.Test)

Example 3 with RevokeRoleDesc

use of org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc in project hive by apache.

the class HiveAuthorizationTaskFactoryImpl method analyzeGrantRevokeRole.

private Task<?> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, Set<ReadEntity> inputs, Set<WriteEntity> outputs) {
    List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(0));
    // check if admin option has been specified
    int rolesStartPos = 1;
    ASTNode wAdminOption = (ASTNode) ast.getChild(1);
    boolean isAdmin = false;
    if ((isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION) || (!isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_ADMIN_OPTION_FOR)) {
        // start reading role names from next position
        rolesStartPos = 2;
        isAdmin = true;
    }
    List<String> roles = new ArrayList<String>();
    for (int i = rolesStartPos; i < ast.getChildCount(); i++) {
        roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()));
    }
    String roleOwnerName = SessionState.getUserFromAuthenticator();
    if (isGrant) {
        GrantRoleDesc grantRoleDesc = new GrantRoleDesc(roles, principalDesc, roleOwnerName, isAdmin);
        return TaskFactory.get(new DDLWork(inputs, outputs, grantRoleDesc));
    } else {
        RevokeRoleDesc revokeRoleDesc = new RevokeRoleDesc(roles, principalDesc, roleOwnerName, isAdmin);
        return TaskFactory.get(new DDLWork(inputs, outputs, revokeRoleDesc));
    }
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.ddl.DDLWork) RevokeRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc) ASTNode(org.apache.hadoop.hive.ql.parse.ASTNode) ArrayList(java.util.ArrayList) GrantRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc)

Example 4 with RevokeRoleDesc

use of org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testRevokeRoleGroup.

/**
 * REVOKE ROLE ... FROM GROUP ...
 */
@Test
public void testRevokeRoleGroup() throws Exception {
    DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP);
    RevokeRoleDesc grantDesc = (RevokeRoleDesc) work.getDDLDesc();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
    Assert.assertEquals(currentUser, grantDesc.getGrantor());
    for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
        Assert.assertEquals(ROLE, role);
    }
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.GROUP, principal.getType());
        Assert.assertEquals(GROUP, principal.getName());
    }
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.ddl.DDLWork) RevokeRoleDesc(org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc) Test(org.junit.Test)

Aggregations

DDLWork (org.apache.hadoop.hive.ql.ddl.DDLWork)4 PrincipalDesc (org.apache.hadoop.hive.ql.ddl.privilege.PrincipalDesc)4 RevokeRoleDesc (org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc)4 Test (org.junit.Test)3 ArrayList (java.util.ArrayList)1 GrantRoleDesc (org.apache.hadoop.hive.ql.ddl.privilege.role.grant.GrantRoleDesc)1 ASTNode (org.apache.hadoop.hive.ql.parse.ASTNode)1