use of org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc in project hive by apache.
the class TestHiveAuthorizationTaskFactory method testRevokeRoleRole.
/**
* REVOKE ROLE ... FROM ROLE ...
*/
@Test
public void testRevokeRoleRole() throws Exception {
DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE);
RevokeRoleDesc grantDesc = (RevokeRoleDesc) work.getDDLDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.ROLE, principal.getType());
Assert.assertEquals(ROLE, principal.getName());
}
}
use of org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc in project hive by apache.
the class TestHiveAuthorizationTaskFactory method testRevokeRoleUser.
/**
* REVOKE ROLE ... FROM USER ...
*/
@Test
public void testRevokeRoleUser() throws Exception {
DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM USER " + USER);
RevokeRoleDesc grantDesc = (RevokeRoleDesc) work.getDDLDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
}
use of org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc in project hive by apache.
the class HiveAuthorizationTaskFactoryImpl method analyzeGrantRevokeRole.
private Task<?> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, Set<ReadEntity> inputs, Set<WriteEntity> outputs) {
List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(0));
// check if admin option has been specified
int rolesStartPos = 1;
ASTNode wAdminOption = (ASTNode) ast.getChild(1);
boolean isAdmin = false;
if ((isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION) || (!isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_ADMIN_OPTION_FOR)) {
// start reading role names from next position
rolesStartPos = 2;
isAdmin = true;
}
List<String> roles = new ArrayList<String>();
for (int i = rolesStartPos; i < ast.getChildCount(); i++) {
roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()));
}
String roleOwnerName = SessionState.getUserFromAuthenticator();
if (isGrant) {
GrantRoleDesc grantRoleDesc = new GrantRoleDesc(roles, principalDesc, roleOwnerName, isAdmin);
return TaskFactory.get(new DDLWork(inputs, outputs, grantRoleDesc));
} else {
RevokeRoleDesc revokeRoleDesc = new RevokeRoleDesc(roles, principalDesc, roleOwnerName, isAdmin);
return TaskFactory.get(new DDLWork(inputs, outputs, revokeRoleDesc));
}
}
use of org.apache.hadoop.hive.ql.ddl.privilege.role.revoke.RevokeRoleDesc in project hive by apache.
the class TestHiveAuthorizationTaskFactory method testRevokeRoleGroup.
/**
* REVOKE ROLE ... FROM GROUP ...
*/
@Test
public void testRevokeRoleGroup() throws Exception {
DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP);
RevokeRoleDesc grantDesc = (RevokeRoleDesc) work.getDDLDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
Assert.assertEquals(currentUser, grantDesc.getGrantor());
for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
Assert.assertEquals(ROLE, role);
}
for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
}
Aggregations