Examples with PrincipalDesc org.apache.hadoop.hive.ql.plan.PrincipalDesc used on opensource projects

Example 6 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testGrantGroupTable.

/**
   * GRANT ... ON TABLE ... TO GROUP ...
   */
@Test
public void testGrantGroupTable() throws Exception {
    DDLWork work = analyze("GRANT " + SELECT + " ON TABLE " + TABLE + " TO GROUP " + GROUP);
    GrantDesc grantDesc = work.getGrantDesc();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.GROUP, principal.getType());
        Assert.assertEquals(GROUP, principal.getName());
    }
    for (PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
        Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
    }
    Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
    Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject());
}

Example 7 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testGrantRoleGroup.

/**
   * GRANT ROLE ... TO GROUP ...
   */
@Test
public void testGrantRoleGroup() throws Exception {
    DDLWork work = analyze("GRANT ROLE " + ROLE + " TO GROUP " + GROUP);
    GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    Assert.assertTrue("Expected grant ", grantDesc.getGrant());
    Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
    Assert.assertEquals(currentUser, grantDesc.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
    for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
        Assert.assertEquals(ROLE, role);
    }
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.GROUP, principal.getType());
        Assert.assertEquals(GROUP, principal.getName());
    }
}

Example 8 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testRevokeRoleTable.

/**
   * REVOKE ... ON TABLE ... FROM ROLE ...
   */
@Test
public void testRevokeRoleTable() throws Exception {
    DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM ROLE " + ROLE);
    RevokeDesc grantDesc = work.getRevokeDesc();
    Assert.assertNotNull("Revoke should not be null", grantDesc);
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.ROLE, principal.getType());
        Assert.assertEquals(ROLE, principal.getName());
    }
    for (PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
        Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
    }
    Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
    Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject());
}

Example 9 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testRevokeRoleRole.

/**
   * REVOKE ROLE ... FROM ROLE ...
   */
@Test
public void testRevokeRoleRole() throws Exception {
    DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM ROLE " + ROLE);
    GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
    Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
    Assert.assertEquals(currentUser, grantDesc.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
    for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
        Assert.assertEquals(ROLE, role);
    }
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.ROLE, principal.getType());
        Assert.assertEquals(ROLE, principal.getName());
    }
}

Example 10 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class DDLSemanticAnalyzer method analyzeAlterDatabaseOwner.

private void analyzeAlterDatabaseOwner(ASTNode ast) throws SemanticException {
    String dbName = getUnescapedName((ASTNode) ast.getChild(0));
    PrincipalDesc principalDesc = AuthorizationParseUtils.getPrincipalDesc((ASTNode) ast.getChild(1));
    // The syntax should not allow these fields to be null, but lets verify
    String nullCmdMsg = "can't be null in alter database set owner command";
    if (principalDesc.getName() == null) {
        throw new SemanticException("Owner name " + nullCmdMsg);
    }
    if (principalDesc.getType() == null) {
        throw new SemanticException("Owner type " + nullCmdMsg);
    }
    AlterDatabaseDesc alterDesc = new AlterDatabaseDesc(dbName, principalDesc);
    addAlterDbDesc(alterDesc);
}