Search in sources :

Example 16 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class HiveAuthorizationTaskFactoryImpl method createGrantTask.

@Override
public Task<? extends Serializable> createGrantTask(ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
    List<PrivilegeDesc> privilegeDesc = analyzePrivilegeListDef((ASTNode) ast.getChild(0));
    List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(1));
    boolean grantOption = false;
    PrivilegeObjectDesc privilegeObj = null;
    if (ast.getChildCount() > 2) {
        for (int i = 2; i < ast.getChildCount(); i++) {
            ASTNode astChild = (ASTNode) ast.getChild(i);
            if (astChild.getType() == HiveParser.TOK_GRANT_WITH_OPTION) {
                grantOption = true;
            } else if (astChild.getType() == HiveParser.TOK_PRIV_OBJECT) {
                privilegeObj = analyzePrivilegeObject(astChild, outputs);
            }
        }
    }
    String userName = SessionState.getUserFromAuthenticator();
    GrantDesc grantDesc = new GrantDesc(privilegeObj, privilegeDesc, principalDesc, userName, PrincipalType.USER, grantOption);
    return TaskFactory.get(new DDLWork(inputs, outputs, grantDesc));
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) PrivilegeObjectDesc(org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc) ASTNode(org.apache.hadoop.hive.ql.parse.ASTNode) GrantDesc(org.apache.hadoop.hive.ql.plan.GrantDesc) ShowGrantDesc(org.apache.hadoop.hive.ql.plan.ShowGrantDesc) PrivilegeDesc(org.apache.hadoop.hive.ql.plan.PrivilegeDesc)

Example 17 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class HiveAuthorizationTaskFactoryImpl method analyzeGrantRevokeRole.

private Task<? extends Serializable> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) {
    List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(0));
    // check if admin option has been specified
    int rolesStartPos = 1;
    ASTNode wAdminOption = (ASTNode) ast.getChild(1);
    boolean isAdmin = false;
    if ((isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION) || (!isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_ADMIN_OPTION_FOR)) {
        // start reading role names from next position
        rolesStartPos = 2;
        isAdmin = true;
    }
    List<String> roles = new ArrayList<String>();
    for (int i = rolesStartPos; i < ast.getChildCount(); i++) {
        roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText()));
    }
    String roleOwnerName = SessionState.getUserFromAuthenticator();
    // until change is made to use the admin option. Default to false with V2 authorization
    GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant, roles, principalDesc, roleOwnerName, PrincipalType.USER, isAdmin);
    return TaskFactory.get(new DDLWork(inputs, outputs, grantRevokeRoleDDL));
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) GrantRevokeRoleDDL(org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL) ASTNode(org.apache.hadoop.hive.ql.parse.ASTNode) ArrayList(java.util.ArrayList)

Example 18 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class CreateDatabaseHandler method handle.

@Override
public List<Task<? extends Serializable>> handle(Context context) throws SemanticException {
    MetaData metaData;
    try {
        FileSystem fs = FileSystem.get(new Path(context.location).toUri(), context.hiveConf);
        metaData = EximUtil.readMetaData(fs, new Path(context.location, EximUtil.METADATA_NAME));
    } catch (IOException e) {
        throw new SemanticException(ErrorMsg.INVALID_PATH.getMsg(), e);
    }
    Database db = metaData.getDatabase();
    String destinationDBName = context.dbName == null ? db.getName() : context.dbName;
    CreateDatabaseDesc createDatabaseDesc = new CreateDatabaseDesc(destinationDBName, db.getDescription(), null, true);
    createDatabaseDesc.setDatabaseProperties(db.getParameters());
    Task<DDLWork> createDBTask = TaskFactory.get(new DDLWork(new HashSet<>(), new HashSet<>(), createDatabaseDesc));
    if (!db.getParameters().isEmpty()) {
        AlterDatabaseDesc alterDbDesc = new AlterDatabaseDesc(destinationDBName, db.getParameters(), context.eventOnlyReplicationSpec());
        Task<DDLWork> alterDbProperties = TaskFactory.get(new DDLWork(new HashSet<>(), new HashSet<>(), alterDbDesc));
        createDBTask.addDependentTask(alterDbProperties);
    }
    if (StringUtils.isNotEmpty(db.getOwnerName())) {
        AlterDatabaseDesc alterDbOwner = new AlterDatabaseDesc(destinationDBName, new PrincipalDesc(db.getOwnerName(), db.getOwnerType()), context.eventOnlyReplicationSpec());
        Task<DDLWork> alterDbTask = TaskFactory.get(new DDLWork(new HashSet<>(), new HashSet<>(), alterDbOwner));
        createDBTask.addDependentTask(alterDbTask);
    }
    updatedMetadata.set(context.dmd.getEventTo().toString(), destinationDBName, null, null);
    return Collections.singletonList(createDBTask);
}
Also used : Path(org.apache.hadoop.fs.Path) IOException(java.io.IOException) PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) CreateDatabaseDesc(org.apache.hadoop.hive.ql.plan.CreateDatabaseDesc) MetaData(org.apache.hadoop.hive.ql.parse.repl.load.MetaData) FileSystem(org.apache.hadoop.fs.FileSystem) Database(org.apache.hadoop.hive.metastore.api.Database) AlterDatabaseDesc(org.apache.hadoop.hive.ql.plan.AlterDatabaseDesc) SemanticException(org.apache.hadoop.hive.ql.parse.SemanticException) HashSet(java.util.HashSet)

Example 19 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class PrivilegesTestBase method grantUserTable.

public static void grantUserTable(String privStr, PrivilegeType privType, QueryState queryState, Hive db) throws Exception {
    DDLWork work = AuthorizationTestUtil.analyze("GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, queryState, db);
    GrantDesc grantDesc = work.getGrantDesc();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    // check privileges
    for (PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
        Assert.assertEquals(privType, privilege.getPrivilege().getPriv());
    }
    // check other parts
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.USER, principal.getType());
        Assert.assertEquals(USER, principal.getName());
    }
    Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
    Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject());
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) GrantDesc(org.apache.hadoop.hive.ql.plan.GrantDesc) PrivilegeDesc(org.apache.hadoop.hive.ql.plan.PrivilegeDesc)

Example 20 with PrincipalDesc

use of org.apache.hadoop.hive.ql.plan.PrincipalDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testRevokeRoleGroup.

/**
 * REVOKE ROLE ... FROM GROUP ...
 */
@Test
public void testRevokeRoleGroup() throws Exception {
    DDLWork work = analyze("REVOKE ROLE " + ROLE + " FROM GROUP " + GROUP);
    GrantRevokeRoleDDL grantDesc = work.getGrantRevokeRoleDDL();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    Assert.assertFalse("Did not expect grant ", grantDesc.getGrant());
    Assert.assertFalse("With admin option is not specified", grantDesc.isGrantOption());
    Assert.assertEquals(currentUser, grantDesc.getGrantor());
    Assert.assertEquals(PrincipalType.USER, grantDesc.getGrantorType());
    for (String role : ListSizeMatcher.inList(grantDesc.getRoles()).ofSize(1)) {
        Assert.assertEquals(ROLE, role);
    }
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipalDesc()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.GROUP, principal.getType());
        Assert.assertEquals(GROUP, principal.getName());
    }
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) GrantRevokeRoleDDL(org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL) Test(org.junit.Test)

Aggregations

PrincipalDesc (org.apache.hadoop.hive.ql.plan.PrincipalDesc)22 DDLWork (org.apache.hadoop.hive.ql.plan.DDLWork)20 Test (org.junit.Test)12 PrivilegeDesc (org.apache.hadoop.hive.ql.plan.PrivilegeDesc)9 GrantRevokeRoleDDL (org.apache.hadoop.hive.ql.plan.GrantRevokeRoleDDL)7 GrantDesc (org.apache.hadoop.hive.ql.plan.GrantDesc)5 ShowGrantDesc (org.apache.hadoop.hive.ql.plan.ShowGrantDesc)5 ASTNode (org.apache.hadoop.hive.ql.parse.ASTNode)4 AlterDatabaseDesc (org.apache.hadoop.hive.ql.plan.AlterDatabaseDesc)4 RevokeDesc (org.apache.hadoop.hive.ql.plan.RevokeDesc)4 PrivilegeObjectDesc (org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc)3 Database (org.apache.hadoop.hive.metastore.api.Database)2 SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)2 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1 FileSystem (org.apache.hadoop.fs.FileSystem)1 Path (org.apache.hadoop.fs.Path)1