use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.
the class HiveAuthorizationTaskFactoryImpl method createRevokeTask.
@Override
public Task<? extends Serializable> createRevokeTask(ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
List<PrivilegeDesc> privilegeDesc = analyzePrivilegeListDef((ASTNode) ast.getChild(0));
List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(1));
PrivilegeObjectDesc hiveObj = null;
boolean grantOption = false;
if (ast.getChildCount() > 2) {
ASTNode astChild = (ASTNode) ast.getChild(2);
hiveObj = analyzePrivilegeObject(astChild, outputs);
if (null != ast.getFirstChildWithType(HiveParser.TOK_GRANT_OPTION_FOR)) {
grantOption = true;
}
}
RevokeDesc revokeDesc = new RevokeDesc(privilegeDesc, principalDesc, hiveObj, grantOption);
return TaskFactory.get(new DDLWork(inputs, outputs, revokeDesc), conf);
}
use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.
the class PrivilegesTestBase method grantUserTable.
public static void grantUserTable(String privStr, PrivilegeType privType, QueryState queryState, Hive db) throws Exception {
DDLWork work = AuthorizationTestUtil.analyze("GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, queryState, db);
GrantDesc grantDesc = work.getGrantDesc();
Assert.assertNotNull("Grant should not be null", grantDesc);
//check privileges
for (PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
Assert.assertEquals(privType, privilege.getPrivilege().getPriv());
}
//check other parts
for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.USER, principal.getType());
Assert.assertEquals(USER, principal.getName());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject());
}
use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.
the class TestHiveAuthorizationTaskFactory method testRevokeGroupTable.
/**
* REVOKE ... ON TABLE ... FROM GROUP ...
*/
@Test
public void testRevokeGroupTable() throws Exception {
DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP);
RevokeDesc grantDesc = work.getRevokeDesc();
Assert.assertNotNull("Revoke should not be null", grantDesc);
for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
Assert.assertEquals(PrincipalType.GROUP, principal.getType());
Assert.assertEquals(GROUP, principal.getName());
}
for (PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
}
Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject());
}
use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.
the class HiveAuthorizationTaskFactoryImpl method analyzePrivilegeListDef.
private List<PrivilegeDesc> analyzePrivilegeListDef(ASTNode node) throws SemanticException {
List<PrivilegeDesc> ret = new ArrayList<PrivilegeDesc>();
for (int i = 0; i < node.getChildCount(); i++) {
ASTNode privilegeDef = (ASTNode) node.getChild(i);
ASTNode privilegeType = (ASTNode) privilegeDef.getChild(0);
Privilege privObj = PrivilegeRegistry.getPrivilege(privilegeType.getType());
if (privObj == null) {
throw new SemanticException("Undefined privilege " + PrivilegeType.getPrivTypeByToken(privilegeType.getType()));
}
List<String> cols = null;
if (privilegeDef.getChildCount() > 1) {
cols = BaseSemanticAnalyzer.getColumnNames((ASTNode) privilegeDef.getChild(1));
}
PrivilegeDesc privilegeDesc = new PrivilegeDesc(privObj, cols);
ret.add(privilegeDesc);
}
return ret;
}
use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.
the class HiveAuthorizationTaskFactoryImpl method createGrantTask.
@Override
public Task<? extends Serializable> createGrantTask(ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
List<PrivilegeDesc> privilegeDesc = analyzePrivilegeListDef((ASTNode) ast.getChild(0));
List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(1));
boolean grantOption = false;
PrivilegeObjectDesc privilegeObj = null;
if (ast.getChildCount() > 2) {
for (int i = 2; i < ast.getChildCount(); i++) {
ASTNode astChild = (ASTNode) ast.getChild(i);
if (astChild.getType() == HiveParser.TOK_GRANT_WITH_OPTION) {
grantOption = true;
} else if (astChild.getType() == HiveParser.TOK_PRIV_OBJECT) {
privilegeObj = analyzePrivilegeObject(astChild, outputs);
}
}
}
String userName = SessionState.getUserFromAuthenticator();
GrantDesc grantDesc = new GrantDesc(privilegeObj, privilegeDesc, principalDesc, userName, PrincipalType.USER, grantOption);
return TaskFactory.get(new DDLWork(inputs, outputs, grantDesc), conf);
}
Aggregations