Search in sources :

Example 6 with PrivilegeDesc

use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.

the class HiveAuthorizationTaskFactoryImpl method createRevokeTask.

@Override
public Task<? extends Serializable> createRevokeTask(ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
    List<PrivilegeDesc> privilegeDesc = analyzePrivilegeListDef((ASTNode) ast.getChild(0));
    List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(1));
    PrivilegeObjectDesc hiveObj = null;
    boolean grantOption = false;
    if (ast.getChildCount() > 2) {
        ASTNode astChild = (ASTNode) ast.getChild(2);
        hiveObj = analyzePrivilegeObject(astChild, outputs);
        if (null != ast.getFirstChildWithType(HiveParser.TOK_GRANT_OPTION_FOR)) {
            grantOption = true;
        }
    }
    RevokeDesc revokeDesc = new RevokeDesc(privilegeDesc, principalDesc, hiveObj, grantOption);
    return TaskFactory.get(new DDLWork(inputs, outputs, revokeDesc), conf);
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) PrivilegeObjectDesc(org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc) ASTNode(org.apache.hadoop.hive.ql.parse.ASTNode) RevokeDesc(org.apache.hadoop.hive.ql.plan.RevokeDesc) PrivilegeDesc(org.apache.hadoop.hive.ql.plan.PrivilegeDesc)

Example 7 with PrivilegeDesc

use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.

the class PrivilegesTestBase method grantUserTable.

public static void grantUserTable(String privStr, PrivilegeType privType, QueryState queryState, Hive db) throws Exception {
    DDLWork work = AuthorizationTestUtil.analyze("GRANT " + privStr + " ON TABLE " + TABLE + " TO USER " + USER, queryState, db);
    GrantDesc grantDesc = work.getGrantDesc();
    Assert.assertNotNull("Grant should not be null", grantDesc);
    //check privileges
    for (PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
        Assert.assertEquals(privType, privilege.getPrivilege().getPriv());
    }
    //check other parts
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.USER, principal.getType());
        Assert.assertEquals(USER, principal.getName());
    }
    Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
    Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject());
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) GrantDesc(org.apache.hadoop.hive.ql.plan.GrantDesc) PrivilegeDesc(org.apache.hadoop.hive.ql.plan.PrivilegeDesc)

Example 8 with PrivilegeDesc

use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.

the class TestHiveAuthorizationTaskFactory method testRevokeGroupTable.

/**
   * REVOKE ... ON TABLE ... FROM GROUP ...
   */
@Test
public void testRevokeGroupTable() throws Exception {
    DDLWork work = analyze("REVOKE " + SELECT + " ON TABLE " + TABLE + " FROM GROUP " + GROUP);
    RevokeDesc grantDesc = work.getRevokeDesc();
    Assert.assertNotNull("Revoke should not be null", grantDesc);
    for (PrincipalDesc principal : ListSizeMatcher.inList(grantDesc.getPrincipals()).ofSize(1)) {
        Assert.assertEquals(PrincipalType.GROUP, principal.getType());
        Assert.assertEquals(GROUP, principal.getName());
    }
    for (PrivilegeDesc privilege : ListSizeMatcher.inList(grantDesc.getPrivileges()).ofSize(1)) {
        Assert.assertEquals(Privilege.SELECT, privilege.getPrivilege());
    }
    Assert.assertTrue("Expected table", grantDesc.getPrivilegeSubjectDesc().getTable());
    Assert.assertEquals(TABLE_QNAME, grantDesc.getPrivilegeSubjectDesc().getObject());
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) RevokeDesc(org.apache.hadoop.hive.ql.plan.RevokeDesc) PrivilegeDesc(org.apache.hadoop.hive.ql.plan.PrivilegeDesc) Test(org.junit.Test)

Example 9 with PrivilegeDesc

use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.

the class HiveAuthorizationTaskFactoryImpl method analyzePrivilegeListDef.

private List<PrivilegeDesc> analyzePrivilegeListDef(ASTNode node) throws SemanticException {
    List<PrivilegeDesc> ret = new ArrayList<PrivilegeDesc>();
    for (int i = 0; i < node.getChildCount(); i++) {
        ASTNode privilegeDef = (ASTNode) node.getChild(i);
        ASTNode privilegeType = (ASTNode) privilegeDef.getChild(0);
        Privilege privObj = PrivilegeRegistry.getPrivilege(privilegeType.getType());
        if (privObj == null) {
            throw new SemanticException("Undefined privilege " + PrivilegeType.getPrivTypeByToken(privilegeType.getType()));
        }
        List<String> cols = null;
        if (privilegeDef.getChildCount() > 1) {
            cols = BaseSemanticAnalyzer.getColumnNames((ASTNode) privilegeDef.getChild(1));
        }
        PrivilegeDesc privilegeDesc = new PrivilegeDesc(privObj, cols);
        ret.add(privilegeDesc);
    }
    return ret;
}
Also used : ArrayList(java.util.ArrayList) ASTNode(org.apache.hadoop.hive.ql.parse.ASTNode) Privilege(org.apache.hadoop.hive.ql.security.authorization.Privilege) PrivilegeDesc(org.apache.hadoop.hive.ql.plan.PrivilegeDesc) SemanticException(org.apache.hadoop.hive.ql.parse.SemanticException)

Example 10 with PrivilegeDesc

use of org.apache.hadoop.hive.ql.plan.PrivilegeDesc in project hive by apache.

the class HiveAuthorizationTaskFactoryImpl method createGrantTask.

@Override
public Task<? extends Serializable> createGrantTask(ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException {
    List<PrivilegeDesc> privilegeDesc = analyzePrivilegeListDef((ASTNode) ast.getChild(0));
    List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef((ASTNode) ast.getChild(1));
    boolean grantOption = false;
    PrivilegeObjectDesc privilegeObj = null;
    if (ast.getChildCount() > 2) {
        for (int i = 2; i < ast.getChildCount(); i++) {
            ASTNode astChild = (ASTNode) ast.getChild(i);
            if (astChild.getType() == HiveParser.TOK_GRANT_WITH_OPTION) {
                grantOption = true;
            } else if (astChild.getType() == HiveParser.TOK_PRIV_OBJECT) {
                privilegeObj = analyzePrivilegeObject(astChild, outputs);
            }
        }
    }
    String userName = SessionState.getUserFromAuthenticator();
    GrantDesc grantDesc = new GrantDesc(privilegeObj, privilegeDesc, principalDesc, userName, PrincipalType.USER, grantOption);
    return TaskFactory.get(new DDLWork(inputs, outputs, grantDesc), conf);
}
Also used : PrincipalDesc(org.apache.hadoop.hive.ql.plan.PrincipalDesc) DDLWork(org.apache.hadoop.hive.ql.plan.DDLWork) PrivilegeObjectDesc(org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc) ASTNode(org.apache.hadoop.hive.ql.parse.ASTNode) GrantDesc(org.apache.hadoop.hive.ql.plan.GrantDesc) ShowGrantDesc(org.apache.hadoop.hive.ql.plan.ShowGrantDesc) PrivilegeDesc(org.apache.hadoop.hive.ql.plan.PrivilegeDesc)

Aggregations

PrivilegeDesc (org.apache.hadoop.hive.ql.plan.PrivilegeDesc)10 DDLWork (org.apache.hadoop.hive.ql.plan.DDLWork)9 PrincipalDesc (org.apache.hadoop.hive.ql.plan.PrincipalDesc)9 Test (org.junit.Test)6 GrantDesc (org.apache.hadoop.hive.ql.plan.GrantDesc)5 RevokeDesc (org.apache.hadoop.hive.ql.plan.RevokeDesc)4 ShowGrantDesc (org.apache.hadoop.hive.ql.plan.ShowGrantDesc)4 ASTNode (org.apache.hadoop.hive.ql.parse.ASTNode)3 PrivilegeObjectDesc (org.apache.hadoop.hive.ql.plan.PrivilegeObjectDesc)2 ArrayList (java.util.ArrayList)1 SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)1 Privilege (org.apache.hadoop.hive.ql.security.authorization.Privilege)1