Example 1 with HiveMetastoreAuthorizationProvider
use of org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider in project hive by apache.
the class HiveServer2 method startPrivilegeSynchronizer.
public void startPrivilegeSynchronizer(HiveConf hiveConf) throws Exception {
if (!HiveConf.getBoolVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER)) {
return;
}
PolicyProviderContainer policyContainer = new PolicyProviderContainer();
HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
if (authorizer.getHivePolicyProvider() != null) {
policyContainer.addAuthorizer(authorizer);
}
if (MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS) != null && MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS).contains("org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener") && MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.HIVE_AUTHORIZATION_MANAGER) != null) {
List<HiveMetastoreAuthorizationProvider> providers = HiveUtils.getMetaStoreAuthorizeProviderManagers(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER, SessionState.get().getAuthenticator());
for (HiveMetastoreAuthorizationProvider provider : providers) {
if (provider.getHivePolicyProvider() != null) {
policyContainer.addAuthorizationProvider(provider);
}
}
}
if (policyContainer.size() > 0) {
setUpZooKeeperAuth(hiveConf);
zKClientForPrivSync = hiveConf.getZKConfig().startZookeeperClient(zooKeeperAclProvider, true);
String rootNamespace = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_ZOOKEEPER_NAMESPACE);
String path = ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + rootNamespace + ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + "leader";
LeaderLatch privilegeSynchronizerLatch = new LeaderLatch(zKClientForPrivSync, path);
privilegeSynchronizerLatch.start();
LOG.info("Find " + policyContainer.size() + " policy to synchronize, start PrivilegeSynchronizer");
Thread privilegeSynchronizerThread = new Thread(new PrivilegeSynchronizer(privilegeSynchronizerLatch, policyContainer, hiveConf), "PrivilegeSynchronizer");
privilegeSynchronizerThread.setDaemon(true);
privilegeSynchronizerThread.start();
} else {
LOG.warn("No policy provider found, skip creating PrivilegeSynchronizer");
}
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveMetastoreAuthorizationProvider(org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)
PrivilegeSynchronizer(org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchronizer)
PolicyProviderContainer(org.apache.hadoop.hive.ql.security.authorization.PolicyProviderContainer)
LeaderLatch(org.apache.curator.framework.recipes.leader.LeaderLatch)
CompactorThread(org.apache.hadoop.hive.ql.txn.compactor.CompactorThread)
Example 2 with HiveMetastoreAuthorizationProvider
use of org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider in project hive by apache.
the class GenericUDFCurrentAuthorizer method initialize.
@Override
public ObjectInspector initialize(ObjectInspector[] arguments) throws UDFArgumentException {
if (arguments.length != 0) {
throw new UDFArgumentLengthException("The function CurrentAuthorizer does not take any arguments, but found " + arguments.length);
}
if (authorizer == null) {
HiveConf hiveConf = SessionState.getSessionConf();
HiveAuthorizer hiveAuthorizer = SessionState.get().getAuthorizerV2();
try {
if (hiveAuthorizer.getHivePolicyProvider() != null) {
authorizer = new Text(hiveAuthorizer.getHivePolicyProvider().getClass().getSimpleName());
}
} catch (HiveAuthzPluginException e) {
LOG.warn("Error getting HivePolicyProvider", e);
}
if (authorizer == null) {
// If authorizer is not set, check for metastore authorizer (eg. StorageBasedAuthorizationProvider)
if (MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS) != null && !MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS).isEmpty() && HiveConf.getVar(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER) != null) {
List<HiveMetastoreAuthorizationProvider> authorizerProviders;
try {
authorizerProviders = HiveUtils.getMetaStoreAuthorizeProviderManagers(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER, SessionState.get().getAuthenticator());
for (HiveMetastoreAuthorizationProvider authProvider : authorizerProviders) {
if (authProvider.getHivePolicyProvider() != null) {
authorizer = new Text(authProvider.getHivePolicyProvider().getClass().getSimpleName());
break;
}
}
} catch (HiveAuthzPluginException e) {
LOG.warn("Error getting HivePolicyProvider", e);
} catch (HiveException e) {
LOG.warn("Error instantiating hive.security.metastore.authorization.manager", e);
}
}
}
}
return PrimitiveObjectInspectorFactory.writableStringObjectInspector;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveMetastoreAuthorizationProvider(org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
UDFArgumentLengthException(org.apache.hadoop.hive.ql.exec.UDFArgumentLengthException)
HiveConf(org.apache.hadoop.hive.conf.HiveConf)
Text(org.apache.hadoop.io.Text)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
Example 3 with HiveMetastoreAuthorizationProvider
use of org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider in project hive by apache.
the class GenericUDFRestrictInformationSchema method initialize.
@Override
public ObjectInspector initialize(ObjectInspector[] arguments) throws UDFArgumentException {
if (arguments.length != 0) {
throw new UDFArgumentLengthException("The function RestrictInformationSchema does not take any arguments, but found " + arguments.length);
}
if (enabled == null) {
HiveConf hiveConf = SessionState.getSessionConf();
boolean enableHS2PolicyProvider = false;
boolean enableMetastorePolicyProvider = false;
HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
try {
if (hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED) && authorizer.getHivePolicyProvider() != null) {
enableHS2PolicyProvider = true;
}
} catch (HiveAuthzPluginException e) {
LOG.warn("Error getting HivePolicyProvider", e);
}
if (!enableHS2PolicyProvider) {
if (MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS) != null && !MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS).isEmpty() && HiveConf.getVar(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER) != null) {
List<HiveMetastoreAuthorizationProvider> authorizerProviders;
try {
authorizerProviders = HiveUtils.getMetaStoreAuthorizeProviderManagers(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER, SessionState.get().getAuthenticator());
for (HiveMetastoreAuthorizationProvider authProvider : authorizerProviders) {
if (authProvider.getHivePolicyProvider() != null) {
enableMetastorePolicyProvider = true;
break;
}
}
} catch (HiveAuthzPluginException e) {
LOG.warn("Error getting HivePolicyProvider", e);
} catch (HiveException e) {
LOG.warn("Error instantiating hive.security.metastore.authorization.manager", e);
}
}
}
if (enableHS2PolicyProvider || enableMetastorePolicyProvider) {
enabled = new BooleanWritable(true);
} else {
enabled = new BooleanWritable(false);
}
}
return PrimitiveObjectInspectorFactory.writableBooleanObjectInspector;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveMetastoreAuthorizationProvider(org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
BooleanWritable(org.apache.hadoop.io.BooleanWritable)
UDFArgumentLengthException(org.apache.hadoop.hive.ql.exec.UDFArgumentLengthException)
HiveConf(org.apache.hadoop.hive.conf.HiveConf)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
Aggregations
HiveMetastoreAuthorizationProvider (org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)3
HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)3
HiveConf (org.apache.hadoop.hive.conf.HiveConf)2
UDFArgumentLengthException (org.apache.hadoop.hive.ql.exec.UDFArgumentLengthException)2
HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)2
HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)2
LeaderLatch (org.apache.curator.framework.recipes.leader.LeaderLatch)1
PolicyProviderContainer (org.apache.hadoop.hive.ql.security.authorization.PolicyProviderContainer)1
PrivilegeSynchronizer (org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchronizer)1
CompactorThread (org.apache.hadoop.hive.ql.txn.compactor.CompactorThread)1
BooleanWritable (org.apache.hadoop.io.BooleanWritable)1
Text (org.apache.hadoop.io.Text)1
