Example 1 with PrivilegeSynchronizer
use of org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchronizer in project hive by apache.
the class HiveServer2 method startPrivilegeSynchronizer.
public void startPrivilegeSynchronizer(HiveConf hiveConf) throws Exception {
if (!HiveConf.getBoolVar(hiveConf, ConfVars.HIVE_PRIVILEGE_SYNCHRONIZER)) {
return;
}
PolicyProviderContainer policyContainer = new PolicyProviderContainer();
HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
if (authorizer.getHivePolicyProvider() != null) {
policyContainer.addAuthorizer(authorizer);
}
if (MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS) != null && MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS).contains("org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener") && MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.HIVE_AUTHORIZATION_MANAGER) != null) {
List<HiveMetastoreAuthorizationProvider> providers = HiveUtils.getMetaStoreAuthorizeProviderManagers(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER, SessionState.get().getAuthenticator());
for (HiveMetastoreAuthorizationProvider provider : providers) {
if (provider.getHivePolicyProvider() != null) {
policyContainer.addAuthorizationProvider(provider);
}
}
}
if (policyContainer.size() > 0) {
setUpZooKeeperAuth(hiveConf);
zKClientForPrivSync = hiveConf.getZKConfig().startZookeeperClient(zooKeeperAclProvider, true);
String rootNamespace = hiveConf.getVar(HiveConf.ConfVars.HIVE_SERVER2_ZOOKEEPER_NAMESPACE);
String path = ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + rootNamespace + ZooKeeperHiveHelper.ZOOKEEPER_PATH_SEPARATOR + "leader";
LeaderLatch privilegeSynchronizerLatch = new LeaderLatch(zKClientForPrivSync, path);
privilegeSynchronizerLatch.start();
LOG.info("Find " + policyContainer.size() + " policy to synchronize, start PrivilegeSynchronizer");
Thread privilegeSynchronizerThread = new Thread(new PrivilegeSynchronizer(privilegeSynchronizerLatch, policyContainer, hiveConf), "PrivilegeSynchronizer");
privilegeSynchronizerThread.setDaemon(true);
privilegeSynchronizerThread.start();
} else {
LOG.warn("No policy provider found, skip creating PrivilegeSynchronizer");
}
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveMetastoreAuthorizationProvider(org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)
PrivilegeSynchronizer(org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchronizer)
PolicyProviderContainer(org.apache.hadoop.hive.ql.security.authorization.PolicyProviderContainer)
LeaderLatch(org.apache.curator.framework.recipes.leader.LeaderLatch)
CompactorThread(org.apache.hadoop.hive.ql.txn.compactor.CompactorThread)
Aggregations
LeaderLatch (org.apache.curator.framework.recipes.leader.LeaderLatch)1
HiveMetastoreAuthorizationProvider (org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)1
PolicyProviderContainer (org.apache.hadoop.hive.ql.security.authorization.PolicyProviderContainer)1
PrivilegeSynchronizer (org.apache.hadoop.hive.ql.security.authorization.PrivilegeSynchronizer)1
HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)1
CompactorThread (org.apache.hadoop.hive.ql.txn.compactor.CompactorThread)1
