Example 1 with HiveAuthorizer
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer in project hive by apache.
the class DDLTask method showGrants.
private int showGrants(Hive db, ShowGrantDesc showGrantDesc) throws HiveException {
HiveAuthorizer authorizer = getSessionAuthorizer(db);
try {
List<HivePrivilegeInfo> privInfos = authorizer.showPrivileges(getAuthorizationTranslator(authorizer).getHivePrincipal(showGrantDesc.getPrincipalDesc()), getAuthorizationTranslator(authorizer).getHivePrivilegeObject(showGrantDesc.getHiveObj()));
boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
writeToFile(writeGrantInfo(privInfos, testMode), showGrantDesc.getResFile());
} catch (IOException e) {
throw new HiveException("Error in show grant statement", e);
}
return 0;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
IOException(java.io.IOException)
Example 2 with HiveAuthorizer
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer in project hive by apache.
the class TestSQLStdHiveAccessControllerCLI method testAuthEnable.
/**
* Verify that no exception is thrown if authorization is enabled from hive cli,
* when sql std auth is used
*/
@Test
public void testAuthEnable() throws Exception {
HiveConf processedConf = new HiveConf();
processedConf.setBoolVar(ConfVars.HIVE_AUTHORIZATION_ENABLED, true);
HiveAuthorizerFactory authorizerFactory = new SQLStdHiveAuthorizerFactory();
HiveAuthorizer authorizer = authorizerFactory.createHiveAuthorizer(null, processedConf, new HadoopDefaultAuthenticator(), getCLISessionCtx());
}
Also used :
HiveAuthorizerFactory(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory)
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveConf(org.apache.hadoop.hive.conf.HiveConf)
HadoopDefaultAuthenticator(org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator)
Test(org.junit.Test)
Example 3 with HiveAuthorizer
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer in project hive by apache.
the class DDLTask method grantOrRevokeRole.
private int grantOrRevokeRole(Hive db, GrantRevokeRoleDDL grantOrRevokeRoleDDL) throws HiveException {
HiveAuthorizer authorizer = getSessionAuthorizer(db);
//convert to the types needed for plugin api
HivePrincipal grantorPrinc = null;
if (grantOrRevokeRoleDDL.getGrantor() != null) {
grantorPrinc = new HivePrincipal(grantOrRevokeRoleDDL.getGrantor(), AuthorizationUtils.getHivePrincipalType(grantOrRevokeRoleDDL.getGrantorType()));
}
List<HivePrincipal> principals = AuthorizationUtils.getHivePrincipals(grantOrRevokeRoleDDL.getPrincipalDesc(), getAuthorizationTranslator(authorizer));
List<String> roles = grantOrRevokeRoleDDL.getRoles();
boolean grantOption = grantOrRevokeRoleDDL.isGrantOption();
if (grantOrRevokeRoleDDL.getGrant()) {
authorizer.grantRole(principals, roles, grantOption, grantorPrinc);
} else {
authorizer.revokeRole(principals, roles, grantOption, grantorPrinc);
}
return 0;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)
Example 4 with HiveAuthorizer
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer in project hive by apache.
the class DDLTask method grantOrRevokePrivileges.
private int grantOrRevokePrivileges(Hive db, List<PrincipalDesc> principals, List<PrivilegeDesc> privileges, PrivilegeObjectDesc privSubjectDesc, String grantor, PrincipalType grantorType, boolean grantOption, boolean isGrant) throws HiveException {
HiveAuthorizer authorizer = getSessionAuthorizer(db);
//Convert to object types used by the authorization plugin interface
List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(principals, getAuthorizationTranslator(authorizer));
List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(privileges, getAuthorizationTranslator(authorizer));
HivePrivilegeObject hivePrivObject = getAuthorizationTranslator(authorizer).getHivePrivilegeObject(privSubjectDesc);
HivePrincipal grantorPrincipal = new HivePrincipal(grantor, AuthorizationUtils.getHivePrincipalType(grantorType));
if (isGrant) {
authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption);
} else {
authorizer.revokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption);
}
//no exception thrown, so looks good
return 0;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)
HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)
HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)
Example 5 with HiveAuthorizer
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer in project hive by apache.
the class DDLTask method roleDDL.
private int roleDDL(Hive db, RoleDDLDesc roleDDLDesc) throws Exception {
HiveAuthorizer authorizer = getSessionAuthorizer(db);
RoleDDLDesc.RoleOperation operation = roleDDLDesc.getOperation();
//call the appropriate hive authorizer function
switch(operation) {
case CREATE_ROLE:
authorizer.createRole(roleDDLDesc.getName(), null);
break;
case DROP_ROLE:
authorizer.dropRole(roleDDLDesc.getName());
break;
case SHOW_ROLE_GRANT:
boolean testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
List<HiveRoleGrant> roles = authorizer.getRoleGrantInfoForPrincipal(AuthorizationUtils.getHivePrincipal(roleDDLDesc.getName(), roleDDLDesc.getPrincipalType()));
writeToFile(writeRolesGrantedInfo(roles, testMode), roleDDLDesc.getResFile());
break;
case SHOW_ROLES:
List<String> allRoles = authorizer.getAllRoles();
writeListToFileAfterSort(allRoles, roleDDLDesc.getResFile());
break;
case SHOW_CURRENT_ROLE:
List<String> roleNames = authorizer.getCurrentRoleNames();
writeListToFileAfterSort(roleNames, roleDDLDesc.getResFile());
break;
case SET_ROLE:
authorizer.setCurrentRole(roleDDLDesc.getName());
break;
case SHOW_ROLE_PRINCIPALS:
testMode = conf.getBoolVar(HiveConf.ConfVars.HIVE_IN_TEST);
List<HiveRoleGrant> roleGrants = authorizer.getPrincipalGrantInfoForRole(roleDDLDesc.getName());
writeToFile(writeHiveRoleGrantInfo(roleGrants, testMode), roleDDLDesc.getResFile());
break;
default:
throw new HiveException("Unkown role operation " + operation.getOperationName());
}
return 0;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
RoleDDLDesc(org.apache.hadoop.hive.ql.plan.RoleDDLDesc)
Aggregations
HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)5
HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)2
HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)2
IOException (java.io.IOException)1
HiveConf (org.apache.hadoop.hive.conf.HiveConf)1
RoleDDLDesc (org.apache.hadoop.hive.ql.plan.RoleDDLDesc)1
HadoopDefaultAuthenticator (org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator)1
HiveAuthorizerFactory (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory)1
HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)1
HivePrivilegeInfo (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)1
HivePrivilegeObject (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)1
HiveRoleGrant (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)1
Test (org.junit.Test)1
