Example 16 with HiveAuthzPluginException
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException in project hive by apache.
the class GenericUDFRestrictInformationSchema method initialize.
@Override
public ObjectInspector initialize(ObjectInspector[] arguments) throws UDFArgumentException {
if (arguments.length != 0) {
throw new UDFArgumentLengthException("The function RestrictInformationSchema does not take any arguments, but found " + arguments.length);
}
if (enabled == null) {
HiveConf hiveConf = SessionState.getSessionConf();
boolean enableHS2PolicyProvider = false;
boolean enableMetastorePolicyProvider = false;
HiveAuthorizer authorizer = SessionState.get().getAuthorizerV2();
try {
if (hiveConf.getBoolVar(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED) && authorizer.getHivePolicyProvider() != null) {
enableHS2PolicyProvider = true;
}
} catch (HiveAuthzPluginException e) {
LOG.warn("Error getting HivePolicyProvider", e);
}
if (!enableHS2PolicyProvider) {
if (MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS) != null && !MetastoreConf.getVar(hiveConf, MetastoreConf.ConfVars.PRE_EVENT_LISTENERS).isEmpty() && HiveConf.getVar(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER) != null) {
List<HiveMetastoreAuthorizationProvider> authorizerProviders;
try {
authorizerProviders = HiveUtils.getMetaStoreAuthorizeProviderManagers(hiveConf, HiveConf.ConfVars.HIVE_METASTORE_AUTHORIZATION_MANAGER, SessionState.get().getAuthenticator());
for (HiveMetastoreAuthorizationProvider authProvider : authorizerProviders) {
if (authProvider.getHivePolicyProvider() != null) {
enableMetastorePolicyProvider = true;
break;
}
}
} catch (HiveAuthzPluginException e) {
LOG.warn("Error getting HivePolicyProvider", e);
} catch (HiveException e) {
LOG.warn("Error instantiating hive.security.metastore.authorization.manager", e);
}
}
}
if (enableHS2PolicyProvider || enableMetastorePolicyProvider) {
enabled = new BooleanWritable(true);
} else {
enabled = new BooleanWritable(false);
}
}
return PrimitiveObjectInspectorFactory.writableBooleanObjectInspector;
}
Also used :
HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)
HiveMetastoreAuthorizationProvider(org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)
HiveException(org.apache.hadoop.hive.ql.metadata.HiveException)
BooleanWritable(org.apache.hadoop.io.BooleanWritable)
UDFArgumentLengthException(org.apache.hadoop.hive.ql.exec.UDFArgumentLengthException)
HiveConf(org.apache.hadoop.hive.conf.HiveConf)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
Example 17 with HiveAuthzPluginException
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException in project hive by apache.
the class SQLAuthorizationUtils method getThriftPrivilegesBag.
/**
* Create thrift privileges bag
*
* @param hivePrincipals
* @param hivePrivileges
* @param hivePrivObject
* @param grantorPrincipal
* @param grantOption
* @return
* @throws HiveAuthzPluginException
*/
static PrivilegeBag getThriftPrivilegesBag(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException {
HiveObjectRef privObj = getThriftHiveObjectRef(hivePrivObject);
PrivilegeBag privBag = new PrivilegeBag();
for (HivePrivilege privilege : hivePrivileges) {
if (privilege.getColumns() != null && privilege.getColumns().size() > 0) {
throw new HiveAuthzPluginException("Privileges on columns not supported currently" + " in sql standard authorization mode");
}
if (!SUPPORTED_PRIVS_SET.contains(privilege.getName().toUpperCase(Locale.US))) {
throw new HiveAuthzPluginException("Privilege: " + privilege.getName() + " is not supported in sql standard authorization mode");
}
PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege, grantorPrincipal, grantOption, 0);
for (HivePrincipal principal : hivePrincipals) {
HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), grantInfo, "SQL");
privBag.addToPrivileges(objPriv);
}
}
return privBag;
}
Also used :
PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag)
HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)
PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)
HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)
HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)
HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
Example 18 with HiveAuthzPluginException
use of org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException in project hive by apache.
the class SQLStdHiveAccessController method getRolesFromMS.
private List<HiveRoleGrant> getRolesFromMS() throws HiveAuthzPluginException {
try {
List<RolePrincipalGrant> roles = getRoleGrants(currentUserName, PrincipalType.USER);
Map<String, HiveRoleGrant> name2Rolesmap = new HashMap<String, HiveRoleGrant>();
getAllRoleAncestors(name2Rolesmap, roles);
List<HiveRoleGrant> currentRoles = new ArrayList<HiveRoleGrant>(roles.size());
for (HiveRoleGrant role : name2Rolesmap.values()) {
if (!HMSHandler.ADMIN.equalsIgnoreCase(role.getRoleName())) {
currentRoles.add(role);
} else {
this.adminRole = role;
}
}
return currentRoles;
} catch (Exception e) {
throw SQLAuthorizationUtils.getPluginException("Failed to retrieve roles for " + currentUserName, e);
}
}
Also used :
RolePrincipalGrant(org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)
HashMap(java.util.HashMap)
HiveRoleGrant(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant)
ArrayList(java.util.ArrayList)
MetaException(org.apache.hadoop.hive.metastore.api.MetaException)
HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)
HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)
TException(org.apache.thrift.TException)
Aggregations
HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)18
HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)15
TException (org.apache.thrift.TException)10
MetaException (org.apache.hadoop.hive.metastore.api.MetaException)9
IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)6
HiveException (org.apache.hadoop.hive.ql.metadata.HiveException)6
HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)6
ArrayList (java.util.ArrayList)5
HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)5
PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)4
HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)4
HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)3
PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)3
SemanticException (org.apache.hadoop.hive.ql.parse.SemanticException)3
HashMap (java.util.HashMap)2
HiveConf (org.apache.hadoop.hive.conf.HiveConf)2
PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)2
RolePrincipalGrant (org.apache.hadoop.hive.metastore.api.RolePrincipalGrant)2
UDFArgumentLengthException (org.apache.hadoop.hive.ql.exec.UDFArgumentLengthException)2
HiveMetastoreAuthorizationProvider (org.apache.hadoop.hive.ql.security.authorization.HiveMetastoreAuthorizationProvider)2
