Examples with HivePrincipal org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal used on opensource projects

Search in sources :

Example 1 with HivePrincipal

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal in project hive by apache.

the class SQLStdHiveAccessController method grantRole.

@Override
public void grantRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException {
    if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) {
        throw new HiveAccessControlException("Current user : " + currentUserName + " is not" + " allowed to grant role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG);
    }
    for (HivePrincipal hivePrincipal : hivePrincipals) {
        for (String roleName : roleNames) {
            try {
                IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
                mClient.grant_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantorPrinc.getName(), AuthorizationUtils.getThriftPrincipalType(grantorPrinc.getType()), grantOption);
            } catch (MetaException e) {
                throw SQLAuthorizationUtils.getPluginException("Error granting role", e);
            } catch (Exception e) {
                String msg = "Error granting roles for " + hivePrincipal.getName() + " to role " + roleName;
                throw SQLAuthorizationUtils.getPluginException(msg, e);
            }
        }
    }
}
Also used : HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException) MetaException(org.apache.hadoop.hive.metastore.api.MetaException)

Example 2 with HivePrincipal

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal in project hive by apache.

the class SQLStdHiveAccessController method revokeRole.

@Override
public void revokeRole(List<HivePrincipal> hivePrincipals, List<String> roleNames, boolean grantOption, HivePrincipal grantorPrinc) throws HiveAuthzPluginException, HiveAccessControlException {
    if (!(isUserAdmin() || doesUserHasAdminOption(roleNames))) {
        throw new HiveAccessControlException("Current user : " + currentUserName + " is not" + " allowed to revoke role. " + ADMIN_ONLY_MSG + " Otherwise, " + HAS_ADMIN_PRIV_MSG);
    }
    for (HivePrincipal hivePrincipal : hivePrincipals) {
        for (String roleName : roleNames) {
            try {
                IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
                mClient.revoke_role(roleName, hivePrincipal.getName(), AuthorizationUtils.getThriftPrincipalType(hivePrincipal.getType()), grantOption);
            } catch (Exception e) {
                String msg = "Error revoking roles for " + hivePrincipal.getName() + " to role " + roleName;
                throw SQLAuthorizationUtils.getPluginException(msg, e);
            }
        }
    }
}
Also used : HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException)

Example 3 with HivePrincipal

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal in project hive by apache.

the class SQLStdHiveAccessController method showPrivileges.

@Override
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException {
    try {
        // First authorize the call
        if (principal == null) {
            // only the admin is allowed to list privileges for any user
            if (!isUserAdmin()) {
                throw new HiveAccessControlException("User : " + currentUserName + " has to specify" + " a user name or role in the show grant. " + ADMIN_ONLY_MSG);
            }
        } else {
            //principal is specified, authorize on it
            if (!isUserAdmin()) {
                ensureShowGrantAllowed(principal);
            }
        }
        IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
        List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>();
        String principalName = principal == null ? null : principal.getName();
        PrincipalType principalType = principal == null ? null : AuthorizationUtils.getThriftPrincipalType(principal.getType());
        // get metastore/thrift privilege object using metastore api
        List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(principalName, principalType, SQLAuthorizationUtils.getThriftHiveObjectRef(privObj));
        // convert the metastore thrift objects to result objects
        for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
            // result principal
            HivePrincipal resPrincipal = new HivePrincipal(msObjPriv.getPrincipalName(), AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType()));
            // result privilege
            PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
            HivePrivilege resPrivilege = new HivePrivilege(msGrantInfo.getPrivilege(), null);
            // result object
            HiveObjectRef msObjRef = msObjPriv.getHiveObject();
            if (!isSupportedObjectType(msObjRef.getObjectType())) {
                // ignore them
                continue;
            }
            HivePrivilegeObject resPrivObj = new HivePrivilegeObject(getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName());
            // result grantor principal
            HivePrincipal grantorPrincipal = new HivePrincipal(msGrantInfo.getGrantor(), AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType()));
            HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(resPrincipal, resPrivilege, resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption(), msGrantInfo.getCreateTime());
            resPrivInfos.add(resPrivInfo);
        }
        return resPrivInfos;
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error showing privileges", e);
    }
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)

Example 4 with HivePrincipal

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal in project hive by apache.

the class AuthorizationUtils method getPrivilegeInfos.

public static List<HivePrivilegeInfo> getPrivilegeInfos(List<HiveObjectPrivilege> privs) throws HiveException {
    List<HivePrivilegeInfo> hivePrivs = new ArrayList<HivePrivilegeInfo>();
    for (HiveObjectPrivilege priv : privs) {
        PrivilegeGrantInfo grantorInfo = priv.getGrantInfo();
        HiveObjectRef privObject = priv.getHiveObject();
        HivePrincipal hivePrincipal = getHivePrincipal(priv.getPrincipalName(), priv.getPrincipalType());
        HivePrincipal grantor = getHivePrincipal(grantorInfo.getGrantor(), grantorInfo.getGrantorType());
        HivePrivilegeObject object = getHiveObjectRef(privObject);
        HivePrivilege privilege = new HivePrivilege(grantorInfo.getPrivilege(), null);
        hivePrivs.add(new HivePrivilegeInfo(hivePrincipal, privilege, object, grantor, grantorInfo.isGrantOption(), grantorInfo.getCreateTime()));
    }
    return hivePrivs;
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 5 with HivePrincipal

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal in project hive by apache.

the class RevokePrivAuthUtils method authorizeAndGetRevokePrivileges.

public static List<HiveObjectPrivilege> authorizeAndGetRevokePrivileges(List<HivePrincipal> principals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, boolean grantOption, IMetaStoreClient mClient, String userName) throws HiveAuthzPluginException, HiveAccessControlException {
    List<HiveObjectPrivilege> matchingPrivs = new ArrayList<HiveObjectPrivilege>();
    StringBuilder errMsg = new StringBuilder();
    for (HivePrincipal principal : principals) {
        // get metastore/thrift privilege object for this principal and object, not looking at
        // privileges obtained indirectly via roles
        List<HiveObjectPrivilege> msObjPrivs;
        try {
            msObjPrivs = mClient.list_privileges(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivObject));
        } catch (MetaException e) {
            throw new HiveAuthzPluginException(e);
        } catch (TException e) {
            throw new HiveAuthzPluginException(e);
        }
        // the resulting privileges need to be filtered on privilege type and
        // username
        // create a Map to capture object privileges corresponding to privilege
        // type
        Map<String, HiveObjectPrivilege> priv2privObj = new HashMap<String, HiveObjectPrivilege>();
        for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
            PrivilegeGrantInfo grantInfo = msObjPriv.getGrantInfo();
            // check if the grantor matches current user
            if (grantInfo.getGrantor() != null && grantInfo.getGrantor().equals(userName) && grantInfo.getGrantorType() == PrincipalType.USER) {
                // add to the map
                priv2privObj.put(grantInfo.getPrivilege(), msObjPriv);
            }
        // else skip this one
        }
        // find the privileges that we are looking for
        for (HivePrivilege hivePrivilege : hivePrivileges) {
            HiveObjectPrivilege matchedPriv = priv2privObj.get(hivePrivilege.getName());
            if (matchedPriv != null) {
                matchingPrivs.add(matchedPriv);
            } else {
                errMsg.append("Cannot find privilege ").append(hivePrivilege).append(" for ").append(principal).append(" on ").append(hivePrivObject).append(" granted by ").append(userName).append(System.getProperty("line.separator"));
            }
        }
    }
    if (errMsg.length() != 0) {
        throw new HiveAccessControlException(errMsg.toString());
    }
    return matchingPrivs;
}
Also used : TException(org.apache.thrift.TException) HashMap(java.util.HashMap) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) ArrayList(java.util.ArrayList) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) MetaException(org.apache.hadoop.hive.metastore.api.MetaException)

Aggregations

HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)11 ArrayList (java.util.ArrayList)5 HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)5 HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)5 IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)4 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)4 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)4 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)4 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)4 HivePrivilegeObject (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)4 TException (org.apache.thrift.TException)4 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)3 HivePrivilegeInfo (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)3 HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)2 HashMap (java.util.HashMap)1 PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)1 PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial