Examples with HivePrivilege org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege used on opensource projects

Search in sources :

Example 1 with HivePrivilege

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege in project hive by apache.

the class SQLStdHiveAccessController method showPrivileges.

@Override
public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj) throws HiveAuthzPluginException {
    try {
        // First authorize the call
        if (principal == null) {
            // only the admin is allowed to list privileges for any user
            if (!isUserAdmin()) {
                throw new HiveAccessControlException("User : " + currentUserName + " has to specify" + " a user name or role in the show grant. " + ADMIN_ONLY_MSG);
            }
        } else {
            //principal is specified, authorize on it
            if (!isUserAdmin()) {
                ensureShowGrantAllowed(principal);
            }
        }
        IMetaStoreClient mClient = metastoreClientFactory.getHiveMetastoreClient();
        List<HivePrivilegeInfo> resPrivInfos = new ArrayList<HivePrivilegeInfo>();
        String principalName = principal == null ? null : principal.getName();
        PrincipalType principalType = principal == null ? null : AuthorizationUtils.getThriftPrincipalType(principal.getType());
        // get metastore/thrift privilege object using metastore api
        List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(principalName, principalType, SQLAuthorizationUtils.getThriftHiveObjectRef(privObj));
        // convert the metastore thrift objects to result objects
        for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
            // result principal
            HivePrincipal resPrincipal = new HivePrincipal(msObjPriv.getPrincipalName(), AuthorizationUtils.getHivePrincipalType(msObjPriv.getPrincipalType()));
            // result privilege
            PrivilegeGrantInfo msGrantInfo = msObjPriv.getGrantInfo();
            HivePrivilege resPrivilege = new HivePrivilege(msGrantInfo.getPrivilege(), null);
            // result object
            HiveObjectRef msObjRef = msObjPriv.getHiveObject();
            if (!isSupportedObjectType(msObjRef.getObjectType())) {
                // ignore them
                continue;
            }
            HivePrivilegeObject resPrivObj = new HivePrivilegeObject(getPluginPrivilegeObjType(msObjRef.getObjectType()), msObjRef.getDbName(), msObjRef.getObjectName(), msObjRef.getPartValues(), msObjRef.getColumnName());
            // result grantor principal
            HivePrincipal grantorPrincipal = new HivePrincipal(msGrantInfo.getGrantor(), AuthorizationUtils.getHivePrincipalType(msGrantInfo.getGrantorType()));
            HivePrivilegeInfo resPrivInfo = new HivePrivilegeInfo(resPrincipal, resPrivilege, resPrivObj, grantorPrincipal, msGrantInfo.isGrantOption(), msGrantInfo.getCreateTime());
            resPrivInfos.add(resPrivInfo);
        }
        return resPrivInfos;
    } catch (Exception e) {
        throw SQLAuthorizationUtils.getPluginException("Error showing privileges", e);
    }
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject) IMetaStoreClient(org.apache.hadoop.hive.metastore.IMetaStoreClient) MetaException(org.apache.hadoop.hive.metastore.api.MetaException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) TException(org.apache.thrift.TException) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) PrincipalType(org.apache.hadoop.hive.metastore.api.PrincipalType)

Example 2 with HivePrivilege

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege in project hive by apache.

the class AuthorizationUtils method getPrivilegeInfos.

public static List<HivePrivilegeInfo> getPrivilegeInfos(List<HiveObjectPrivilege> privs) throws HiveException {
    List<HivePrivilegeInfo> hivePrivs = new ArrayList<HivePrivilegeInfo>();
    for (HiveObjectPrivilege priv : privs) {
        PrivilegeGrantInfo grantorInfo = priv.getGrantInfo();
        HiveObjectRef privObject = priv.getHiveObject();
        HivePrincipal hivePrincipal = getHivePrincipal(priv.getPrincipalName(), priv.getPrincipalType());
        HivePrincipal grantor = getHivePrincipal(grantorInfo.getGrantor(), grantorInfo.getGrantorType());
        HivePrivilegeObject object = getHiveObjectRef(privObject);
        HivePrivilege privilege = new HivePrivilege(grantorInfo.getPrivilege(), null);
        hivePrivs.add(new HivePrivilegeInfo(hivePrincipal, privilege, object, grantor, grantorInfo.isGrantOption(), grantorInfo.getCreateTime()));
    }
    return hivePrivs;
}
Also used : HivePrivilegeInfo(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) ArrayList(java.util.ArrayList) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 3 with HivePrivilege

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege in project hive by apache.

the class RevokePrivAuthUtils method authorizeAndGetRevokePrivileges.

public static List<HiveObjectPrivilege> authorizeAndGetRevokePrivileges(List<HivePrincipal> principals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, boolean grantOption, IMetaStoreClient mClient, String userName) throws HiveAuthzPluginException, HiveAccessControlException {
    List<HiveObjectPrivilege> matchingPrivs = new ArrayList<HiveObjectPrivilege>();
    StringBuilder errMsg = new StringBuilder();
    for (HivePrincipal principal : principals) {
        // get metastore/thrift privilege object for this principal and object, not looking at
        // privileges obtained indirectly via roles
        List<HiveObjectPrivilege> msObjPrivs;
        try {
            msObjPrivs = mClient.list_privileges(principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), SQLAuthorizationUtils.getThriftHiveObjectRef(hivePrivObject));
        } catch (MetaException e) {
            throw new HiveAuthzPluginException(e);
        } catch (TException e) {
            throw new HiveAuthzPluginException(e);
        }
        // the resulting privileges need to be filtered on privilege type and
        // username
        // create a Map to capture object privileges corresponding to privilege
        // type
        Map<String, HiveObjectPrivilege> priv2privObj = new HashMap<String, HiveObjectPrivilege>();
        for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
            PrivilegeGrantInfo grantInfo = msObjPriv.getGrantInfo();
            // check if the grantor matches current user
            if (grantInfo.getGrantor() != null && grantInfo.getGrantor().equals(userName) && grantInfo.getGrantorType() == PrincipalType.USER) {
                // add to the map
                priv2privObj.put(grantInfo.getPrivilege(), msObjPriv);
            }
        // else skip this one
        }
        // find the privileges that we are looking for
        for (HivePrivilege hivePrivilege : hivePrivileges) {
            HiveObjectPrivilege matchedPriv = priv2privObj.get(hivePrivilege.getName());
            if (matchedPriv != null) {
                matchingPrivs.add(matchedPriv);
            } else {
                errMsg.append("Cannot find privilege ").append(hivePrivilege).append(" for ").append(principal).append(" on ").append(hivePrivObject).append(" granted by ").append(userName).append(System.getProperty("line.separator"));
            }
        }
    }
    if (errMsg.length() != 0) {
        throw new HiveAccessControlException(errMsg.toString());
    }
    return matchingPrivs;
}
Also used : TException(org.apache.thrift.TException) HashMap(java.util.HashMap) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) ArrayList(java.util.ArrayList) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) HiveAccessControlException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) MetaException(org.apache.hadoop.hive.metastore.api.MetaException)

Example 4 with HivePrivilege

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege in project hive by apache.

the class DDLTask method grantOrRevokePrivileges.

private int grantOrRevokePrivileges(Hive db, List<PrincipalDesc> principals, List<PrivilegeDesc> privileges, PrivilegeObjectDesc privSubjectDesc, String grantor, PrincipalType grantorType, boolean grantOption, boolean isGrant) throws HiveException {
    HiveAuthorizer authorizer = getSessionAuthorizer(db);
    //Convert to object types used by the authorization plugin interface
    List<HivePrincipal> hivePrincipals = AuthorizationUtils.getHivePrincipals(principals, getAuthorizationTranslator(authorizer));
    List<HivePrivilege> hivePrivileges = AuthorizationUtils.getHivePrivileges(privileges, getAuthorizationTranslator(authorizer));
    HivePrivilegeObject hivePrivObject = getAuthorizationTranslator(authorizer).getHivePrivilegeObject(privSubjectDesc);
    HivePrincipal grantorPrincipal = new HivePrincipal(grantor, AuthorizationUtils.getHivePrincipalType(grantorType));
    if (isGrant) {
        authorizer.grantPrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption);
    } else {
        authorizer.revokePrivileges(hivePrincipals, hivePrivileges, hivePrivObject, grantorPrincipal, grantOption);
    }
    //no exception thrown, so looks good
    return 0;
}
Also used : HiveAuthorizer(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HivePrivilegeObject(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)

Example 5 with HivePrivilege

use of org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege in project hive by apache.

the class SQLAuthorizationUtils method getThriftPrivilegesBag.

/**
   * Create thrift privileges bag
   *
   * @param hivePrincipals
   * @param hivePrivileges
   * @param hivePrivObject
   * @param grantorPrincipal
   * @param grantOption
   * @return
   * @throws HiveAuthzPluginException
   */
static PrivilegeBag getThriftPrivilegesBag(List<HivePrincipal> hivePrincipals, List<HivePrivilege> hivePrivileges, HivePrivilegeObject hivePrivObject, HivePrincipal grantorPrincipal, boolean grantOption) throws HiveAuthzPluginException {
    HiveObjectRef privObj = getThriftHiveObjectRef(hivePrivObject);
    PrivilegeBag privBag = new PrivilegeBag();
    for (HivePrivilege privilege : hivePrivileges) {
        if (privilege.getColumns() != null && privilege.getColumns().size() > 0) {
            throw new HiveAuthzPluginException("Privileges on columns not supported currently" + " in sql standard authorization mode");
        }
        if (!SUPPORTED_PRIVS_SET.contains(privilege.getName().toUpperCase(Locale.US))) {
            throw new HiveAuthzPluginException("Privilege: " + privilege.getName() + " is not supported in sql standard authorization mode");
        }
        PrivilegeGrantInfo grantInfo = getThriftPrivilegeGrantInfo(privilege, grantorPrincipal, grantOption, 0);
        for (HivePrincipal principal : hivePrincipals) {
            HiveObjectPrivilege objPriv = new HiveObjectPrivilege(privObj, principal.getName(), AuthorizationUtils.getThriftPrincipalType(principal.getType()), grantInfo);
            privBag.addToPrivileges(objPriv);
        }
    }
    return privBag;
}
Also used : PrivilegeBag(org.apache.hadoop.hive.metastore.api.PrivilegeBag) HiveObjectPrivilege(org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege) PrivilegeGrantInfo(org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo) HivePrincipal(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal) HivePrivilege(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege) HiveObjectRef(org.apache.hadoop.hive.metastore.api.HiveObjectRef) HiveAuthzPluginException(org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)

Aggregations

HivePrincipal (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal)5 HivePrivilege (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege)5 HiveObjectPrivilege (org.apache.hadoop.hive.metastore.api.HiveObjectPrivilege)4 PrivilegeGrantInfo (org.apache.hadoop.hive.metastore.api.PrivilegeGrantInfo)4 ArrayList (java.util.ArrayList)3 HiveObjectRef (org.apache.hadoop.hive.metastore.api.HiveObjectRef)3 HiveAuthzPluginException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException)3 HivePrivilegeObject (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)3 MetaException (org.apache.hadoop.hive.metastore.api.MetaException)2 HiveAccessControlException (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException)2 HivePrivilegeInfo (org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeInfo)2 TException (org.apache.thrift.TException)2 HashMap (java.util.HashMap)1 IMetaStoreClient (org.apache.hadoop.hive.metastore.IMetaStoreClient)1 PrincipalType (org.apache.hadoop.hive.metastore.api.PrincipalType)1 PrivilegeBag (org.apache.hadoop.hive.metastore.api.PrivilegeBag)1 HiveAuthorizer (org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial